Recently I started getting a number of bogus ISP reviews submitted to the Servlets.com ISP review system. They're just a long list of links, the same type of junk you see being posted to blog comment systems in an attempt by the spammer to improve their sites' Google rankings. It's the kind of stuff that made me shut down the comment system on this blog. My guess is the ISP review form looks enough like the MovableType (or some other software's) comment form to look like a target to the clients. I moderate all new posts so they never get seen, but that doesn't stop the bots from trying.
So what I did is simple, I made more fields required including ones the robots don't know to fill in. Now I'm wondering...
Is it time to use less obvious form names? "comment" is nicely mneumonic, but perhaps it should be off limits now.
How long before someone writes a spider client that fills in random but heuristically intelligent values to form fields on the web? It could even go so far as to enter CRC-compliant credit card numbers into order forms, if the form field names are somewhat standard. I'm wondering if in the future we'll have to fill out more "what is the word hidden in this graphic", are-you-really-a-human tests before long.
Hmm, there's probably big (but dirty) money to be made in writing an automatic word recognizer. Then you can make big (and clean) money writing the next generation are-you-human test.
Another loss of innocence for the net...
Posted by Jason Hunter at December 28, 2004 09:22 PM