Image vertification and guestbook

allyse

Hi.

We got a demo of a guestbook running. The main problem is that the spam bots have targeted the script (of a weird reason). We got an image vertification, but it seams to not work. I've tryed to make the image more and more hard to read, and now noone can read it (As it is now was just an test to see if the spambot could read the image).

Link to the script: http://demo.ascdevel.com/aguestbook/index.php?a=new

The vertification "code" is sent in a session string where the script compares the string given by the user and the script. I dont know if its at this string the bot figure out the code, or gets through?

Anyone who know where the problem might be?

-aleks

MarkR

Spambots do not generally even try to read images.

The only case of spambots reading images is in a software which is installed in 10,000 sites or above. This is because writing a spambot to read images is exceptionally difficult, therefore the spam-coders will only bother if they can use it to spam a very large number of sites.

Make sure that your logic is correct and that the captcha value doesn't appear anywhere in the page (you will need a way to store the correct captcha value to compare it- maybe you will have to put this in the database with a random ID which you give to the user in a hidden field, or a session variable).

The logic needs to refuse the post if the captcha is invalid.

Mark