Re: Going from simple to super CAPTCHA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/10/07, tedd <tedd@xxxxxxxxxxxx> wrote:
At 12:27 PM +0900 6/10/07, Dave M G wrote:
>Tips on what differentiates a good CAPTCHA from a bad one would also
>be really sweet.

Dave:

 From a visual disability standpoint, all graphic CAPTCHA's are bad.

 From the not-disabled standpoint, most intelligible graphic CAPTCHA's
that can be read, can also be read by bots. So, it doesn't make much
difference to create variations of the theme, because the theme can
always be broken if it is to remain solvable by the sighted. In other
words, anything you can read, so can a bot.

Of course, you must also keep in mind what you are trying to protect.
If it's something popular and thus would return something of value,
then no CAPTCHA is going to keep evil-doers from accessing it.

On the other hand, if what you're trying to protect has no real
significance, then no one is going to brother breaking your CAPTCHA.

So, why use a CAPTCHA at all? Instead use something simple such as "1
+ 1 = ?". That will stop most cursory bots. If your site is popular,
then nothing easy like a CAPTCHA is going to work anyway -- you'll
have to come up with another method.

However, if you insist on making a CAPTCHA for your site (as clients,
not knowing better, sometimes insist), then also add an alternative
"way in" for the visually disabled like so:

http://sperling.com/examples/captcha/

If you want the code, just ask and I'll provide.

My thought is if you want to do image alteration, you might put your
skills to better use by writing routines for various photographic
effects, such as "Fish-Eye" or "Oval Cut-Outs" or whatever -- rather
than beating the dead horse CAPTCHA.

Cheers,

tedd


Tedd:

Please don't spread the code of your Audio CAPTCHA, we had a big
discussion about it, and we concluded that it was quite easy to crack.
I remember i've cracked some other CAPTCHAs, but if you still think
your Audio CAPTCHA isn't hard to crack, then just let me know and i'll
start cracking it :)

Dave:

The point is not only if the image itself is readable by a bot, you
must also keep a note of how you pass the check around your site.
I also suggest you read 3 threads, that are relative to each other,
from the past:
http://marc.info/?l=php-general&m=117518641415178&w=2
http://marc.info/?l=php-general&m=117521475815904&w=2
http://marc.info/?l=php-general&m=117596132004021&w=2

I think you remember the thread tedd ;)

Tijnema

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux