A contrived acronym for " C ompletely A utomated P ublic T uring test to tell C omputers and H umans A part.“
A type of challenge-response test used in computing to ensure that the response is not generated by a computer. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.
A reverse Turing test (a computer testing a human).
Image CAPTCHA -- Scalable and simple to use, but if the letters in the CAPTCHA are not distorted enough, they can be cracked by OCR techniques; if they are too distorted, visitors can't read. Image CAPTCHA is slowly being replaced by other CAPTCHA.
Math-based CAPTCHA -- Uses a simple interface and simple to use, but not scalable because most spam bots can parse the CAPTCHA questions.
Other text-based CAPTCHA -- Most text-based CAPTCHA are also quite simple, but they provide about 4 solution candidates, giving brute force spam a success rate of 1 in 4.
(Open) Semantic CAPTCHA -- Scalable and intuitive, but they are rare. The CAPTCHA generation is unsupervised, so they are generally hard to build. <-- This is where Egglue belongs.
“ Our captcha system is very complex and complicated. It is built to process up to one million captchas per day. We have several big teams and hundreds of active agents solving captchas, all at one time, especially during daytime in India. The backend of this project involves over 45 powerful, expensive servers communicating with the MySpace site to pull the captchas and then queue them up on this site, and then process the results to push back to MySpace all within 20 seconds per captcha..”
AntiSpam module is the successor of the Akismet module, and it provides spam protection to your drupal site using external antispam service like Akismet.
AntiSpam module is fully compatible with Drupal 6.x (Akismet module for Drupal 6.x release had many compatibility issues and was not usable as it was), and it expanded the support of the external antispam service with TypePad AntiSpam and Defensio service as well as Akismet service. Now you can choose one of the antispam service you wish to use.
Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.
Bad Behavior intends to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.
This is a simple module which blocks comments from anonymous users that contain links.
It relies on the fact that most spam messages contain hyperlinks and also on the fact that (for now) (most) spambots don't register on the sites they want to spam. It tries to block comment-spam at an early stage.
If an anonymous user tries to post a comment which contains a link, he/she will get a message explaining why the comment has been blocked.
BlogSpam provides a central location where comments can be checked for various spam indicators.
The BlogSpam service makes use of a plugin architecture to provide checking. If you are running your own blogspam server then the plugin list may vary. At present the following plugins are available (and running on the public BlogSpam server at blogspam.net).
Comment Lockdown is a drug of last resort in battling comment spam. You should not use this if you haven't tried something less likely to cause side effects like Mollom. You should continue use of Mollom with Comment Lockdown.
This module has some very specific rules for comments, and unlike Mollom, is incapable of learning, has no settings, does not care what kind of user you are, and rejects anything written in a language other than English.
These rules aren't arbitrary; they're based on experience with The New York Observer's massive database of spam comments. This module won't help sites that accept comments in languages other than English.
Invisimail provides a content filter to hide email addresses from spam-bots.
Invisimail also provides an option to automatically create mailto links for email addresses.
Obviously, the best protection is not to publish email addresses at all. But on a community site, some users are going to do this regardless. Invisimail provides protection for these email addresses.
Stale IP addresses clog up your database with useless data, not to mention, may be subject to subpoena by legal authorities in some jurisdictions.
The IP anonymize module helps ensure users' privacy by establishing a retention policy for IP addresses logged in Drupal's database tables. IP addresses are scrubbed on each cron run according to a configurable retention period. For example, you may wish to preserve IP addresses for a short while for purposes of identifying spam.
The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site.
Spamicide adds an input field to each form then hides it with css. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please).
When spam bots fill in the field the form is discarded.
If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.
The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. It implements the technique at the SpamSpan website .
This technique is unlikely to be absolutely foolproof. It is possible in theory for a determined spambot to harvest addresses from your site no matter how you disguise them.
Implementation of http:BL for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership . This module provides efficient blacklist lookups and blocks malicious visitors effectively.
Note that the module can also function without http:BL functionality -- its use will then be limited to the placement of a Honeypot link in the footer.
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.
The software installed on, and run by, victim hosts is dual purpose:
these dummy programs keep a network intruder occupied looking for valuable information where none exists.
The second part of the victim host strategy is intelligence gathering. Once an intruder has broken into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder.