On Tue, 2007-06-12 at 16:05 -0500, Richard Lynch wrote: > On Tue, June 12, 2007 7:01 am, tedd wrote: > > I was thinking about this the other day -- computers are fast and > > people are generally slow. So, instead of making the time short, > > examine how fast the answer was obtained. Immediate = computer; > > delayed = human. > > > > Even an easy LETTER CAPTCHA takes time for a human, but a computer > > can recognize and respond much quicker. > > > > I know, spammy can delay his bot's response, but it's just a > > difference between computer/human to consider. > > Some sites already employ this kind of thing to stop badly-written > robots from pounding their server. > > OTOH, wget has a random delay built-in to defeat this kind of thing. > > So somebody somewhere will figure out that's what the trick is, and > write code to bypass it. > > So, as before, *ANY* captcha you use will stop the bulk of spam. Nuh, uh! Try installing PHPBB with default CAPTCHA. It gets pummelled because it's already solved. So not ANY. There are bots out there that crawl the web looking for PHPBB installations (or any other popular software). They don't care that you are Joe Blow and you don't know what you're doing. All they care about is "oh look PHPBB, or Phorum, or whatever popular software you're using" and then they go to town going through the motions of registering a user, handling email verification, reconnecting to forum (or whatever), grabbing comment form, solving captcha, and posting spam. Wash, rinse, dry, repeat :) So anything that is already popular will pretty much be attacked by default if the CAPTCHA is weak. It's like waiting for Google to crawl your site, except it's pr0nb0t :) And once they know about you... they queue you for regular updates *lol*. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php