PDA

View Full Version : Ext.ux.form.BotField - form robot deterrent



mjlecomte
16 Jul 2008, 7:38 AM
Ext.ux.form.BotField adds a field type which generates a mathematical challenge question to subvert robot/spam abuse for your forms.

Why use it?
See discussion here (http://extjs.com/forum/showthread.php?p=61794#post61794), other options might be captcha or using a <canvas> tag (http://developer.mozilla.org/en/docs/HTML:Canvas). This adds an additonal level to deter robots, it's not full proof protection, nothing is.

Features:

Form field with inbuilt functionality to subvert Robot / Spam abuse.
A configurable mathematical equation to validate the field.
Equation may be of varying form and/or complexity.
Randomly generated equations for
specified operation types (addition, multiplation, subtraction) and
configurable solution presentation (linear form of 5+3=?, reverse form of 5+?=8, or either of these randomly chosen).
Configurable options for how to display the challenge question in the form field.
The validation message (equation) will display as a validation error.
The code is fairly well commented similar to ext standards.
Example usage included (will submit to included php file).


Demo: here (http://extjs-ux.org/repo/authors/mjlecomte/trunk/Ext/ux/form/examples/registration.html)

Installation:

Just drop it in your local directory and run (plug and play):

Download the source from svn (http://extjs-ux.org/repo/authors/mjlecomte/trunk/Ext/ux/form/).
Extract it to your local examples/forms directory so you'll have examples/forms/registration.
Hit your webserver at ../examples/forms/registration/registration.html

greyknght1
16 Jul 2008, 11:01 AM
Good job! I like the idea. With the catchpa going the way of the dodo, this might be something to expand further.:D

JorisA
16 Jul 2008, 11:13 PM
Isn't it like supa-easy for a computer to solve this equasion?

mjlecomte
17 Jul 2008, 2:27 AM
Isn't it like supa-easy for a computer to solve this equasion?

Not sure. Please note that I only say deter, not eliminate, nothing is "secure", just more or less secure.

There was this original forum discussion (http://extjs.com/forum/showthread.php?p=61794#post61794) and there's this more general discussion (http://www.ardamis.com/2007/07/12/defeating-contact-form-spam/). Since this thread is in the extensions forum, maybe opinions about the "topic" should go in this thread (http://extjs.com/forum/showthread.php?p=61794#post61794).

I'm quite open to hearing thoughts on the topic. From the general discussion (http://www.ardamis.com/2007/07/12/defeating-contact-form-spam/) he mentions bots checking the html, which actually the entire form is not in. The bots would have to check the js file. I wonder if a 'fake form' should be posted in the html page (perhaps with display: hidden) as a further measure to confuse the spammer.

One more discussion here (http://www.softswot.com/hiiscript.php).

Ext.ux.form.BotField could be used to further obscure the equation by transforming the operators, instead of saying "+" it could say "plus". But if the spammer gets that far it probably wouldn't slow them down that much.

mystix
17 Jul 2008, 6:31 AM
i shudder at the thought of spammers / script kiddies writing code to solve equations to perpetuate spam... :(

that said, you could probably make it more secure by using image-based operators (i.e. images for + / - *).
heck, we could even throw in parentheses to make it more fun.