Skip to main content

Timeline for Practical non-image based CAPTCHA approaches?

Current License: CC BY-SA 3.0

21 events
when toggle format what by license comment
Dec 5, 2012 at 13:06 comment added Mark Price I have filled out forms, pressed "Submit" only to find I have typed in mismatching email address or something similar, But this new page has removed my email address (and sometimes all information) from the form, I then pressed the back button to go back to just before i pressed submit with all my information in, corrected my mistake (usually missed a dot out of .co.uk) then submit, so AntiSpam would be very low and I would be marked as a bot.
Oct 28, 2011 at 5:46 history edited Kevin Ji CC BY-SA 3.0
force syntaxhighlight
Sep 16, 2011 at 16:10 comment added Adrian McCarthy -1: Question specifically asked for a fallback for when JavaScript is disabled.
Nov 6, 2010 at 18:33 comment added Chris S Take a look at Watin, you could write a C# unit test to work your way around it very easily with that
Jul 16, 2010 at 12:05 comment added GateKiller @user257493: Your right, but this type of Captcha is only designed to stop casual bots and not focused attacks.
Jul 14, 2010 at 13:53 comment added Incognito I would just like to point out that if I were to write a spambot, I wouldn't be loading the entry-form, I would be submitting to the POST submission page.
Apr 19, 2010 at 16:08 history edited Peter Mortensen CC BY-SA 2.5
Minor edit: grammar/spelling/case/punctuation/etc. Removed cruft - see http://meta.stackoverflow.com/questions/30142/how-to-correct-trivial-mistakes-in-answers/30146#30146
Jul 9, 2009 at 6:14 comment added McPherrinM An approach such as this is easily circumvented by a custom bot that understands how to correctly submit the mangled form. Stack Overflow receives enough traffic that this would be worthwhile for a spammer to write.
Jul 6, 2009 at 14:07 comment added pbreitenbach I think it's better to start with easy-to-bypass tests to see if they are adequate.
Mar 5, 2009 at 9:21 comment added GateKiller To all who have pointed out that bots could get past... This I know as I pointed out in the answer. It's a very simple method to stop your average bot and bored users. I am currently using it on my blog and so far, it has been 100% successful.
Mar 5, 2009 at 5:31 comment added Jonathan Parker @GateKiller: Iny is saying that a spam bot could delay their response. I.e. cache the page for a few seconds and then submit the postback later (meanwhile trawling other sites and caching those pages).
Feb 7, 2009 at 22:41 comment added Tim Scott Here's a twist on this that I use. Make the hidden value an encrypted time set to now. Upon post back, verify that between 10 seconds and 10 minutes has elapsed. This foils tricksters who would try to plug in some always-valid value.
Feb 7, 2009 at 16:59 comment added iny The spammer could use some very old page load too.
Jan 8, 2009 at 14:24 vote accept Jeff Atwood
Oct 1, 2008 at 1:44 history edited MusiGenesis CC BY-SA 2.5
grammer, clarity
Sep 22, 2008 at 23:56 history edited GateKiller CC BY-SA 2.5
added 527 characters in body
Sep 20, 2008 at 17:44 comment added AviD Very obviously bypassable, if a malicious user bothers to look at it. While I'm sure you're aware of this, I guess you're assuming that they won't bother... Well, if it's not a site of any value, then you're right and they wont bother - but if it is, then they will, and get around it easy enough...
Sep 9, 2008 at 16:48 comment added Clay Nichols VERSION THAT WORKS WITHOUT JAVASCRIPT How about if you did this with ASP, etc. and had a timestamp for when the form page was loaded and then compared that to the time when the form was submitted. If ElapsedTime<10 sec then it's likely spam.
Sep 2, 2008 at 15:24 history edited GateKiller CC BY-SA 2.5
Added my updated function
Aug 29, 2008 at 17:00 history edited GateKiller CC BY-SA 2.5
Shameless linking to more detail on my blog.
Aug 12, 2008 at 9:34 history answered GateKiller CC BY-SA 2.5
toggle format