To get around the problem of our response form being spammed, I’ve added a simple security question and validated the answer using the Form Validation Suite action - see here www.dljassociates.co.uk/contactus.html
I know the parameters are right there in the source code for the validation, but would these give the spambots the information they need to answer the security question correctly?
I don’t know, it seems pretty easy to figure out, but I doubt that a machine would get it. A human, definitely.
You might want to change the question to be an image, and make sure that the alt text doesn’t read the same as the actual question. This will break it for visually handicapped persons, but if you are getting a lot of spam, you might want to make that choice.
I was assuming that the spam was coming from a machine but we’ll have to wait and see!
Part of the problem is that we’ve also being getting spam from a form on a client’s site that must be accessible to people with a visual impairment, so I’ve been trying to avoid using an image of the question or CAPTCHA as I’d also need to provide an audio file of the question as an alternative.
Never used sound files on a site before - time to get my hands dirty!
You might want to use a service, like ReCaptcha. All this gets handled for you – the sound, the squiggly images, everything – and all you do is put a lump of JavaScript in your page.
Although “and all you do is put a lump of JavaScript in your page” did make me tremble - I’m still firmly of the belief that JavaScript is witchcraft.
It’s not that complex. You go to their site, sign up, and they give you the following line of code (lump was overstating it, I didn’t actually look before I wrote from memory):
That’s literally it. Now that key is only valid from my hostname, but when you sign up (for free) you can create your own key which will work on the domain you enter.
They do all the hard stuff, including the layout and working the audio angle for those who need it. And besides, you are helping old books get converted to text, which is one of my favorite ideas.
Grrrr. That’s what I get for talking about something I haven’t
implemented in a while. There’s a whole PHP layer that checks the
captcha response. You’re going to need to implement a PHP library
called recaptchalib.php, and call to it in your form handler thusly:
if (isset($_POST["recaptcha_response_field"])) {
$resp = recaptcha_check_answer($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
//echo "You got it!";
} else {
# set the error code so that we can display it
$error = $resp->error;
$comment->add_error('captcha',
'You didn’t appear to be human.
Please try again.');
}
}
This would be something that Tim could add to the Action as an
option, or I could take a whack at it after I’ve put out the day’s
fires.
Sadly, tinkering with the form handller and PHP in general is way out of my comfort zone to say the least!
Would it be learnable (for someone who doesn’t really know what PHP actually is!) or do you think, fingers crossed, you or Tim would have time to modify the action?
I don’t have the source code to the Action here. I wrote to TIm to ask if I could take a shot at it, but I haven’t heard back from him yet. My guess is that he is busy, but that’s just a guess.
It would be a fairly straightforward thing to add, as far as the PHP goes, but whether it would make sense in the Action UI is another matter. Adding a feature means adding controls to disable/configure it, so that makes for more complexity in an already complex script.
Hi Walter,
Oh dear! I sent you a quite long and drawn out e-mail on Friday with the action
attached but obviously you didn’t get it. I assumed you’d fallen asleep half
way through my ramblings!
I’ll dig the mail out and send it again.
This is the second time in the last week that people on this list have failed to
get my mails for some reason. Odd.
Regards,
Tim.
I don’t have the source code to the Action here. I wrote to TIm to ask if I
could take a shot at it, but I haven’t heard back from him yet. My guess is
that he is busy, but that’s just a guess.
It would be a fairly straightforward thing to add, as far as the PHP goes,
but whether it would make sense in the Action UI is another matter. Adding a
feature means adding controls to disable/configure it, so that makes for more
complexity in an already complex script.