Posted by Klaus Brune on 09/20/06 19:47

I've always thought that the whole use of graphics images could be
avoided completely, and even keep text-readers for the blind happy, with
something like this...

Have a database of common questions and answers, and even allow
registered users to submit more questions, so it's a never-ending battle
for the spammer to try to predict ALL the questions, as loyal site
visitors contribute to the battle against spam.

Q: What type of plant is commonly found in a forest?
A: tree

Q: What is the sum of two plus three?
A: five

Q: What is the color of the sky?
A: blue

Q: What type of animal loves to chase cats and cars?
A: dog

You get the idea. Though I like the CSS route too. Very creative.

-GC


In article <1158712064.952149.317310@k70g2000cwa.googlegroups.com>,
Sandy.Pittendrigh@gmail.com says...
> Let's say we're trying to keep blog and forum spammers out
> of our site--we're not trying to protect fort knox.
>
> 1) Step one is a one-time-only step.
> We create six different css files that define the
> same six color names differently, but each such
> css file assigns red to one and only
> one of those same six color names, and then store
> the six somewhere in the document_root.
>
> 2) We make a dynamically generated GET page that mods a random number
> to
> between 1 and 6 and sets that number as session variable.
> That number will tell us in a later POST which of the six
> css files to use when we generate a dynamic POST page.
>
> We also randomly create 6 digits between 1 - 256 and concatenate
> them
> into a comma delimeted string. We set that string
> as a session variable.
>
> 3) In the post we generate a page that specifies one
> of the six css files in its header, according the value
> of first session variable. Because we have that session
> variable, and because we know which of the six different
> css schemes we are now using, we know which css attribute
> in the current scheme means red. We don't care about the other
> colors.
>
> 4) Now we generate 256 random digits (between 1 - 256) into an array.
> We loop through the array and concatenate a <b class="xx">$digit</b>
> onto a string. Foreachsuch <b> tag we randomly choose one of
> the css colors known not to red, except for the N array index digits
>
> we get from the exploded comma-delimeted session var #2.
> We set those <b class="yy"> tags to the color known (only to us)
> to be red.
>
> 5) Now we echo the string of <b> tags. Six out of the
> 256 randomly generated digits will be red, all the others
> some undetermined color. But we know which ones are
> red.
>
> 6) Now we do another post, asking the user to tell us which
> of the 256 digits are red.
>
> 7) if the post variable matches the session stuff, we proceed,
> else we tell the client computer to chop the fingers off
> the spammer's hands and smoke the seat of his pants.
>

[Back to original message]