[pmwiki-users] Pondering adding comment ability to wiki pages, and thoughts on spam prevention
Patrick R. Michaud
pmichaud at pobox.com
Wed Mar 21 10:03:58 CDT 2012
On Wed, Mar 21, 2012 at 06:01:48PM +1300, John Rankin wrote:
>
> Have you investigated the option of a "honey trap"? That is, a field
> within a <div> with a class for display:none, so a human doesn't see it.
> The theory being that if the field is filled in, it must be a spambot, so
> reject the comment.
pmwiki.org has used a couple of honeypots for a while, and it works
fairly well. On the Site.EditForm, we have
(:input hidden code1 6472:)
%comment%Enter code: (:input text code2:)
Then in local.php, something like:
if ($action == 'edit' && preg_grep('/^post/', array_keys(@$_POST)) {
if (@$_REQUEST['code1']!='6472' || @$_REQUEST['code2'] > '') {
$EnablePost = 0;
$IsBlocked = 1;
}
}
The 'code1' hidden input control verifies that hidden input controls
are being filled in and not modified by the submitter. The 'code2'
input control is the honeypot; although it's in the HTML output it
doesn't display in the browser (because of %comment%). If code2 comes
back filled in with a value, it's probably a robot of some sort.
> It would be interesting to know how well this works in
> practice, because it is simple to implement (a field, a css class and an
> if statement) and adds no burden to human commenters. No password or
> captcha is required.
When I added this to pmwiki.org (several years ago), I did some logging
to see how effective it was -- it did manage to trap quite a lot of
spam submissions. However, it's not a total solution, as evidenced by
the fact that spam still manages to get past it onto pmwiki.org.
Pm
More information about the pmwiki-users
mailing list