I use Tectite.com forms on my website, and they have a great anti-spam process in the form of REVERSE CAPTCHA.

This seems to work 100%. I have been running it for over 5 years, and no spam at all.

See here: http://www.tectite.com/fmdoc/attack_detection_reverse_captcha.php

My question is how can I use this in MiniBB (being that my coding skills are HTML and CSS, not PHP)?
It looks to me (with my poor coding skills) that this would be a great way to reduce spam without using a normal human CAPTCHA - I just don't like them... personal view.

Any ideas/thoughts?

As you know, we provide custom solutions for $25/hr. Investigating how it works may take up to 4 hours. $100 in total for this.

But honestly, I didn't understand what this solution is about.

They obviously force you to provide some extra fields on the form.
Obviously, values of these fields are passed to the script in a clear way. One of them is obviously generated in the JavaScript.
Everything which is submitted from the form, can be submitted by an automated program. Even JS values.

The only thing to avoid automated program know what is passed, is to show the value on the generated picture. The sense of Captcha is here. Automated program mostly can't read what's shown on the picture, because this data is not the part of the form. Therefore it can't fake to submit this data.

I would say, any other solution which passes data via POST can be broken.

We have an unbreakable and proved one for $6. It's a matter of your taste.

Hi Paul,

The extra fields are hidden, so users see nothing additional.

One field is blank, the other pre-filled.
But when read by a bot it sees both as a valid fields to be filled in, so fills them in.
I have the blank field set as an obvious 'type' - Zip (post code), so a bot will attempt to fill in a zip code.
The other is set to 'City' but with the words 'Type Here' pre-filled.
A bot will overwrite the field with a city name, so changing it from 'Type Here'.

Either fields being filled-in/changed cause the form to be seen as being filled in by a bot, so is rejected.

As users can't see the fields they never alter them.

Works very, very well!

Cost is not an issue - but I really don't like normal CAPTCHAs, if that's what you mean by a $6 unbreakable one?

Oh - I should say I was looking at this for user registration, not message posting!

I'm still not sure how it works.

You don't have to rate it from the bot point. I'm not sure why the bot should pre-fill some fields or analyze the form. It should just submit what is required on the other end.

So this script - what does it require on the other end? What data should be passed to get it as the valid input?

Difficult for me to answer this, as my coding knowledge is not good enough. But...

I have this in my forms:

<div style="display:none;visibility:hidden;">
<input name="city" type="text" value="type here">
<input name="zip" type="text" value="">
</div>

When the form is submitted if there are any changes in the 'user value fields' the form is rejected.
Real users can't change the value fields as they can't see them.
Bots change them...

Make better sense?

So if I would be a bot, and if I wouldn't change these fields - the form would pass, correct?

Yep, but in the various forms that use this method, the field names are not consistent, so it impossible to tell a bot which fields to not change.
The examples I gave is just from one form - other forms use different 'names' to identify the fields.

Keeps it random ;o)

Why wouldn't the bot just ignore any field that is hidden? It doesn't need to know the name of the fields that will be hidden it just needs to look at the page source.

The bot itself doesn't do anything. The programmer who codes the bot, does.
And any programmer can pass or substitute any hidden field's value.
It's a lame approach to try to achieve something secure with hidden fields, which can be easily faked.

Paul
You hide the field with CSS. There's no way for the bot to know which fields are hidden.

For the bot - no.
For the hacker - lots of ways.

I don't think this system will prove to be satisfactory.