From: . on
Hello, would anyone recommend the best / easiest way of implementing a bot
checker? I've heard of CAPTCHA, session length timers, random 2 numbers to
add, etc... any more effective and easier than the others?


From: Evertjan. on
.. wrote on 03 sep 2010 in microsoft.public.inetserver.asp.general:

> Hello,

Wow, anonymous, this is not a telephone,


> would anyone recommend the best / easiest way

No, I hope not.

"best" and "easiest" are subjective in programming,
so my "best" and "easiest" and your "best" and "easiest" programming
cannot and should not be the same.

> of implementing a bot checker?

Easiest == shortest code?

> I've heard of CAPTCHA, session length timers, random 2
> numbers to add, etc... any more effective and easier than the others?

What bots do you want to check and why?
What do you mean by "bots", "crawlers" perhaps?

What would you do with the results of your "check",
publish them or put them in a database or change the page,
or do you really mean "bot-stopper"?

It the latter, do you want to stop google-bot too?

Do you want to do this, whatever it is that you want to do, serverside?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
From: Dooza on
On 03/09/2010 01:09, . wrote:
> Hello, would anyone recommend the best / easiest way of implementing a bot
> checker? I've heard of CAPTCHA, session length timers, random 2 numbers to
> add, etc... any more effective and easier than the others?

To prevent form-bots from automatically submitting data I use the
honeypot method.

In my form I have 2 additional fields, one with a known value, and one
with no value. These form fields are in a div hidden by css. This is to
allow screen readers the chance to understand what these fields are for.
The label will tell the user what to do if they come across them.

Then on the processing script I will only send the form data if the
empty field is empty, and the known field is as expected.

This works because most form-bots fill in all fields they find with
random information.

Obviously this doesn't get around users who are paid to submit spam in
forms, there is nothing you can do to stop these.

The method I have been using has worked successfully on many sites over
the last 10 years that I have worked on.

Dooza