Swedish fika

Are You Tired of Captcha?

May 29 2009

The other day I received a phone call from my mum. She was trying to help my aunt to set up an account on Gmail. My mum knows a little something about the internet and how things work so I was pretty sure they would figure it all out by themselves. Turns out they didn’t. After trying for hours (no joking..) I got this desperate call from my mum in which she claimed that “they” (I guess she meant the google-people) was erasing her password and every time she tried to do it again they made it harder.

It figures she was stuck on the word verification were Gmail uses a so called captcha-image. My mum and my aunt are by no way disabled people but even so I tried to make them click on the “wheelchair”-symbol to hear the letters. That didn’t work. My aunt didn’t have any speakers connected. *sigh*
Story ended with me having to create that account for my aunt cause they simply couldn’t get the captcha-image right.

In this article I would just like to present a simple way of getting rid of spam without using captcha. And thus help people like my mum and aunt getting cranky over some weird incomprehensible image. I acknowledge that this is not a good solution for big web apps like Gmail (sorry mum) but for a small site it could be an alternative.

Let me start by pointing out that this is not a new solution. It’s been around for a while but I just felt that not so many people know about it. I have tested this on the form on my own web site and so far I never had a single spam in my inbox.

So what’s the trick?

Most spam-robots fill in every single input-field in a form. The trick here is to have an input-field that should be left empty to validate. That input-field is hidden with css so “ordinary people” with css enabled doesn’t even see the empty field.
Let me put it into code:

<label for="test" class="hide">Don't write anything here!
</label>

<input name="spamtest" id="test" type="text" class="hide" />

As you see in the code I put a label on the input that I’m going to hide. This is to be nice to people with css disabled.
After putting up this code you simply hide the input-field and the label with css by using whatever method that suits you. Here’s an example on how to do it. See the class hide in the code above? Use that one!

.hide{
position:absolute;
left:-9999px;
}

The validating of this is quite simple. An simple if-statement will do the thing. In php it could be something like this:

if($_POST['spamtest']=='')
{
      //Go ahead and submit form
      //(after validating the other input-fields of course!)
}

That’s it. Please try it out yourself and feel free to comment on this. I would also love to hear other solutions to avoid using captcha in a form.

/Ida

Comments

DanC May 29 2009

That seems like a good idea! I’ll give it a try the next time I’m building a form and let you know how it goes! Cheers,

Johan Leitet May 29 2009

Really nice. It is a really good idea to test this before using unreadable captchas.

Sirupsen May 29 2009

I’ve been using this myself for a while, and it works well!

Alexander Radsby May 29 2009

That’s a great idea Ida. Good job!

Michael May 29 2009

This makes so much sense on so many levels.

And I’m sure, even for a larger site, that some sort of automatic script might be written for the recreate/change of the ‘hidden’ field or ID title on a scheduled/random basis, so as to thwart someone trying to find a way around the simplicity of this solution.

Sweet deal this, thanks for the heads-up.

Ahmad Alfy May 29 2009

Same thing happened to me last week. My uncle with GMail account *guess google captcha have issues :p*

I liked your solution! Gonna use it beside the smart chaptcha “what color is milk?”

Tommy Jun 3 2009

Why not use: display:none; instead of position:absolute;?

Very good article!

Ida Jun 3 2009

Cool people! Thanks for spitting out comments!!

@Johan: Nice to see you here too!

@Tommy: Why not display:none? It might work just as well in this case. Might even work better actually cause I have heard that screenreaders skip elements with display:none. If that’s correct display:none is improving accessibility. This is exactly why I wrote “whatever method that suits you”.
This might just be me being paranoid but I think I have also heard rumors about intelligent spam-robots who treat things with display:none as an hidden element. In that case it wouldn’t be a good idea. BUT this might be bs. So don’t believe anything of what I just said..
Try it out first. And go with the method that works for you.

Tommy Jun 4 2009

Hi Ida!

I tried the spam-prevention-thing with display:none; yesterday.. and today i have an empty message in my inbox. Either it’s spam or someone who just sendt me an empty message – but i believe it’s spam. i will give it some days ’til i change to absolute positioning. i’ll keep you updated if the display:none-method works or not.

Ida Jun 5 2009

@Tommy: Nice of you to keep me updated!
Actually I do use display:none on my own page. But since it’s not one of the most frequented web sites I’m afraid I can’t really rely on the results 100%.
One note just. Make sure you got all the other validation correct. (No offense!) But I think it sounds really strange that you got an empty email. I mean even if it pass the spam-test empty things should not validate. Cause that basically means that the only thing a robot (or a human) have to do is hitting submit.

Tommy Jun 5 2009

yeah that’s true, it’s actually a shout box where you have one input field to say whatever and i’m not validating that one. i guess i thought no one sends empty messages.. and robots wants to give me those great offers about BIG *blip* and so on. maybe this field should contain something after all.

Ida Jun 5 2009

@Tommy: You definately need to validate!
Noone sends empty messages? That empty message could have been me. I’m a geek when it comes to web sites and I actually use to hit submit without putting nothing in the form-fields quite often when I visit a new site. I do this just to see how they solved the validation and if the error-messages seems useful to me. Sadly a lot of times the error-messages are far from useful and a lot of times, which scares me, I get a “Thank you for your message!”
NEVER assume something about the user. Remember the rule: “All input is evil until proven otherwise”.

Tommy Jun 5 2009

hehe, true true. now there’s an validation, spamfield should be empty and the input field should contain something.

i’ve seen solutions where they search the input for bad words like “viagra” “enlargement” and so on.

Has anyone tried this? Does it work?

Simon Kjellberg Jun 5 2009

@Tommy: I guess it would work to look for strange “spamwords” but I don’t think you should rely on it. There are a huuuge amount of different spam-emails out there with different content and you don’t know what they contain. What if someone, a real person that is =), really wants to write to you about one of theese spam-like words you don’t allow? Then he/she won’t be able to send emails to you or post a comment on your blog if that is what they are trying to do.

Tommy Jun 5 2009

true, simon. maybe not the best approach on spam.

Tommy Jun 8 2009

seems like the display:none; method don’t work. tried it out on one of my spam attacked sites – i’m trying absolute positioning now.

Neurotoxine Jan 4 2010

I think (sorry for rising the dead…), the problem using Display:none is related to the function of Display. I mean, when you use visibility:hidden, the block or whatever your affecting is hidden but still is there in the DOM flow.

When you use display: none, the object or whatever, is removed from the flow of DOM so, sometimes, the scripts or another forms of manipulation that are not aware of these cannot find the element and failed on their work.

I’ve been involved a couple of times fighting with a none displayed object that didn’t want to behave. Changing to visibility hidden solved the problem.

Are You Tired of Captcha?

So what’s the trick?

Comments

Sections

Recent Entries

Recent Comments

About

Subscribe

Recommended Books

Our Recent Tweets

Our Latest Bookmarks