tom322
Sorry, I didn't get your idea...

I mean, that if robot fills out the 'website' field then its input should be checked against a random string. For example, when robot enters:

Biospam .net

in the 'website' field then it is obviously different than the random string generated by: md5(uniqid()) function and then script also should die. I guess robot can 'learn' not to fill out the 'website' field at all and it could be an extra protection.

I think it's similar to the empty string. I.e. it doesn't matter, if we check for an empty string, or some random value. In any way the script should compare something to something. Also, with the random string it's more difficult implementation, because then this string should be generated upon the registration form is loaded, and kept in a session for possibility to compare it with the value provided on the form. If we go into the sessions question, then Captcha exactly works that way, and that would mean re-inventing the wheel...

In general, I don't see much sense to compare with the value embedded into the form. It could be easily read/submitted by a robot with no way to recognize it.

Yes, that's why I couldn't get it because I didn't get the string upon form loading.. :} Well, there are different methods too but it would require a new approach to captcha.

First feedback - three days and no spam registrations at all, but a number of valid ones...

All seems to working as hoped so far!

;-)

It's good to know it. But I must say, you have a very unusual implementation of anti-spam behavior :) it wouldn't work for those wanting to keep Website field alive. BTW, in often cases, this helps forum to collect more members wanting to provide useful replies instead of promoting of their website.

Anyway, if that worked for you, that's excellent :)

As is done with the 'Tectite' implementation, dummy fields can be used, leaving all the necessary fields there for 'real human' use.

Tectite have two hidden fields - one blank field that auto spammers will fill-in, and another that is pre-filled with data that must not be changed - obviously auto spam programs change that too...

If either of the above happens the registration is spam...

If I could code better I would do this with the Minibb forum, as I would like to have 'website' valid for real users, but stopping the spam is better :-)

IMHO this is very weird approach. May be it's only for "dummy" programs (which ones?..) working that way.
Actually, knowing how these field work, any script could be adjusted to provide the proper information there is required.
I.e. it's possible to adjust the script to not fill the field A and leave the field B as it is.

I think there is nothing difficult to provide the similar approach in miniBB. To the registration form, and to the message form it has, you may also add two random hidden fields (modifying templates). They could be even completely random, f.e. each day they would have different names (this could be a bit of tricky code, but still possible). Then in bb_plugins.php, there could be a very easy code, similar to what I provided above, which verifies these fields and stops the script, if something is wrong with them.

If it's difficult for you to code this out, I could put this task under my tasks lists and get back to it as soon as I have time. I could provide such kind of solution, but with no including it to the default core. That would be ideal, because being a coder with some annual experience, I honestly doubt on this method... but if it would work for somebody incl. you, why not.

Keep on :)

All I can say is, it is working so far, and we have never had any Spam at all with the Tectite forms... not one in 5 years!

I'll keep you informed of what happens with the Minibb forum registrations.

;-)

I may be wrong in over-thinking the simple, this is also true :)

I understand the blank field is not visible to humans, ie it's like:

<input type="text" style="display:none" id="some" placeholder="Leave it blank if you are a human!" />

correct?

What about the second field, what condition do you use to check if it was not changed? Is it like:

<input type="text" style="display:none" id="some2" placeholder="Do not change that" value="ValueDoNotChange" />

?

A week now, and no spam registration at all, but a number of 'real' ones!
All working perfectly.
I've even turned off the new user first post pre-moderation as it is working so well.

@tom322 - best to look at the Tectite Form information on their website info pages.

2 weeks and zero spam - looking good!!!

;o)

Do you use the same value in the 'some2' field or randomize it somehow?

I am just using the 'website' field - my coding skills are crap!!!