Welcome to WebmasterWorld Guest from 220.127.116.11
I've abadoned two shopping carts on two different sites this week alone because of a defective Captcha system that doesn't work with IE 7. And I'm a reasonably intelligent person. One order was for $2000+ dollars.
If you're going to install a captcha system, make sure you test the hell out of it - all platforms, all browsers.
If you make money when a user signs up for something, or buys something, I'd recommend not installing a captcha. You will likely lose more money than it will cost you to hire a high-school kid to manually go through the submissions and screen them.
This invention is the most annoying invention to come to the internet - even more so than popups, IMHO. At least we have reasonable ways to ignore popups.
Yep. I simply don't buy anything from a site that uses Captcha, in fact, I won't leave a comment at a site that uses Captcha.
If you must use Captcha, and I can't think of a reason why anyone must, at least make sure there's no chance for character confusion. No 1s that look like ls. See that? No 0s and Os. See that? No 9s that look like lower case gs. etc.
I can understand why for forums that allow anonymous to post would have it but for a credit card check out? Why? If someone wants to program a bot to buy stuff and put a credit card that validates then fine by me... I will charge it happily.
[edited by: Demaestro at 4:28 pm (utc) on Sep. 28, 2007]
What we need are systems that authenticate that the user is a human, whilst still carrying out the sites main function. Not easy, but i'm sure people are working on it.
Unfortunately captchas are essential, for some types of web forms. But all you really need is a question that's unique to your website, and possibly one that changes regularly, and that's enough for most. I can understand why large and extremely popular sites would need something more robust, but not your average small blog.
Ecommerce is different, however. There's no good reason to put up a captcha on a website that's selling something.
For my websites I have found a better solution. I simply randomize the names of the input fields with each refresh of the page. No chance for automatic submissions.
Despite of this, I have no SPAM problems on my sites. My idea is that SPAM should be controlled with technology behind the scenes rather than systems that scare genuine visitors away. Captchas, user registration and other visitor visible approaches to control spam are the poor mans solution to a problem which was not created by your visitors in the first place.
A proof of work is as simple as a responding to an onclick event that shows there's a real person. Then if you hash the timestamp, create a field in the form and a row in the DB with that value and check to see if there's a match. Once you get a match, you delete it, so that form can only be used once
- no double submisssions by bots or accident
- no annoyance to users
declare a hidden form field, invisible to the user (via css), use server side code to check if there is a value in there, if there is a value, it's almost certainly been automatically filled in, therefore it's from a bot.
if its a bot, reject the form.
i've got this on a few of my contact forms (name, email, comment) and i've never received spam through them.
I like the ideas presented here. The hidden form element sounds real cool.
Randomizing the field names sounds even cooler. It would be a bit of an annoyance to some visitors however. Visitors like things in some sort of rational order.
Doing math isn't that hard. Provided it isn't something too insane. Adding or multiplying single digit numbers is cool. Resolving the square root of Pi is not.
imho until there is something better what choice do we have.
out of curiosity what solutions is there for HUMAN bots?
i am lucky that almost all human bots register on my site with the least used country!