Re: Alternative/Addition to using a CAPTCHA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, March 29, 2007 7:33 pm, John Comerford wrote:
> I was reading the current tread on CAPTCHA and possible cracks and I
> thought maybe I'd throw this out to the group to see what you think.
> Recently I saw a forum where in order to post you first had to click
> on
> a div that was placed at a random location on the page, it read
> something like, "Click here if you are human".  I was thinking that
> maybe you could put together a system that looks something like this:
>
> http://people.aapt.net.au/JComerford/ClickMe.htm
>
> I was thinking you could use it in a couple of ways:
>
> 1) As a replacement to a CAPTCHA image
> 2) When you click the image a CAPTCHA image is loaded into the 'Click
> Me' container
>
> The main problem is how to tell the server that the div has been
> clicked, in a way that can't be simulated.  I am not an expect with
> either JS or PHP, but maybe some of the bigger brains out there could
> throw in their 2 cents......

Clicking on it in JS would be pretty trivial with webmonkey, I should
think.

Even if it wasn't, and you made it an image and only stored the
"correct" pixels server-side, you're still subject to the same kind of
AI Vision / OCR type of thing that a traditional CAPTCHA is subject
to, really.

Virtually *any* barrier you toss up will stop the brunt of the stoopid
spambots.  Even the Chris Shifflet method (see his blog) probably gets
rid of all the junk.

NO barrier will stop a dedicated human-architected attack.

The "better" CAPTCHAs are almost as hard for humans as they are for
the scripts designed to beat them -- Not really a "win" as they hurt
usability too much.

I would suggest using the method least likely to hurt your
usability/accessibility, and easiest to implement.

Unless you have somebody out there who is out to get you, it will work.

If there IS somebody out to get you, nothing will work anyway.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux