Rather than a button, make a clickable image with a target. Make the image dynamic and the target be something specified elsewhere on the page (maybe just above the image). So, for instance, one time it could be "Click on the square" with a square and a triangle showing in the image.
The next time it might be "Click outside the circle" with a circle in the lower half of the image. The possibilities are endless. (I'd stay away from using color as the only clue, out of consideration for the color-blind.) Any bot would have to know what coordinates to send back to simulate the mouse clicking in the correct target area.
2 Intriguing idea. +1 – deceze 8 hours ago This is interesting. Sounds fairly full-proof.
Does this requires a lot of image making and mapping? What is the neatest way to implement this do you think? – user1104147 40 mins ago.
I think it's impossible to make any system 100% unmacroable. That said, you can make it mighty tough for the user to "macro" it. You can use a combination of solutions for this.
A) You can set up a hidden form field with "" value, which you'll check on submit to see the value. Bots usually go in by filling each form field with data, and this'll ward these ones off. B) You can use a javascript to check to see that the mouse was actually clicked.
C) (I don't know if this is possible) but you can check to see if the mouse has been moved at all for the last X seconds. Any human being (hopefully) will use their mouse even a little bit every few seconds. D) Add a captcha every X clicks.
And more stuff like this.
Your points b) and c) would require JS to be turned on (which if it's a bot, it generally won't be). The other 2 points would be a good idea to use. – Nick 8 hours ago True, but you can have the javascript just create another hidden input field and on submit, the script can check the existence and correctness of the field.(I seem to be a big fan of hidden input fields!
:P ) – Indranil 8 hours ago 1 It sounds like the OP is worried about people custom-scripting bots specifically for his button. A) doesn't really apply in that case. – deceze 8 hours ago @Indranil but if you do that then the form just won't work to those people who don't have JS enabled (it's a bigger percentage of people than you would think...).
I guess it really depends on the OP's requirements, if they are okay with it not working for non-js users or not :) – Nick 8 hours ago @Nick that is very true. All of it, of course, depends on the requirements. – Indranil 8 hours ago.
Personally I'd set it up to: After 10 consecutive clicks in the same session make the user input some kind of math check (i.e. Generate 2 random numbers, make the user add/subtract them together and type the answer into an input box). Every 20 clicks ask for a captcha to be filled out.
Reset the counter. This allows the system to always give them some kind of check every 10 consecutive clicks. An unobtrusive system is pretty hard to create.
Other than that you could: Only allow a certain amount of clicks per minute Store average clicks/minute against each user in the database so you can take a look and disqualify/remove points from users who are abusing the system.
Thanks Nick, good ideas. – user1104147 47 mins ago.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.