Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Stop comment spam with bbAntiSpam  (Read 3205 times)

0 Members and 1 Guest are viewing this topic.

olpa

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
    • OSS dev blog
Stop comment spam with bbAntiSpam
« on: July 24, 2007, 07:27:29 am »

Hello,

recently it was asked if a textual captcha exists for Coppermine. I don't know the answer, but if it is "no", I'd like to recommend my tool:

Advanced Textual Confirmation is an universal antispam for forums, blogs, contact forms, and others. It is a smart textual CAPTCHA, which challenges site visitors only once, and then disappears. To install, no database required, no graphical libraries required, just insert one line into your script.

There are pointers for tool-specific ATC installation. ATC for Coppermine can be installed by analogue. I think the file to edit is "include/init.inc.php".

It'd be nice if someone try this protection and report results. I think it should stop comment spam.

By the way, why textual captcha? According to the phpBB experience, after trying a lot of approaches, the best method to stop spam is a challenge-response protection.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Stop comment spam with bbAntiSpam
« Reply #1 on: July 24, 2007, 09:57:56 am »

Nice idea - can't go into the core though (as yours is a commercial app that doesn't come under GNU GPL). I used to toy with another approach (as graphical captchas will be a feature in future coppermine versions for those who have the needed libraries): I considered large, ASCII-driven letters (ASCII-Art) instead of images (see the examples at http://en.wikipedia.org/wiki/ASCII_art or http://mark-proksch.de/ascii/fonts.html).
However, I'm afraid that if a mainstream product (like phpbb or coppermine) will be adding simple textual captchas, the spammers will adopt to that technique pretty fast, so your approach will only work if only a small number of pages will be using your technique.
Logged

olpa

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
    • OSS dev blog
Re: Stop comment spam with bbAntiSpam
« Reply #2 on: July 25, 2007, 04:39:20 am »

Quote
I used to toy with another approach (as graphical captchas will be a feature in future coppermine versions for those who have the needed libraries): I considered large, ASCII-driven letters (ASCII-Art) instead of images
I like the idea of using ASCII-driven art as captcha. But I can't estimate how good is it.

Quote
However, I'm afraid that if a mainstream product (like phpbb or coppermine) will be adding simple textual captchas, the spammers will adopt to that technique pretty fast, so your approach will only work if only a small number of pages will be using your technique.
I disagree here. Quite opposite, more people install textual captcha, more effective is the protection. Here is what I wrote about my tool (for the general case, substitute "Advanced Textual Confirmation" by "textual captcha"):
Quote
The main idea is to stop spam at its roots, making spam economically unprofitable.

Sending spam is very cheap because spam is delivered by automatic programs (bots). Fortunately, the bots have no intellect and can't send spam when something unusual is happened.

A question from Advanced Textual Confirmation (ATC) is a big surpise for most bots. Even a simple question like “are you human” stops the spam.

Unfortunately, when ATC becomes very popular, the industry-leading spammers will adapt to it. Fortunately, the main idea will survive.

To pass ATC, spammers will have to collect a database of questions and answers. This work requires a human. Even if spammers pay as low as 1 cent per forum, 100,000 forums will cost them $1,000. And database maintenence is even more costly.

So, for spammer it is much more profitable to skip the sites protected by ATC. It will be cheaper and easier to spam an unprotected one.
Logged
Pages: [1]   Go Up
 

Page created in 0.015 seconds with 22 queries.