Hi, I have a site running with a php script for file downloads. But someone is abusing my script and bandwidth of my site Please help me out. I am ready to pay for this help. Please pm me for offers if you can do this in shortest possible time. Waiting for offers,
If it's a bot you're trying to keep out I would suggest using a honeypot technique instead of a CAPTCHA. CAPTCHA's are not very user friendly and can be very frustrating in general. Beyond that, they aren't all that effective. There is software both paid and free that can crack a CAPTCHA in 30s. A honeypot is much more effective and requires absolutely no effort on the end user's part. In fact, it can be completely transparent to them. The basic idea is that bots know most forms have required fields and since they really have no efficient way of finding out what forms are required and which one's aren't, they simply fill out every field. Since the bots are reading the source code and not looking at how the page is rendered, you can easily hide a field from a user while still displaying it to the bot. In your form, you add one field with a name that sounds similar to a normal field's name. You don't want to name it "honeypt", or "spam filter" or whatever as that would make it easier for the bot to figure out what the bait field is. Give that field a class that's defined in an external stylesheet that gives it the property display: none; so that the user can't see it but the bot can. Avoid using inline CSS to hide it so it's harder for the bot to pick out the bait field. Or better yet, enclose the field in a div or span and hide the entire div/span instead of hiding the form field directly. Also give the form the autofill="noautofill" property so a browser doesn't automatically fill it in. On the ACTION page, check to see if that field is filled out. If it is it's because a bot filled it out (since the user's can't even see it) and you can simply reject it with no other action needed. You may want to add some accessibility tags for the blind (who use an interpreter to read the page to them) saying something like "leave this field blank" so they don't accidentally fill it in. I use a honeypot instead of a CAPTCHA on every form I've ever put on a site and it works beautifully. I've never had a bot spam a form and I've never had any false positives. Here's a sample: // This is the external stylesheet .altname { display: none; } Code (markup): <!-- This is the page containing the HTML form --> <form action="contact.php" method="post"> <input type="text" name="name" value="" /><br /> <input type="text" name="msg" value="" /> Send me a short message<br /> <div class="altname"> <input type="text" name="nickname" value="" /> </div> <input type="submit" value="Go" /> </form> HTML: <?php // contact.php // Make sure its a human if ($_POST['nickname'] != '') { exit; } else { // Process the form } ?> PHP: Even if it's just a download link you can do the same thing. Just make the form have only a submit button labeled "Download" or something and if it's a bot, exit() and if not use header() to redirect the user to the download page. You can really do it however you want. It's a very flexible and extremely easy to implement.
recaptcha is the easiest captcha to setup. download the php library and set it up. Be sure you register your site and get your public and private keys. Everything documented here: http://recaptcha.net/plugins/php/