PM Spam Bot, GooDFriend Options

[Pickysaurus]

I found this

CODE

.nosee { display:none; }

<p class="nosee">
   <label for="email">Ihre eMail wird nicht abgefragt, tragen Sie auch hier bitte NICHTS ein:</label>
   <input id="email" name="email" size="60" value="" />
</p>

<?php
   if(isset($_POST['email']) && $_POST['email']) {
     # nicht eintragen, sondern Mitteilung über Spamverdacht
   }
?>

this only works if hide in css

source (German)

What does the code do? (I don't speak german)

[Wi-Ta]

You have a hidden form that ask for mail address.
The normal user will not see this but the bot will fill in (as far as i did understood).

[Shiro]

That would be handy, maybe, but what if the bot can decode/read it?

[beefJeRKy]

How much security do you want? I think image-based CAPTCHA will thwart most of the bots. Those that DO get through can be disposed of easily anyway.

[wb21]

Sounds good, but like a text captcha, it can be decoded by bots by recognition, although it may be hard for them. Through the use of audio support to help the user read the words in the captcha (e.g. uppercase: A; lowercase d; space; uppercase F...), could it be used by bots to exploit it and use it to their advantage?

[Alias]

I think Wi-ta's form is the best thus far, as it completely discriminates between a bot and the user so there is practically no chance for an authentic user to be denied, even though some bots may still come through.

This post has been edited by Alias: 27 Jan 2010, 4:39

[Raven]

My question is do these bots target the SWR site deliberately or is it just a small part of a larger attack against forums using the specific forum software? If it is specific case questionnaire is not a good solution....but if it is not, then the questionnaire might be a good idea. Wi-Ta's suggestion is also good IMO.

[Pickysaurus]

I don't think there's anything personal against SWR - just some bastards that think they gain something by filling the internet forums with spam

[wb21]

Or they feel good and find it fun, like "Boom! Hahaha, you've been rickrolled, sucka'!" when they're wreaking havoc.
If possible and practical, why not use both security features?