Stopping bots

[callumacrae]

Basically, I am building a site that is very similar to lockerz - we post a thread in the forums, then the first ten or so people to reply get $10. One thing that concens me is that people can set up bots to post for them and we won't know about it. Obviously we do not want that. How would I tell whether the user is using a bot or not, and how would I prevent them from using them?

~Callum

 

[lemon-tree]

For a place where money is involved, you'll want probably a CAPTCHA and another test such as a simple maths problem or a word problem, only you'll have to make sure that they are not repeated. Other than that, you could check whether users are checking at a regular interval (e.g. 1 minute precisely) as this would indicate it is in fact a bot just polling the page. Also, you could have it so that they have to reply with a different phrase each time, as this'll make it considerably harder to make a bot that won't just say 'me!'.

 

[leafypiggy]

captcha? Random question (2+2, square root of 9, etc)

Force them to use a java/flash form to reply to the thread. It's much harder to make a bot that interacts with one of those.

 

[dWhite]

http://www.google.com/recaptcha

No spam bot has been able to crack it.

 

[callumacrae]

Okay, I'll look into getting CAPTCHA

Well, I've got it built into phpBB already, but I don't know how to enable it in certain forums only for registered users.

As to the flash or java thing, I hate flash and I don't know java, so that's out of the question.

~Callum

 

[essellar]

CAPTCHA (especially RECAPTCHA) is good for what it does, but you need to be aware that a lot of the "spambots" out there now are "mechanical Turks" -- humans, primarily in the Third World, who are hired for pennies to solve CAPTCHAs and paste comment spam. The best way around them is to close threads/disable comments relatively quickly after their creation. I'm not well versed in the internals of phpBB (I tend to roll my own rather than use someone else's forum software -- it keeps me sharp), but if there's a provision for moderating new users (say five approved postings before they can post directly), that will solve a lot of problems as well.