What is a good invisible captcha? My site requires JavaScript so anything which requires that is fine.
+2
A:
I've used the technique of a Display:None text box, and rejecting any submission that fills it in and had pretty good luck with that.
Aric TenEyck
2009-06-09 20:48:48
The "honeypot" method. Won't work on a high profile site like YouTube, Twitter, etc, but has worked very effectively for me.
mgroves
2009-06-09 20:50:34
+3
A:
Here's a simple math captcha by Phil Haack. It even works with javascript disabled.
In his own words:
The way it works is that it renders some javascript to perform a really simple calculation and write the answer into a hidden text field using javascript. When the user submits the form, we take the submitted value from the hidden form field, combine it with a secret salt value, and then hash the whole thing together. We then compare this value with the hash of the expected answer, which is stored in a hidden form field base64 encoded. If javascript is disabled, then we render out the question as text alongside a visible text field, thus giving users reading your site via non-javascript browsers a chance to comment.
Mauricio Scheffer
2009-06-09 20:51:26
I almost complained that math is not invisible enough but that solution is clever :D
acidzombie24
2009-06-09 21:01:33
+1
A:
Read the answer here:
And this question is not System admin related. The better place to ask would have been stackoverflow.com
Richard West
2009-06-09 21:06:10
+19
A:
Add a new input field, label it "Please leave blank", hide it using CSS, and ignore the post if that field is filled in. Something like this:
<style type='text/css'>
#other_email_label, #other_email {
display: none;
}
</style>
...
<form action='mail'>
<label id='other_email_label' for='other_email'>Please leave blank:</label>
<input type='text' name='other_email' id='other_email'>
...
</form>
So a human being won't see that field (unless they have CSS turned off, in which case they'll see the label and leave it blank) but a spam robot will fill it in. Any post with that field populated must be from a spam robot.
RichieHindle
2009-06-09 21:13:36
This seems nice, but it won't work if your site is specifically targeted - i.e. manually, somebody wants to inspect your form to fill your site with garbage. By looking at your HTML code they will realize they need to leave that field blank, so when creating the robot they take that into consideration and they are done. This only works for 100% automated spiders, looking to spam sites with links to others, but not if your site is the specific target for an attack.
Seb
2009-08-15 16:55:55
Nice idea, but as a matter of curiosity, why would anybody browse with CSS turned off?
Don
2009-10-09 14:04:30
@Don: One reason would be that they're using (or simulating the use of) a text-only browser or a screen reader.
RichieHindle
2009-10-09 15:00:16
A:
If you mean - use captcha that a human can't see as a human validation test - i think it's impossible.
This way a robot ignoring the captcha will pass for a real person! Seems like a trap for a naive spam robot.
If you want your captcha-protected site to work with clients that have no javascript - then you should hardcode it into html.
Also, if you can reliably identify trusted users (either by judgment call or by detecting some usage pattern) - you can let them post to your site without captcha.
Evgeny
2009-06-09 21:32:54