Blocking registration spam – a better alternative to CAPTCHA

January 28th, 2009 by Tom Elrod

If you have a web site with registration forms you have probably been spammed by a bot (or will in the near future). Most people think of spambots as rogue programs that run on the internet harvesting email address from web sites to then later spam via email (i.e. “Get your diploma today” emails). While this still occurs on a regular basis, there is an increasing trend of forum spam which can pollute your lead capture data.

Many web sites deploy CAPTCHA tests within their web site form registrations to protect against spambots. However, what most people don’t know is that most of the spambot software used today, such as the popular XRumer, can defeat CAPTCHA.

It is a little surprising that software programs can get past CAPTCHA seeing how it is difficult for most humans to respond correctly to them. However, with the wide availability of OCR packages, it is probably easier for computers to now figure out CAPTCHAs than it is for humans. If you don’t believe me, just take quick look at the demonstration pages for PWNTCHA and Gimpy and you will see how accurate computers can be at guessing the correct responses for CAPTCHA on the web.

The good news is a better alternative to CAPTCHA is easy. Just add an additional form field with a simple logic question. For example, 4 + 5 = ? or Is fire hot or cold?. The answer to type in the form field is easy for humans, but much more difficult for spambots. Obviously the answer given will need to be verified on your server before accepting the rest of the information posted, but this is typically trivial to add if you are already doing data verification. Generally simple arithmetic questions are best since math is universal and won’t have to worry about language barriers to word problems.

Hopefully this tip will help those of you already facing problems with large amounts of bad data polluting your registration data from spambots. For those of you who don’t face this problem, this tip might well prevent you from ever having to.


Comments are closed.