Are you human? (or How to prevent spam) [closed]

Answer 1

There's a few ideas in the answers to the Best non-image based CAPTCHA? question if you haven't seen it already.

Answer 2

stackoverflow has a few features that help with this; I think the single most useful step you can take is disabling the ability of anonymous users and new accounts to vote. This way, no one can sign up for hundreds of accounts and use their one vote to overpower other users. I'd say requiring a few posts or membership for a certain period of time are both decent options.

Some would say you could allow one vote per IP address to help address this, but I've played plenty of games where malicious users with a nigh-infinite number of proxies defied IP address-based security. It's a deterrent, but a savvy user will get around it easily.

Answer 3

I'm a fan of the "hidden field" CAPTCHA. I don't remember where I read about it, but the idea is this:

• create your form as normal
• add an extra field but hide it (i.e. style="display:none" on the surrounding div or table row)
• after submission, if the field is blank, do the appropriate action (eg send an email); if the field has been filled in, then it's a robot submitter

The only case where this falls down is if the user's browser doesn't handle CSS (or they have it switched off), which is very rare.

Answer 4

The big thing I've noticed is that whatever you do, you want your system to be unique. You want an attacker to have to tailor their automation program for your specific site, rather than just throw a pre-existing script at it that will work almost anywhere. It doesn't even have to be cryptographically secure; it just has to make your site a little different from the norm.

This doesn't mean you can't or shouldn't use something like a pre-built captcha widget. Absolutely do use one of those as a staring point! It just means you have to customize it somewhere so that something extra happens that is outside the norm and will break any pre-existing script that could normally defeat it.

If your site gets big enough that you have attackers targeting it specifically, then your simple little customization probably won't hold up anymore and you might have do something a little more special and think about real cryptography and all that. But that's one of those things that's a "good" problem to have.

Answer 5

Charge for votes, like they do on some television "talent" shows, and get spammed all the way to the bank!

Seriously, this is a really tough problem, and someday (maybe soon, if you listen to Ray Kurzweil), computers will do testing to screen out humans. The answers I'm adding to the list have obvious drawbacks, but just for the sake of enumeration: moderation (have humans do the testing), and IP-based tracking (limit the number of votes from a host).