Spaminator. This addon is a weapon in fighting spam bot submissions to the "contact us" form at your forum.
The [OzzModz] Contact Us Spaminator injects false fields and checkboxes into the contact us form which browsers don't render so humans never see. But the bots fill out the fields and check the boxes - identifying themselves as bots and falling into the Spaminator trap. The Spaminator then logs all the information and sends the bots to the home page, and gives them the message successful prompt, completely stopping automated contact us form spam while ensuring no flags are raised in the bot program. The programs "think" tthey sent the spam successfully, but no email is sent!.
The [OzzModz] Contact Us Spaminator works with and regardless of other anti-spam measures but also makes them all obsolete, proving the worthlessness of captchas, puzzles, questions, timers and the like, by STILL catching bots while all of this annoying standard anti-spam miscellany is still active. And it won't interfere with any custom fields you have on your contact us form.
[OzzModz] Contact Us Spaminator is completely independent and doesn't rely on any third-party databases, lists, or IP blocking. It presents more opportunities for the bot to slip and prove it is a bot, for better defense from automated spam. So we can combine multiple checks as opposed to only one CAPTCHA/ReCaptcha and/or a question or two per form. This gives huge advantage to [OzzModz] Contact Us Spaminator.
Since programs like XRumer have defeated CAPTCHA/ReCaptcha, email verification, Q&A, timers and many other spam blocking techniques, [OzzModz] Contact Us Spaminator brings a whole new set of checks the bots will fail.
Typical log view
Advantages Of [OzzModz] Contact Us Spaminator
There are many advantages of [OzzModz] Contact Us] Spaminator over CAPTCHA/ReCaptcha, email verification, Q & A etc:
Captchas
A captcha is an image that renders text in an not-so-easy-to-read way, also known as challenge text. By requiring users to type the challenge text into a text field, it supposedly verifies some form of human interaction and intelligence. So if what the user enters matches the challenge text, the user is believed to have successfully completed the challenge and their form submission is allowed to proceed.
But this has been defeated by XRumer and other automated spam programs.
Q&A's
Another option is implementing one or more question and answer fields. For example, a registration form may include questions like: What color is an orange? Humans can easily answer the questions, whereas spam bots supposedly won’t be "smart" enough. Once submitted, the answer to the question is checked, if it’s correct the form is assumed to be submitted by a human and can be handled accordingly.
But this has also been defeated by XRumer and other automated spam programs.
Banning IP addresses
Banning IP addresses isn't reliable because those can be spoofed or reassigned and you might actually end up blocking legitimate users; spammers tend to use dynamic IPs anyway - including common mobile provider ones!
Third-party solutions which use ever-growing databases of known spammers to compare against.
I don’t want to rely on some third-party solution because the fewer dependencies I have on my site the better I’m going to feel about it - what happens when the third party is down? Plus this also has the potential of blocking wanted users as well as unwanted ones and often does. Some people will argue that the added complexity is a necessary evil, but I just can’t seem to bring myself to agree.
All Degrade The Visitor Experience
While all four options are common and can help prevent some automated spam, I don’t recommend them because not only do they often fail - they interfere with and degrade the user registration experience. Often times these challenges are frustrating to deal with and prompt users to leave. Why is it on us, to prove we are human? A good example of that is captchas which output text that’s too hard for humans to read, or when the Recaptcha checkbox fails, now we must complete a picture puzzle? No thanks.
For that reason I always recommend implementing the least obtrusive options available.
Major Features
The [OzzModz] Contact Us Spaminator injects false fields and checkboxes into the contact us form which browsers don't render so humans never see. But the bots fill out the fields and check the boxes - identifying themselves as bots and falling into the Spaminator trap. The Spaminator then logs all the information and sends the bots to the home page, and gives them the message successful prompt, completely stopping automated contact us form spam while ensuring no flags are raised in the bot program. The programs "think" tthey sent the spam successfully, but no email is sent!.
The [OzzModz] Contact Us Spaminator works with and regardless of other anti-spam measures but also makes them all obsolete, proving the worthlessness of captchas, puzzles, questions, timers and the like, by STILL catching bots while all of this annoying standard anti-spam miscellany is still active. And it won't interfere with any custom fields you have on your contact us form.
[OzzModz] Contact Us Spaminator is completely independent and doesn't rely on any third-party databases, lists, or IP blocking. It presents more opportunities for the bot to slip and prove it is a bot, for better defense from automated spam. So we can combine multiple checks as opposed to only one CAPTCHA/ReCaptcha and/or a question or two per form. This gives huge advantage to [OzzModz] Contact Us Spaminator.
Since programs like XRumer have defeated CAPTCHA/ReCaptcha, email verification, Q&A, timers and many other spam blocking techniques, [OzzModz] Contact Us Spaminator brings a whole new set of checks the bots will fail.
Typical log view
Advantages Of [OzzModz] Contact Us Spaminator
There are many advantages of [OzzModz] Contact Us] Spaminator over CAPTCHA/ReCaptcha, email verification, Q & A etc:
- [OzzModz] Contact Us Spaminator does not in any way interfere with legitimate human users. It requires nothing from the submitter. No puzzles, captchas, questions, timers or the like. Legitimate humans will never see it or even know it is there. We shouldn't have to prove we are human, to submit a contact us form on a forum.
- There is no limitation on the number or types of checks [OzzModz] Contact Us Spaminator can implement on forms, so it can get progressively stronger as needed.
- If the bot programs try to adjust, [OzzModz] Contact Us Spaminator will be updated with new recipes to defeat them.
- [OzzModz] Contact Us Spaminator needs very little configuration.
- Everything is logged and viewable by permissions, so there is assurance that no legitimate humans are being blocked and you can gather much information about the failed logins, including IP address, what email addresses were used, and so on.
Captchas
A captcha is an image that renders text in an not-so-easy-to-read way, also known as challenge text. By requiring users to type the challenge text into a text field, it supposedly verifies some form of human interaction and intelligence. So if what the user enters matches the challenge text, the user is believed to have successfully completed the challenge and their form submission is allowed to proceed.
But this has been defeated by XRumer and other automated spam programs.
Q&A's
Another option is implementing one or more question and answer fields. For example, a registration form may include questions like: What color is an orange? Humans can easily answer the questions, whereas spam bots supposedly won’t be "smart" enough. Once submitted, the answer to the question is checked, if it’s correct the form is assumed to be submitted by a human and can be handled accordingly.
But this has also been defeated by XRumer and other automated spam programs.
Banning IP addresses
Banning IP addresses isn't reliable because those can be spoofed or reassigned and you might actually end up blocking legitimate users; spammers tend to use dynamic IPs anyway - including common mobile provider ones!
Third-party solutions which use ever-growing databases of known spammers to compare against.
I don’t want to rely on some third-party solution because the fewer dependencies I have on my site the better I’m going to feel about it - what happens when the third party is down? Plus this also has the potential of blocking wanted users as well as unwanted ones and often does. Some people will argue that the added complexity is a necessary evil, but I just can’t seem to bring myself to agree.
All Degrade The Visitor Experience
While all four options are common and can help prevent some automated spam, I don’t recommend them because not only do they often fail - they interfere with and degrade the user registration experience. Often times these challenges are frustrating to deal with and prompt users to leave. Why is it on us, to prove we are human? A good example of that is captchas which output text that’s too hard for humans to read, or when the Recaptcha checkbox fails, now we must complete a picture puzzle? No thanks.
For that reason I always recommend implementing the least obtrusive options available.
Major Features
- Stops spambots in their tracks from submitting spam via the contact us form at your site.
- All attempts are recorded into the database, for easy viewing in the contact us spaminator log for those usergroups with log viewing permissions.
- Option to temporarily set the addon to testing mode, so you can see what the bots "see." This automatically reverts after a set time.
- Option to select how many results to show on the log page.
- Ability to set usergroup permissions for which groups can view the log.