Require 'real' person input 2

[arst06d]

I have a guestbook on my website (

http://www.twarchers.co.uk)

and very often get targeted by adverts for porn/drugs/smokes etc. Until recently I allowed the ads to be instantly visible, and I vetted them daily - removing the dodgy ones. I have now changed it to hide the records by default, until I specifically OK them.

I am still getting crap entered in the database, though, so I want a method of ensuring that it is a real person, not a script, entering the data.

I have seen several sites where they use an image to display a code which the user has to enter correctly into a text box to ensure the entry is valid.

I know I could create a series of graphics and select one for display at random, but is there any way to create a graphic on the fly with a randomly generated alphanumeric code?

Thanks in advance.

 

[ggriffit]

you could use CAPTCHA (

http://www.google.com/search?hl=en&lr=&rls=GGLD,GGLD:2004-41,GGLD:en&q=captcha+asp)

 

[arst06d]

Excellent - that's just what I want. I'd never heard of CAPTCHA before, although I had seen it in action.
Here's the article I found useful and which I will be implementing:

http://www.eggheadcafe.com/articles/20040331.asp

Many thanks

David

 

[arst06d]

Following on, rather than redirecting them to another site eg Yahoo if they fail the CAPTCHA test, I'm gonna do a response.redirect back to their own IP address.

Can anyone see any problem with this?

Trying to access their IP from my browser I get a timeout, so theres obviously nothing there - but will this affect my own server?

Any suggestions as to what else I can do?

 

[damber]

Just remember that people make mistakes too - if a user types the wrong code, do you want to lose a potential customer/visitor by sending them away at the first hurdle ?

I would prefer to send the user to a friendly error page, explaining the error, and giving them the option to try again. Then allowing a maximum of 5 attempts before doing something else. Like referring them to your site policies page, where it clearly states that any bot activity is strictly prohibited and finally logging all the details of the User Agent and IP etc for later analysis and audit trail for legal action you may wish to take (contravention of the AUP of your site and attempts to circumnavigate security can be considered in the same light as a hacking attempt - though it depends on what country you are in as to what legal action you can take). If you want you can also send details to their ISP of their suspicious activity, which helps to flush out unwanted net users.

First of all, if a bot owner sees you have this technology, they are unlikely to try and auto-navigate your site.. they will try elsewhere first - it's easier.
Second, even if it does try, it will soon realise that it's not getting anyway fast, so the likelihood of it continuing to attempt access to a site that is 'blocked' is low - again it will try elsewhere.

A smile is worth a thousand kind words. So smile, it's easy!

 

[arst06d]

Thanks for the sensible advice.

David

 

[nk9100]

The Captcha software is ok, and it works, but the vector fonts on it are appauling, and blocked out users, I took it out in the end, client didnt like that it did that

Life is a journey that always ends up in the place