[Finished: 31-MAR-2012] Calling all mySQL / PHP programmers to help with spam control

You're right, this part is possible. I have thought about doing that, but I don't really want to invest time if we can quickly implement a superior solution.

Thanks a lot for your comments, I do appreciate them.

Mr Admin,

i do believe you want a trigger. Do you know the table the posts get saved to?

Could you please run the command:

show create table tlb_posts and PM me the result? I could try to write a trigger that would do just that - fail the insert command.

edit - You must replace tbl_posts with the correct table name in the command above.

Thanks very much! With this method would it be possible to return the user back to the post editor with a "Please try again in 30 seconds" error message and preserve the form contents?

Have you tried question and answer based CAPTCHAs? The blurry text can be hacked with OCR and the Math is pretty easy for computers. Q and A can be pretty effective because even if humans set up an account they generally might not understand English.

Hmm, not a bad idea. I think I might try that.

Ok, here's a test of the new CAPTCHA.

I already like the new captcha!

Thanks for the link! I am considering using Bad Behavior, which doesn't analyze post content but rather post method and post origin. But it's only a secondary line of defense. The most important will still be our community moderated anti-spam system.

Works... An extra step, but better than Spam...

Should help slow them down at least...

With the trigger in place the database would return the insert error to the forum.

I could not control the message displayed by the forum. You could even get an "internal error", depending on how Drupal handles DB errors (and I'm not an expert in Drupal)

Hmmm, any other suggestions to work around that with a bit of PHP code?

Thanks a ton for looking into this.

I'm looking at one of the new CAPTCHA's - "Do you hate spam?" What if a user does like spam? What if a user (ie. newbie) thinks "spam" is referring to the food? Also, I guess uppercase/lowercase doesn't matter on the answers, right?

Great work SB!

-Garry

I can do it with PHP but unfortuantely I know next to nothing about Drupal.

The problem is getting the right event to trigger the function that will, for example, return true if the user has posted in the last time interval. Then you could try to display an error yourself - but I cannot help you there.

Back to my original solution, I don't see a big problem with displaying "internal error" messages, especially if all human users are aware of the motive. If someone hits F5 and the time interval is set to 30 seconds it will probably refresh with the comment correctly posted. And it will probably cause a robot to give up it's attack.

Anyway, the trigger could be set as a last line of defense - say it only block posts 10 seconds apart. The good news is that triggers are usually pretty fast. Bad news is there will be an extra select on a large table for every comment posted.
Feel free to contact me if the new captcha fails...

I just wanted to see if I could answer the spam question

I mentioned this in another thread: would it be possible to set the need of "solving" the CAPTCHA to every 10th (or a random number) post instead of one at the beginning of each session? By doing so the robots might be halted in their spamming.

If it's easy to do it could be a quick fix until your plan works out.

I like the easy question CAPTCHA, though not for every post. The Captcha Riddler module lets you come up with a few different questions to ask and have them rotate. Other easy questions:

Write the word blank in the box below.

In BLF's motto at the top of the page, what meets with flashlight? (variations for meets and flashlight)

I've only seen two - the spam one (seen once) and the "b" one (seen every time apart from once).

I'd think you need more though maybe you don't. I have no problem with filling the box for every post though.

I've always liked the picture ones where you have to choose which one isn't a kitten or I suppose for here, "Which of these is not a flashlight"

But what I know about implementing such stuff could easily be printed out in a large font and inserted in my eye with no discomfort....

one of the things you can do as well is to moderate the new user for an "X" number of posts, allowing them to prove themselves... so captcha's checking their posts before posting... spammers will even find ways around those ... FnF has a unique way... they have to send an email to the owner... then he makes the call whether it is a bot or a human.

my two cents

astroteckid7

No attacks so far tonight . . . fingers crossed.

Hey, working good so far!