Are You A Robot? Spambot Solutions Explained
6th September 2016
If you have a contact form, a newsletter subscription form, a blog that accepts comments, or any other kind of online form a user can type into and submit, at one time or another you may have experienced spam being submitted through your form.
You may have received anything from poorly-written sales copy with spammy links to another website, to garbled gibberish that looks like someone has smashed their face into their keyboard several times and sent you the result. At best this kind of nonsense clutters up your inbox with annoying rubbish, and at worst, in the case of blog comment forms, the spam can appear on your website, making it look unprofessional and untidy – and if it’s not removed, any spammy links could also negatively affect your SEO.
Why do bots fill in forms?
It may seem a little baffling that someone would go to the trouble of making a spambot that sends you gibberish, especially when you’re the only one who will see it. But bots don’t always know what kind of form they’re filling in, and which forms are or aren’t worth spamming. If it’s a form for commenting on a blog post, the submitted comment may automatically appear on your website, and hey presto – the bot has successfully added a link to their website onto yours for everyone to see.
One way to combat this problem for blog posts would be to change your settings so that comments need to be moderated before they appear online. That way you’ll be able to check every comment manually and approve or delete it as necessary. But if you don’t want to do that, or you have another form that’s being targeted by spambots, there are other ways to keep the pesky things at bay. Here’s an overview of your options, from worst to best:
CAPTCHA stands for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’. This mouthful of a name may also be referred to as “this stupid &%!$ thing!” by some users, which is why CAPTCHA might not be your first choice when it comes to stopping spam.
The standard CAPTCHA will be very familiar to most people – it’s an image of some letters and numbers, usually slanted, warped or obscured by other lines or patterns on top of them:
The user is asked to type the letters or numbers into a field. This proves they’re not a spambot because bots are unable to read the distorted letters. Unfortunately, sometimes they are so badly obscured that humans can’t read them either. This makes for a rather frustrating experience as people sometimes have to try multiple times to input the correct characters. Filling in a form should be a quick and simple process, and if users can’t do it, they may eventually decide it isn’t worth the hassle and give up.
Maths CAPTCHA is similar, but involves working out a simple maths problem and inputting the answer into a field. Again, the numbers are an image so bots cannot read them, or don’t realise that they are meant to be solving the problem within the image.
And finally there is Google ReCAPTCHA, which is designed to be much easier. It started as a project of the School of Computer Science at Carnegie Mellon University before it was taken over by Google, and it’s a very powerful anti-spam tool. It works in a similar way to a regular CAPTCHA but provides users with photographs of things like street signs, house numbers, books, and other images of real-world text that AIs have trouble reading. By confirming what the words in the photographs, users are helping to digitise books, improve maps and solve problems. For example, when filling in a form you may be shown an image of a sign from Google Maps Street View. By identifying the words on the sign, you are helping to improve the Google Maps experience for yourself and other users.
No CAPTCHA ReCAPTCHA
Another tool from Google is the No CAPTCHA ReCAPTCHA, which requires much less effort from the user – all they need to do is tick a checkbox that says “I’m not a robot”. This API features an Advanced Risk Analysis which analyses a user’s entire engagement with the CAPTCHA to determine whether or not they are human. If more clues are needed to come to a conclusion, the user may be shown some images and asked to click on every image that is of a house, for example. This is a simple task which is much easier and more enjoyable than typing in some difficult to read letters. I also noticed on URL shortening site ow.ly there used to be a game to play to prove you weren’t a bot. The game involved an interactive image where you had to drag and drop one object onto another – for example putting the correct balls (basketball, golf ball) into the correct nets or holes.
All of the CAPTCHA methods require some degree of extra effort from the user filling in the form – when really, it’s not their fault that there are spambots about, and it’s not really their problem. They’re just real people trying to fill in a form, which should be a quick and easy task. So how can you stop spambots without affecting your user’s experience?
The honeypot is something quite different, as it doesn’t interfere with the user’s experience at all. In fact, they don’t even know that it’s there, but the bots do – and that’s the point. A honeypot is an extra field that bots can see but users can’t. A bot will go ahead and populate every field in a form, but this dummy field will be hidden from users – so if the field has been filled in, that means there’s a busy bee - or rather a busy bot - buzzing around your site.
This option means that any spambots are stopped in their tracks, and users can fill in the form and go about their business without having to click on anything extra, complete any image-related tasks, or type in any random letters.
If you need some advice regarding your website design, spam, security or any similar issues, contact SilverDisc and we’ll be happy to help you.