Instead of putting your visitors through the hassle, you might put some time in it yourself, by snooping through logfiles (or create a script that does it for you) and find the ip addresses of the "users" that filled out the form more than once in a certain time span. (And yes, that wouldn't mean for certain that you're dealing with a bot, but when the form was filled out 20 times in under a minute, the chances are, you are dealing with a bot.)
You can't go by ip. There are a lot of proxies out there, like those used by AOL. Even so, 30 bots each submitting 1 request a day for 30 days is 900 junk registrations. Maybe I'll accumulate 60 bots and do one every other day. Now you have to sit down and analze logs for hidden patterns, since a proxy will totally through your ip anlaysis off. :)

Come up with another one, I'll try and defeat it for you. :) (FINISH HIM!)

A tiny disclaimer claiming site security will give the users the "why". And if they ask why and threaten to go away, well. you can only extend your reach so far :) The question is "do you value your customers or not"? If not, then there is no argument against using visual or audio tricks to make sure you're handling a real human. But why not step it up a notch and require users to come see you in person with a valid passport? This would surely ban the "evil" scripts.
If it's a free site like slashdot, with no customer support, I see no problem with a small disclaimer and someone eventually getting to the why questions if ever. I run an internal site that uses pre-generated, overly random passwords. The user can reset his password whenever he wants to another new pre-generated password. People hate it since they are hard to remember, but they put up with it since it's understood that I won't change it for security reasons. I tell them right out, I'm more likely to trust my random junk than someone typing in a really bad password later.

It's a matter of perspective on who gets to do what and why.


Play that funky music white boy..

In reply to Re: Re: Code to Block Scripts/Harwesters (GD based?) by exussum0
in thread Code to Block Scripts/Harwesters (GD based?) by PetaMem

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.