Matt's Blog

Archive for July, 2007

Matt’s Blog Now on FeedBurner

Sunday, July 15th, 2007

FeedBurnerI have decided to switch to FeedBurner (now owned by Google) for the Matt’s Blog Feed. If you currently subscribe to the Feed (except the Comments Feed, that one’s staying) you shouldn’t notice anything different. I’ve made it so that all the Feed URL’s get redirected to the new Feed, at:

Your Feed Reader should catch on (since it’s a Permanent Redirect) and update the URL it’s grabbing the Feed from (not that it’ll make a difference, they’ll get the FeedBurner Feed regardless).

I mainly made this switch so that I could see some Statistics on the Feed. Like how many people are subscribed to it.

Contact me if you experience any problems with the feed.

Free Stuff: That’s Almost Stealing

Thursday, July 12th, 2007

Zac Johnson went to Affiliate Summit and, well, he took advantage of the free stuff companies give out there. It almost seems like he stole it. ๐Ÿ˜›

He’s had to bring it all home in another bag. ๐Ÿ˜›

What’s even better, is he’s giving it away!

iTunes 7.3.1 Released

Thursday, July 12th, 2007

iTunes 7.3.1 has been released which fixes a Library Saving error. I previously posted the workaround.

I must say, it’s good that Apple patched this. But, why did it take so long? iTunes 7.3 was released on June 29, 2007, and the fix was released July 12, 2007. That’s like 12 days! I doubt it took them more than an hour to fix it, and it’s not like they didn’t know about it, everybody was having the problem.

I’m disappointed in you Apple, even though I don’t really like you anyways… ๐Ÿ˜›

So, go download the update (Go Start > All Programs, click “Apple Software Update”).

It’s Warm Out

Thursday, July 12th, 2007

SunDamn,ย yesterday was hot (where I live, at least ๐Ÿ˜› ). The top temperature was 41 degrees Celsius (105.8 degrees Fahrenheit); and that’s not from the Weather People either, that’s from our own thermometer in the backyard.

We had all the fans on, but those were just moving hot air around. Our deck was so hot in the sun, you could barley stand on it for more than a minute.

Luckily, we have a full, finished basement, so it was nice and cool down there.

Ah, I love summer! ๐Ÿ˜€

Protecting Forms From SPAM

Wednesday, July 11th, 2007

eMoms at Homeย is having another Group Research Project, so here’s my post. ๐Ÿ˜€ ย 

In this age of the Internet, SPAM is an inevitability. If you have a site that’s open to the public, and it has some type of Form on it, it’s only a matter of time before SPAM starts rolling in.

Sure, you can filter it out at your end, but why not stop it from even getting through? Why not use rudimentary techniques to stop SPAM bots from even getting the comment to the processing stage? These rudimentary techniques are easy for humans to easily pass, but SPAM bots will have a hard time with it.


Probably the most common way of trying to stop SPAM is by using a CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. What it is a dynamically generated (in other words, on-the-fly) image that containsย a random string of letters, numbers and/or other characters or a word. The text is then made less readable by one or more of the follow methods:

  • distorting the text, such as by warping it
  • adding random lines
  • coloured shapes behind the text
  • grids
  • textures on the font
  • colours

There is a large flaw with CAPTCHA’s. People are making SPAM bots smarter and smarter, so CAPTCHA’s need to get harder and harder. That’s fine, but a lot of CAPTCHA’s cross the line of the human being able to read it. So, when it gets to that point, nothing’s going to get through that form, not even stuff from humans.

Another large flaw with CAPTCHA’s are that screen readers can’t read/see them. So when someone who is disabled or visually impaired comes to that form, they won’t be able to type in the CAPTCHA because they won’t know it’s there. Large corporations, such as Microsoft, have developed a way for the CAPTCHA to be spelled out. But, that’s extremely hard, and a waste of time, basically.

I’m not going to provide any code for CAPTCHA’s, mainly because every CAPTCHA should be different.

Simple Math

Another method of prevent simple SPAM bots from submitting SPAM into your forms is to make the submitter do some simple math. And by simple math, I mean like “1+1”, not “-(2x2 + 56 โ€ข 3xy3r2wc6)2 = 3456″. ๐Ÿ˜‰ Which I don’t even think is possible. ๐Ÿ˜› Well, it might be…

Matt Cutts uses this technique on his blog, for comments.

Here’s some proof-of-concept code (note, this code might not work, that’s why it’s called proof-of-concept ๐Ÿ˜‰ ):

First of all, you would want to generate some random numbers. Now, since this is simple math, I recommend nothing over 10, so the user will, hopefully, know the answer without even thinking about it. I’m going to use the mt_rand() function. You could also use the rand() function, but mt_rand() is faster and is more random.

So, lets randomise some numbers!

$number1 = mt_rand(1, 10); 
$number2 = mt_rand(1, 10); 
$equation_string = $number1 . "+" . $number2; 
$equation_answer = $number1 + $number2; 

Now, you’ll want to use $equation_string right beside a new text input field.

Now, you could just take out $equation_answer and then store $equation_string in a hidden field and then process it on the flip side of the form. But, to make it easier, we’re going to do something different.

So, what you want to do is store $equation_answer in a hidden field (<input type=”hidden” />). But, wait, don’t leave it raw. By raw, I mean just the answer. It should be encoded first. For this, I’m going to use base64_encode(), simply because it’s decodable and it came to mind first. ๐Ÿ˜›

So, replace the second to last line in the code before, with this:

$equation_answer = base64_encode($number1 + $number2);

Then, in the processing part of your form, you’ll want to grab the value of the text field and the hidden field (so make sure you put a id and name on it), use base64_decode() to decode the answer and check if they match. Assuming you put the fields in the variables $user_answer and $equation_answer, respectively: (you better make sure they submitted a number, too)

if (!is_numeric($user_answer)) {
echo "That's Not a Number!";
$equation_answer = base64_decode($equation_answer);
if ($user_answer == $equation_answer) {
// Okay, passed, carry on processing...
else {
// Failed, stop the script...
echo "Your Calculation is Incorrect!";

And, there you have it. ๐Ÿ˜€


I have explained two different rudimentary ways of stop simple SPAM bots from even getting to the processing of your form. Please note, that it is nearly impossible to stop SPAM all together, but using a carefully thought out SPAM defense plan, you can a least minimize it.