technovelty

weblog of Ian Wienand

RSS  |  technovelty home  |  page of ian  |  ianw@ieee.org

JavaScript Captcha

Comment spam recently started annoying me, again. Even though it only takes a few clicks to kill, some crappy robot is still taking up my time. Archreality has a nice little JavaScript based Captcha which has the potential to be completely useless as you can see if you click here.

However, I think I've managed to plug it into PyBlosxom and have it be useful. The trick was to make the form submission write a hidden field value in the form with a password after passing the Captcha test.

So, you set up your form like this


<form action="$base_url/$file_path.html" method="post"
name="comments_form" id="comments_form"
onsubmit="try {
           var myValidator = validate_comments_form; 
          } catch(e) { return true; } 
         return myValidator(this);
         "
>
 ... blah ...
 <input type="hidden" name="secret" value="" />
 ... blah ...
</form>

Then in validate_comments_form do something like

function validate_comments_form(frm) {

  captcha = jcap();
  if ( captcha  ) {
        frm.elements['secret'].value = "you_may_pass";
  }
  return captcha;
}

Then, finally modify comments.py from PyBlosxom to check for this value in cb_prepare.

def cb_prepare(args):
    ... somewhere near the top ...
    #captcha
    if (not form.has_key('secret')):
        return False
    if (form['secret'].value != 'you_may_pass'):
        return False

Now, if the spammer is human they will pass anyway, so we don't have to worry about that. Any bot stupidly submitting the form won't have filled out the secret key, so will get dropped. If the bot somehow interprets the javascript, then it's going to have to have enough logic to somehow parse the code and realise it needs to put in that secret value for anything to happen. If your bot can do that then I'm willing to let your spam remain.

I don't like the fact that these things lock out people without great eyesight. I don't see why a alt tag with "Put the value blah into the next box" wouldn't be sufficient, but currently it writes the image in with javascript so I don't know how that would work with a screen reader. In the todo list...

posted at: Thu, 30 Mar 2006 23:23 | in /code/weblog | permalink | add comment (17 others)

Posted by jen at Sat Sep 30 09:22:28 2006

hmm, does this really work?

Posted by a at Sat Oct 21 00:52:37 2006

aaa

Posted by jk at Thu Jul 31 18:43:17 2008

hjkhjk

Posted by dd at Wed Aug 13 19:56:45 2008

dd

Posted by dsaf at Wed Aug 13 19:58:12 2008

ee23222

Posted by dsaf at Wed Aug 13 20:11:30 2008

ee23222

Posted by jaya at Mon Aug 18 22:13:47 2008

hai

Posted by kjjkljl;kjkl at Thu Aug 21 10:55:28 2008

comemments

Posted by dfgdg at Wed Sep 10 04:58:37 2008

fdgdgfgdfg

Posted by sdf at Fri Sep 26 17:52:05 2008

sdf

Posted by asdf at Fri Oct 3 06:25:39 2008

asdf

Posted by sdf at Fri Oct 3 06:25:53 2008

asdf

Posted by sdf at Sun Oct 5 10:49:59 2008

sdf

Posted by sdfdsf at Sun Oct 5 10:50:30 2008

dsfsdf

Posted by kkjkl at Sat Oct 18 12:35:35 2008

nkkljklj

Posted by kkjkl at Sat Oct 18 12:35:40 2008

nkkljklj

Posted by jaja at Mon Nov 10 20:21:41 2008

check

Add a comment
*Name
*Email (not shown)
Website
*Comment:
*Word above?
* denotes required field

Made with PyBlosxom | © 2007 Ian Wienand

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.