Thoughts on spam.

There are a lot of posts on here about spam. There are several mods in the market to help alleviate the problem and all of them, especially Deanos, are well thought out and do get the job done for the most part but is all this extra stuff the right path to manage spam?

I started thinking about this when I tried to join a developers site and because I left a field blank, I was summarily blocked. Made me not want to try again...... (although I kinda had too because I use his products). If I were a new member signing up to check out a new site, I would have just left and went elsewhere.

How do you manage spam? I think the word 'spam' is a bit of a misnomer. Have you fallen into the trap of calling everyone a spammer until they prove otherwise? I think it ought to be the other way around. I think everyone should be considered a new user until they are proven to be a spammer.

I think that's the key. Is your site open to the net or is it a site that doesn't want anyone new except for a few very special people?

When I put my site online, I was immediately assaulted with spam and so started a long progression of trial and error. I started with captcha, that sucked ass so I then started adding 'protections'. I even blocked domains using the htaccess file, tried blocking lists of IP's and even blocking whole countries IP indexes. I mean it got ridiculous. I had a whole text file on my desktop that was filled with nothing but all the different snippets of script, instructions on what files I was hacking and changing and in the end, it was just too much.

I finally dumped it all for one simple fix. That fix has resulted in a near zero spam rate and it had one other very important benefit. It didn't increase my click thru's, in other words, it didn't piss people off because they couldn't read the captcha code or their country was blocked or they happened to use a domain that was blocked in their email address because it had a few spammers working from the same server, etc etc.

The human question.

Since I have employed this method, I have been astounded by how well it works. Captcha sucks because it's hard to read and everyone usually screws it up the first time and it has also been cracked by the more professional spammer/hackers. All the other nonsense is so far away from providing any real protection, it's just not worth it (blocking by country, IP, etc). The human question also has its flaws but overall I have found it to be the single best fix. It also has the advantage of being easy to implement by new users joining the site.

The question is the important part. If you ask the question 'whats 2+2?', I think an enterprising individual could create a script to answer that. Also, if someone wants to manually spam you, going through and doing one first, then creating a script to hammer it is entirely possible but I think I have a fix for that.

In mine, I ask the question, then give the answer in the tooltip. 'What's this site about?' (towing). The question would be really hard for an Autobot to answer because it doesn't give any hints to the actual answer like a math question does. Now to make the entire thing perfect, all that's needed is to randomize the question and the answer each time the page loads.....

Anyone want to take a crack at creating a human question randomizer? :-)

There is already one on the market.  The only thing I have found is that it seems to need to be on the last page of the join form.  I contacted the developer about that bit.  Let me go find it and I will come back and update my answer.

http://www.boonex.com/m/logical-captcha from AndrewP.  As I said, it appears to have a problem when not on the last page of a multi-page form.  I would prefer to be able to put it on each page of a multi-page form.

Not me.

Boonex already ran over my foot with a steam roller when they improved their filters in dolphin 7.1.4. I obviously am not going to do something that may kill my sales more than they already are.

I developed my filters because i had a specific need to keep my site as open as possible. Not blocking entire countries and not requiring the use of human questions or captchas. I ran into a site the other day that employed a technique i absolutely hated. Forced to watch a ad to get a keyword from it to be used as a answer to a question. I don't like having to jump through hoops when i signup on a site.

Now, your method is good. Not to knock it, but it has a flaw as well. I did the same thing. I had the answer in the tool tip. I even provided it in the error message when the wrong answer is provided.

But the flaw is two fold. 1) Requires the member joining comprehends the language you wrote it in enough to understand it when they read it, and 2) Requires someone smart enough to hover over it to see the tooltip.

Oh wait. #3. Requires that they can actually read. LOL. Had to throw that one in. Which is pointless anyway because if they can't read then what are they there for anyway. Unless it's a porn site.

Anyhow. I wanted to keep the join form as simple as possible.