CAPTCHA in Rails – an experiment in anti-spam
March 23, 2009 – 9:45 pmOne of the things that we decided would be a good idea for RidingResource was to let users of the site contact the various facilities that we have listed. We also wanted to make sure those facilities knew we helped facilitate that contact by injecting some extra information into the email. The email functionality is left for another post.
We quickly ran into an issue with spam. As administrators of the site, we get copies of all of the email that is sent to facilities. We noticed that some weird spam-like email came through. Fortunately it was someone trying to exploit our site as an open mailer, but it didn’t seem to work, and no email got to our customer. We will have to investigate how to help prevent that (if it’s even possible to exploit) later. But we knew that we needed to do something to prevent spammers from being able to send automated junk mail to our customers, and CAPTCHA seemed like a good idea.
Until I tried it.
After some quick Googling for “rails captcha” and other terms, I discovered the simple_captcha plugin. This is a handy plugin that can be used to generate a CAPTCHA image with some convenient options. It also offers a friendly validation of said CAPTCHA in your controllers, amongst other things.
One “issue” that I had with simple_captcha is that it requires both the Imagemagick image manipulation program to be installed as well as the RMagick gem. The first part was already present, as I was using the mini_magick gem for another Rails application. Unfortunately, I didn’t have RMagick, and installing it proved less than trivial.
First, trying to install the RMagick gem resulted in an error:
Can’t install RMagick 2.9.1. Can’t find Magick-config in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
This got me to poking around. Now, most of the tutorials I had found referenced Debian as the Linux distribution onto which people were using simple_captcha. I happen to be running Fedora as a development server and CentOS in production. This meant things were a little different. After some creative Googling, I discovered what was required to install RMagick on CentOS. The current version of RMagick is actually 1.15.17 – slightly newer than the one referenced in the tutorial.
In the end, the tutorials on the simple_captcha website were sufficient to get what we needed going. Since we already had a contact form, it really was less than 15 new lines of code to get things up and running. I’m not as pleased as I could be with the CSS and formatting of where the CAPTCHA is on the contact form, but it looks good enough for now.
If you’ve got some contact forms and you’re concerned about spam, or you’ve got some registration forms that you want to anti-robot, give simple_captcha a try.
.JPG)
View Comments to “CAPTCHA in Rails – an experiment in anti-spam”
Ditch the ImageMagick / RMagick crap and go with recaptcha: http://recaptcha.net/. I've used this plugin with great success: http://github.com/ambethia/recaptcha/tree/master
Way simpler, and you'll actually help digitize books as a part of the process!
By jnewland on Mar 23, 2009
Will take a look at it. Thanks for the heads up! simple_captcha just happened to be what came up first. Should be relatively easy to switch.
By Erik M Jacobs on Mar 23, 2009
At Vidoop, we're fortunate and excited to have a customer working on the Rails version of VidoopCAPTCHA right now, as I write this. When done (probably this week or shortly after), we'll put up a link here to where it will reside on code.google.com and GitHub.
By VidoopCAPTCHA on Mar 25, 2009
As promised, here is the link to the VidoopCAPTCHA Rails plugin: http://github.com/RobotDeathSquad/vidoopcaptcha...
By VidoopCAPTCHA on Apr 7, 2009
As promised, here is the link to the VidoopCAPTCHA Rails plugin: http://github.com/RobotDeathSquad/vidoopcaptcha...
By VidoopCAPTCHA on Apr 7, 2009