Reputation:
Do I need to have/When do I need Captcha?
I have a classifieds website, where users must fill in a form to post a classified (offcourse).
I wonder, do you think I need some form of captcha on the form?
Also, I am working on a "register" page where users may get their own username/pass and login to post classifieds more easily.
Also, I have a mail-server setup...
So now, users may click on a classified and at the bottom fill in just three fields in a form (name, email, message) and send an email to the poster of the classified. No captcha there. Is this safe?
My firewall is setup so that it is preventing any outside access to the mail-server except from the websites IP.
Can I set up the firewall to some settings so that I don't need captcha?
I have my own Virtual Private Server btw, and it is running Ubuntu.
A follow-up Q is, if a spam-bot or whatever, gets the hold of my forms and fills alot of them out, or use my mail-server to send emails, what would happen then?
Would my site and mail-server get blacklisted? Is this reverssible or do I have to create a new mail-server then?
Thanks
Upvotes: 6
Views: 3298
Answers (6)
Reputation: 312
Beter try Sblam, its transparent for the visitors, there is no need for user input, it works good for me on numerous sites.
Upvotes: 0
Reputation: 23427
Can I set up the firewall to some settings so that I don't need captcha?
No. Captcha and firewall are totally different things and cannot be used as the alternative of each other.
A follow-up Q is, if a spam-bot or whatever, gets the hold of my forms and fills alot of them out, or use my mail-server to send emails, what would happen then?
One can write a script which will automate the registration process on your website. It can create so many accounts on your server and/or can post some content which is not good for your website or can use your website for some other persons ads.
Upvotes: 0
Reputation: 10351
I can see two situations where you might be thinking of using Captcha's.
- Registration
- Interaction/Contact Form
However, captcha does tend to upset and drive away users if overused.
So, in these instances:
Registration
The easiest way to stop, or at least inconvenience, anyone trying to create bulk accounts would be to use an email confirmation. So, the user fills out the form, including their email address. The form then sends them an email, which contains a link they must click to activate the account and allow them to login.
Interaction/Contact Form
There will be two kinds of people who will interact through this form. There will be registered, and logged-in users and there will be casual visitors. As Captcha is a method to test for whether a person is a person or not, any registered/logged-in users have already proven themselves, there is no need to use Captcha for them.
However, for a casual, non-logged-in users, then you can use the Captcha for them.
So, the short version, as you can tell, I hate Captcha, and only use it when absolutely necessary.
Upvotes: 2
Reputation: 26350
Definitely YES.
Take a look at reCAPTCHA
You have a PHP plugin here
Upvotes: 0
Reputation: 53349
I go by the design principle of "least barrier to entry". You want people to use your site, so you want to make it as easy as possible for them. Anything at all -- including a captcha -- might turn them away. So my standard line would be to definitely not include a captcha anywhere until you've actually seen a problem with spam. And even then, see if the problem can be solved without a captcha first.
Regarding your question of "well what if a spam bot starts spamming". Simple solution to this is to pre-implement a rate limit. Make it so that someone at a given IP address cannot initiate the sending of an email more frequently than say once every minute. This will not actually cause a problem for real people, but will stop a spam bot in its tracks. You can even try to detect situations where you see a high rate and temporarily block that IP address for 24 hours. That will prevent even the once-a-minute spam.
Upvotes: 8
Reputation: 13319
captch is mainly used for security purpose to stop automation. Like if u have a signup column, a geek can easily make a 1000 users within minutes if he automates it.. and u lose so much space.. At the same time, if u use captcha, its much more safer and you can be sure that all the users are human and none are computer generated usernames. So if u take your website seriously, i would suggest to go for captch. But keep it simple like they have at megaupload. I dont know which service that is but still its simple.
Upvotes: 0
Related Questions
- Issue with Captcha system on PHP, AJAX Contact form
- Good Form Security - no CAPTCHA
- do you need captcha validation in newsletter subscription?
- do I have to add captcha in all forms?
- How add captcha without php?
- Captcha Validation and Send Email
- Are captchas need for my online form
- Captcha Non PHP
- Where to include a captcha?
- php+jquery+captcha, is this is the correct way?