Asylum-ET™

This is going to a bit a bit of an odd post but recently I bought a webkinz for my daughter. When the thing arrived I was a bit disappointed. They darn thing was a dollar store stuffed animal that cost $20.00 Just the same though with it came use of this website for webkinz where the kids are supposed to be able to go and create and play with their webkinz in a virtual world.

That is all great. She likes to play the games and all but most often it is not even possible to log into the website. Today my daughter had tried a few times to log in and play but was unable to since the website uses javascript for literally everything and something was changed in their code so now when you log in and get to the screen you are after it is a JavaScript popup that is not resizable and is to small to see what is on the screen.

After she tried again with the same thing resulting I asked if I could have a look. I tried clicking the login button on the main page and sure enough it is broken. So I then decide to put my mouse over the login link to see where it goes. javascript:pW(‘loadReturnUser’); Is what is in place of the link. So I then do a view source on the page to find out what it is that the function pW and the value loadReturnUser does. I find a few included JavaScript’s in the head of the page. Oddly name location I may add. They call their JavaScript’s directory assets. Interesting just the same but anyway I go and open up 2 JavaScript files. The first was not it then the second had the function in it. This function makes a link for a few browser types including the loadReturnUser into the link.

So I go and copy the url that this function assembles and then enter it into the address bar then change the “+page+

We have all encountered them. Most are very poorly done and even though they do stop some Spam from getting through they stop a lot more legitimate users than you would be happy with if you only knew you lost them due to the Captcha.

Interested in finding out just how many that is? That would be as simple as tracking every time your comment form is posted and weigh that against the amount of comments you see actually made it through (Both marked as Spam and good clean comments). It is safe to say that if you have 30 attempts at posting a comment form and yet you only have 3 comments then you had at least 20 visitors try to post a comment, about 4 of which even tried more than once and yet you lost those viewers and their comments why? Because your Captcha sux.

As we get more attuned to the web in its every day use we form habits. My greatest habit that is widespread beyond myself is arriving at a comment form that has a non-legible garble of text and lines in an image for a Captcha. Can you say next site please? You just lost me. What is your purpose in that anyway? Are you trying to make your would be users go away? Something tells me this is surely not the case but you still use these Captcha.

I wonder if by using these with all the garbled text you actually think it is more secure than just text in an image? Are there actually bots on the net capable of reading and deciphering what an image says? Not really. There is however software semi capable of determining words from a scan but do you realize what such a program would cost to have written for the web and also that the only ones who could afford it would be those like Google and MS and you know they are not about to do that since by evading the Captcha like this could be viewed as an actual attack against your website and business and that could even lead to some pretty hefty legal penalties and fees for the person using the tool to in a sense hack the Captcha and your site.

Anyway that is about enough of that. Now on to why I write this post. This is my alternative to using Captcha. It is one that won’t tick your viewers off. You could use it by itself or even with a typical Captcha but loose the funky text crap already.

Add one field to the form. Give it any name such as accounts.

2 rules to follow here that other similar methods fail with are.

1. Do not name this field Captcha or hidden or anything like that. A name such as accounts is perfect.
2. Do not make the input’s type = hidden nor should you make it with a class named hidden or anything of that sort.
With that said you would add this new field and we will call it accounts.
We will give it a value for the class property and name that acnts so what we will have would look like this.
<input type="text" name="accounts" value="" class="acnts"/>

Once you have done that then we will go into the sites style sheet and add.
.acnts {display:none;}

Next you will see that the new field “accounts” is not visible to the viewer when you load this form up in your browser. It is however visible to Spam bots. Spam bots will fill it in. Yes even the smart ones that got around this type of method before. Why? Simple. The ones everyone else has used break my 2 rules and so if you read them and follow them it becomes pretty obvious why they fail.

So now the point to this. When the form is submitted we check to see if $_POST['accounts'] is not empty and if it is not then we do not go further since it is a spammer otherwise we move on.

Pros/Cons
Pro: Users do not get furious with you and leave.
Pro: Nothing extra for the user to do.
Pro: No external calls to some site that you were using for your Captcha
Pro: 100% increase in comments.

Con: Someone with a personal vendetta could make their Spam software so that it skips the field named accounts but this would require then to actually know that your website intends for that to happen which is why we use a name like accounts as apposed to Captcha or hidden.