Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#25 2007-02-26 13:35:19

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,468
Website GitHub

Re: zem_contact_reborn 4.0.3.19 (old version)

LeeUmm wrote:

However, I think a better solution would be to count the time it takes the form to be submitted and if it’s less than say, 5 seconds, it’s spam.

Not sure if this is the right place for my musings but since the topic came up, here goes anyway: a looong time ago I experimented with an approach to spam filtering that required form submissions to appear ‘human’.

I’m a big proponent of a technique for authorisation (invented by a guy I happen to know) called Loosely Coupled Sets. For those that don’t know, LCS is a system whereby you take a series of very rough, yet equally statistically weighted, measures about a process and if the majority “pass” within a set tolerance you can be pretty sure the person is “real” and not an imposter.

Contrast that with a single method of authentication, e.g. a PIN, an iris scan, RFID chip, or a fingerprint, which are all ridiculously prone to error and doomed to fail or mis-represent someone in time.

A good example is this: you have a keypad entry system to a building. The 6-digit passcode is easily stolen or gained. A fingerprint/iris is cloneable or you can cut someone’s finger/eye off and use it. But if the system loosely measured:

  • The person’s height as they approached the door
  • Their weight
  • Their stride length/gait
  • The pause between reaching the keypad and beginning to enter numbers
  • The delay between each consecutive digit as they’re punched in
  • How long before the iris scan/fingerprint is presented to the system

etc etc, then each of these build up a “profile” of that person. Obviously things fluctuate and the system has to “adjust” over time and “learn” up front, but the idea is that once a profile is stored, an imposter is likely to fail one or more of the mannerisms, or perform them outside of tolerance. If the real person hurt themselves and limped, the system would (rightly) think they were an imposter and seek a 2nd opinion from a human operator because the height/gait and stride would all be off.

Anyway, back in the world of spam detection, I experimented with a similar thing. In addition to the usual checks; referrer, domain, e-mail address yahde yahde, I added a host of javascript object timers that were supposed to roughly capture stuff like time between keystrokes, time between onblur events, time to submit as a whole, time the page was on-screen etc etc. Nothing too accurate; the system works best with a lot of very rough measurements than a few very accurate ones.

It would then fire off all the results to the server, along with the rest of the black-and-white form data and the server could decide if, overall, the results were “reasonably human”. Those it thought were suspect could be flagged and redirected to another box. Of course, I never finished it and the code has now fermented in the mists of time :-(

To gain the most from the system it was intended as a means to authenticate someone, and be linked to a person’s profile, which means you’d have to store the results against a username and verify that way. Evidently, for a one-shot contact form this is somewhat out of scope!

The best we can hope for is to pick a reasonable “range” of values that represent how most humans behave compared to how a bot might behave and use these heuristics to make an intelligent stab either way. The spammers have then got to make their bots act like a human as well as fill in all the right boxes and get all the data in the correct format to pass; which is less likely to get through than a decision based on simply testing the “content”. Keeps us ahead of the game anyway… for a while at least. Just got to see the, mostly laughable, Turing Test conversations to see how far AI is away from reality.

I know that ‘less likely’ is a woolly measure and far from certainty, but I think it would be an improvement as only those people who typed faster than a machine (or spent 3 days filling the boxes in) would have their message put in a potential spam box – or binned depending on the severity of the offence. Less false positives gets my vote. Compare that to the nigh-on useless spam prevention measures we have today and it could be a fair step forward. [ I think the TXP comment-spam filter is great, btw. At least, I’ve not had any spam problems. Mind you, I only get three visitors a decade ]

I’d love to be able to prove (hopefully not disprove.. *gulp *) that this system would help in the fight against spam; even comment spam – maybe the obvious ‘fail’ messages go into a moderation queue while others get posted straight to the page? But it needs some graft and experimentation with a broad range of computer users/bots to gauge its effectiveness, which I don’t have the time to do on my own. If anyone fancies collaborating on something like this or has some ideas on loose measurable metrics (or any better ideas), let’s move this to a new thread and start something…

Was gonna say “that’s my 2p”, but it’s more like a pound’s worth…
Of drivel :-)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#26 2007-02-28 06:21:05

progre55
Member
Registered: 2006-05-02
Posts: 668

Re: zem_contact_reborn 4.0.3.19 (old version)

Is there a way using zem contact reborn to send information stored in custom fields in an article.

Here is how I would like it to work:

The user hits a button and the form appears. All the user needs to do is type in their name and email and hit send. At the point they hit send, what is sent is there information to an email that is stored in an article custom field, PLUS several pieces of information information that is also stored in other custom fields. I tried using the secret fetaure, but may be doing something wrong.

Any and all guidance would be greatlt appreciated.

Thanks.

progre55

Offline

#27 2007-02-28 06:38:57

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: zem_contact_reborn 4.0.3.19 (old version)

Try this:

<txp:php>
zem_contact_store('any-label-you-like', 'a name which will appear in the message', 
custom_field (array('name' => 'my custom field'))
);
</txp:php>
<txp:zem_contact ...usual attributes come here... />

Replace 'my custom field' with the name you gave to your custom field in preferences.

Last edited by wet (2007-02-28 06:41:54)

Offline

#28 2007-02-28 09:17:20

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

Which can also be done like this (you may have to remove spacing and linebreaks between the tags, but I’ve added it so it looks better here):

<txp:zem_contact_secret label="label which appears in the message">
  <txp:custom_field name="my custom field" />
</txp:zem_contact_secret>

The zem_contact_secret tag goes inside the zem_contact container tag along with the other tags for building the form. The order of the form fields is also used in the email.

Last edited by ruud (2007-02-28 09:18:47)

Offline

#29 2007-02-28 13:08:08

progre55
Member
Registered: 2006-05-02
Posts: 668

Re: zem_contact_reborn 4.0.3.19 (old version)

wet/rudd:

thanks.

I will test out, and hopefully that will answer how to pass custom field info. I think I had my tagging wrong.

But I still have two questions:

How I can make the “to” in the email the value of a custom field in an article, since this form will be use on a single page, but for many different articles?

I have a graphical button that I want to initiate this process, ie the user hits the button and then a pop up occurs with the form for the little bit of info I need for them to fill out. Is this the best way to accomplish my goal or do I need to redirect them to another page?

thanks again for all the assistance.

progre55

Offline

#30 2007-02-28 14:43:55

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

Use a to_form with something like this:

<txp:custom_field name="custom field name" />

I don’t know if a popup will work. Unless the form is on the article page, how will it know the contents of the custom fields for that article? Perhaps you can use some Javascript and CSS to hide the form by default and make it visible by clicking the graphical button.

Last edited by ruud (2007-02-28 16:03:48)

Offline

#31 2007-02-28 14:47:23

progre55
Member
Registered: 2006-05-02
Posts: 668

Re: zem_contact_reborn 4.0.3.19 (old version)

ruud:

Thanks for the response. Sorry, now I have a dumb question, but when I use the to_form … what code goes in the actual page …

Your second part makes sense, and I am actually contemplating an alternate design to accomidate the form on the actual page …

Thanks, again …

progre55

Last edited by progre55 (2007-02-28 14:47:42)

Offline

#32 2007-02-28 15:56:34

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

<txp:zem_contact to_form="name_of_to_form" ....

And name_of_to_form is the TXP form containing the bit of code that I posted in my previous posting (which I’ve just updated, because it can be done much simpler than I first suggested)

Last edited by ruud (2007-02-28 16:04:21)

Offline

#33 2007-02-28 16:04:06

progre55
Member
Registered: 2006-05-02
Posts: 668

Re: zem_contact_reborn 4.0.3.19 (old version)

ruud:

thanks. I will test it out later today.

progre55

Last edited by progre55 (2007-02-28 16:04:18)

Offline

#34 2007-02-28 18:54:04

beztak
Member
From: Czech Republic
Registered: 2005-07-21
Posts: 184
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

thx for this great plugin… I have one question. It’s possible to implement something like incremental ID? For expamle I want to use this plugin as a support form, so it would be great if e.g. in the subject of sent email would be en ID number (so: ID + subject typed in subject input). I guess it would be need to use some table in database, where would be this ID saved.

Offline

#35 2007-02-28 19:37:36

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

beztak, the subject_form can be used to execute php code using the <txp:php> tag, so if you want to store an ID somewhere and at the same time use it in the subject, that’s the perfect place to do it.

Last edited by ruud (2007-02-28 19:39:12)

Offline

#36 2007-02-28 19:59:17

beztak
Member
From: Czech Republic
Registered: 2005-07-21
Posts: 184
Website

Re: zem_contact_reborn 4.0.3.19 (old version)

oh, of course, thank you. I have one idea ;) maybe it’s stupid… if so… sorry. For me it’s easist to style form if label tag is behind input, textarea, select etc if no break is defined – so label and input are on the same line (like here http://thebat.web-art.cz/kontakt). But it’s just an idea ;) always I can hardcode your plugin, it’s a matter of one minute.

Offline

Board footer

Powered by FluxBB