Grow your CSS skills. Land your dream job.

Avoid the “are you human?” field

  • # July 11, 2013 at 9:57 am

    Hi,
    I just came back from a workshop where there was this guy who showed a webpage with a form on it. At the bottom of said form there was the usuale “Prove you’re human by adding 3 and 4″.

    I started thinking, is there really not a better way to avoid bots and spam? So I thought it would be an interesting topic to discuss.
    I thought a solution would be to detect mouse click (also works on touch devices) or mousemove events on the document, to see if the user really has a pointing device (I don’t think bots have a mouse).

    For those who don’t have javascript enabled we could just add a noscript tag and prompt them with the usuale “add 2 and 3″ question.

    I’m not facing this issue right now, I just want to hear what the community thinks.

    Jonas

    # July 11, 2013 at 10:02 am

    At the end of it all, you are still requiring some user interaction aren’t you?

    Whether it be “add 3+4″ or “click here” is irrelevant.

    I confess that JS is not my area of expertise but if you are going to enable the “Add” option for ‘no-js’ then it might as well be there for the ‘has-js’ side too…No?

    # July 11, 2013 at 10:11 am

    Something some plug-ins use is basically the reverse. There is a hidden captcha without information filled in. If the information DOES get populated, you know it was a bot..perhaps this would work for you?

    # July 11, 2013 at 10:23 am

    @Justin That would be a solution

    @Paulie I wasn’t saying to add a “click here” button, but rather a hidden listener that listens for clicks or mouse movements. something like

    $(‘document’).on(‘click’, function() {
    isHuman = true;
    });

    and then you submit the form only if isHuman is true. I hope this makes sense

    # July 11, 2013 at 10:28 am

    What…any click/touch anywhere?

    I suppose that would work but I fall back to my question regarding the ‘no-js’ option.

    If you’re going to put that in anyway then you might as well use it for both ‘no-js’ and ‘has-js’.

    # July 11, 2013 at 10:34 am

    No, because that would force the user to fill in the field. What I’m trying to achieve is to find a way of detecting humans sitting in front of the computer without them noticing.

    # July 11, 2013 at 10:36 am

    > Something some plug-ins use is basically the reverse. There is a hidden captcha without information filled in. If the information DOES get populated, you know it was a bot..perhaps this would work for you?

    This is called a honey pot and it’s just what I came here to say :P

    # July 11, 2013 at 10:50 am

    >What I’m trying to achieve is to find a way of detecting humans sitting in front of the computer without them noticing.

    Yes, I get that but my point is that **if** you are going to do something for the no-js side of things then it’s only logical to use the same for the ‘has-js’ side.

    I suppose you could bypass that form field if js is enabled, using your method, though.

    # July 15, 2013 at 11:16 am

    Capatcha and reCapatcha are currently the web standards in avoiding bots, however over time the text you need to type out has become almost illegible, and it’s getting pretty ridiculous, I agree that it would be great to see a new, easier and quicker solution.

    # July 15, 2013 at 11:54 am

    bots are getting better at captchas. In the meantime, spammers are outsourcing captchas to “data entry” workers in India.

    # July 15, 2013 at 12:37 pm

    yep, more and more spam is being done by low paid humans rather than bots.

    # July 15, 2013 at 1:02 pm

    > yep, more and more spam is being done by low paid humans rather than bots.

    How are the hardworking bots supposed to feed their family and little spiderbot kids if humans are taking their work?

    But seriously, that must be a really bad job for those people, sad to hear spam has come to THAT.

    # July 15, 2013 at 1:27 pm

    Simple job for someone where $2 a day will feed their family. It’s a no brainer really, and not much different from telemarketers traditionally.

    # July 15, 2013 at 1:31 pm

    Average retail price (as of 2010) was $2/1000 captchas. A good worker could solve 800 in an hour. Quite an assembly line.

    # July 15, 2013 at 3:48 pm

    10-12 hours a day, 5 days a week… decent living in many parts of the world.

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".