Talin <talin@acm.org> wrote:
Terry Reedy wrote:
My underlying point: seeing porno spam on the practice site gave me a bad itch both because I detest spammers in general and because I would not want visitors turned off to Python by something that is completely out of place and potentially offensive to some. So I am willing to help us not throw up our hands in surrender.
There are various other solutions. The spammer's client isn't generally a full browser, it's just a bare HTTP robot, so if there's some kind of Javascript that is required to post, then the spammer probably won't be able to execute it. For example, you could have a hidden field which is a hash of the bug summary line, calculated by the Javascript in the web form, which is checked by the server. (For people who have JS turned off, failing the check would fall back to a captcha or some other manual means of identification.)
I'm not sure how effective the question/answer stuff is, but a bit of javascript seems to be a good idea. What has also worked on a phpbb forum that I admin is "Stop Spambot Registration". As the user is registering, it tells them not enter in any profile information when they are registering, that they should do that later. Anyone who enters any profile information is flagged as a spammer, their registration rejected, and I get an email (of the 35 rejections I've received, none have been legitimate users, and only one smart spambot got through, but he had a drug-related name and was easy to toss). If we include fake profile entries during registration that we tell people not to fill in (like 'web page', 'interests', etc.), we may catch some foolish spambots. Of course there is the other *really* simple option of just renaming registration form entry names. Have a 'username' field, but make it hidden and empty by default, rejecting registration if it is not empty. The real login form name could be generated uniquely for each registration attempt, and verified against another hidden form with minimal backend database support. While it would only take a marginally intelligent spambot to defeat it, it should thwart the stupid spambots. - Josiah