Referrer Spam

Turing test stops spam

As a rule, spammers use special programs - bots-that automatically look for vulnerable sites and spam them with hundreds of links. There are several ways to prevent spam attacks of the kind. Here is one of them. First of all, we must protect our site from spam-bots to guarantee that it is real people that leave messages and comments.

I recommend using Turing test for protection against spam-bots. It’s needed to install a script that will generate random numbers and show them as images. After this site visitors will enter this number in a special field for comparison. The thing is that bots can not read the text on the images.

button.php

<?php
	
$image = imagecreate(120, 30);
	
$white    = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
$gray    = imagecolorallocate($image, 0xC0, 0xC0, 0xC0);
$darkgray = imagecolorallocate($image, 0x50, 0x50, 0x50);
	
srand((double)microtime()*1000000);
	
/*
 * Print the random grey lines
*/
	
for ($i = 0; $i < 30; $i++) {
  $x1 = rand(0,120);
  $y1 = rand(0,30);
  $x2 = rand(0,120);
  $y2 = rand(0,30);
  imageline($image, $x1, $y1, $x2, $y2 , $gray);
}
	
/*
 * Fill array $cnum with random numbers
*/
	
for ($i = 0; $i < 5; $i++) {
$cnum[$i] = rand(0,9);
}
	
/*
 * Print random dark grey numbers from $cnum
*/
	
for ($i = 0; $i < 5; $i++) {
 $fnt = rand(3,5);
 $x = $x + rand(12 , 20);
 $y = rand(7 , 12);
 imagestring($image, $fnt, $x, $y, $cnum[$i] , $darkgray);
}
	
/*
 * Assemble random digits form array to single whole number
*/
	
$digit = \"$cnum[0]$cnum[1]$cnum[2]$cnum[3]$cnum[4]\";
	
/*
 * Start new session
*/
	
session_start();
$_SESSION['digit'] = $digit;
	
/*
 * Print image header
*/
	
header('Content-type: image/png');
imagepng($image);
imagedestroy($image);
	
?>

button.php should be used for image source.

<img width=120 height=30 src=\"button.php\" border=\"1\">

audit.php

<?php
 function audit() {
  session_start();
	
/*
 * Read the session variable
*/
	
  $digit = $_SESSION['digit'];
	
/*
 * Read the user entered numbers
*/
	
  $userdigit = $_POST['userdigit'];
	
/*
 * Destroy the session
*/  
	
  session_destroy();   
	
/*
 * Compare the numbers
*/ 
	
  if ($digit == $userdigit) {
    return true;
  } else {
    return false;
  }
	
}
?>

Scripts implantation

<form action=\"frm.php\" METHOD=\"POST\">
	
<img width=120 height=30 src=\"button.php” border=”1″>
<br>
<input MAXLENGTH=5 SIZE=5 name=”userdigit” type=”text” value=”\">
<br>
<input type=”submit”>
</form>

In action script you can use following code:

frm.php

<?php
 include \"audit.php\";
 if (audit()) {
  echo \"Passed...\";
 }
?>

The function audit() returns “true” if the number entered by the visitor coincides with the number on the image, and returns “false” in other cases.

Working sample can be found here

Leave a Reply

You must be logged in to post a comment.