Stop comment spam with bbAntiSpam

[olpa]

Hello,

recently it was asked if a textual captcha exists for Coppermine. I don't know the answer, but if it is "no", I'd like to recommend my tool:

Advanced Textual Confirmation is an universal antispam for forums, blogs, contact forms, and others. It is a smart textual CAPTCHA, which challenges site visitors only once, and then disappears. To install, no database required, no graphical libraries required, just insert one line into your script.

There are pointers for tool-specific ATC installation. ATC for Coppermine can be installed by analogue. I think the file to edit is "include/init.inc.php".

It'd be nice if someone try this protection and report results. I think it should stop comment spam.

By the way, why textual captcha? According to the phpBB experience, after trying a lot of approaches, the best method to stop spam is a challenge-response protection.

[Joachim Müller]

Nice idea - can't go into the core though (as yours is a commercial app that doesn't come under GNU GPL). I used to toy with another approach (as graphical captchas will be a feature in future coppermine versions for those who have the needed libraries): I considered large, ASCII-driven letters (ASCII-Art) instead of images (see the examples at http://en.wikipedia.org/wiki/ASCII_art or http://mark-proksch.de/ascii/fonts.html).
However, I'm afraid that if a mainstream product (like phpbb or coppermine) will be adding simple textual captchas, the spammers will adopt to that technique pretty fast, so your approach will only work if only a small number of pages will be using your technique.

[olpa]

I used to toy with another approach (as graphical captchas will be a feature in future coppermine versions for those who have the needed libraries): I considered large, ASCII-driven letters (ASCII-Art) instead of images

I like the idea of using ASCII-driven art as captcha. But I can't estimate how good is it.

However, I'm afraid that if a mainstream product (like phpbb or coppermine) will be adding simple textual captchas, the spammers will adopt to that technique pretty fast, so your approach will only work if only a small number of pages will be using your technique.

I disagree here. Quite opposite, more people install textual captcha, more effective is the protection. Here is what I wrote about my tool (for the general case, substitute "Advanced Textual Confirmation" by "textual captcha"):

The main idea is to stop spam at its roots, making spam economically unprofitable.

Sending spam is very cheap because spam is delivered by automatic programs (bots). Fortunately, the bots have no intellect and can't send spam when something unusual is happened.

A question from Advanced Textual Confirmation (ATC) is a big surpise for most bots. Even a simple question like "are you human" stops the spam.

Unfortunately, when ATC becomes very popular, the industry-leading spammers will adapt to it. Fortunately, the main idea will survive.

To pass ATC, spammers will have to collect a database of questions and answers. This work requires a human. Even if spammers pay as low as 1 cent per forum, 100,000 forums will cost them $1,000. And database maintenence is even more costly.

So, for spammer it is much more profitable to skip the sites protected by ATC. It will be cheaper and easier to spam an unprotected one.