Re: send form by email with image spam controler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9 Mar 2008, at 12:47, Per Jessen wrote:

Richard Heyes wrote:

How about this one -

http://jessen.ch/articles/captcha

Well, of course it can be broken too - it's only a matter of money
and time, both of which are critical to spammers.


Interesting. How well does this work?

Well - it's an idea I've had for a while, but I only just  
implemented it

this morning.

The key thing is that in order to read the question, you need to  
render
the HTML in an engine or browser with javascript support.  Just  
parsing

the page won't help you.
Like I said, it can be broken too (given sufficient effort).

It's not much effort - you just need to request a second URL after  
you've got the form. It's not hard and really doesn't really put  
anything more in the way of a bot than an image-based captcha. In fact  
I'd argue that parsing the text in your questions is significantly  
easier than doing OCR on an image.

I'm interested because I wrote a number to text converter which could
be used as a CAPTCHA and it was eventually broken, so I resorted to
the more traditional image based CAPTCHA. For example:

Enter the following in numbers:

Four thousand and twenty two.

And of course the answer is 4022.

Did you use javascript to do that too? Seems to me it should work just
as well as what I proposed.

Text-based captchas will never be a big hurdle for bots. Anything you  
can convert from a number or numbers into text can also be parsed back  
to the numbers. Fact.

The key thing to remember when securing a form is that if you do  
something that's never been seen before it's unlikely that the generic  
bots will be able to get past it. If someone decides to target your  
site then a text-based captcha will never be good enough, and chances  
are nothing you do will work. If someone is willing to put in the  
effort you've got no chance.

As an example I used to have a simple text-based captcha on the  
comment form on my blog. It was pitifully simple to get past because  
all it asked you to do was type 'human' into a text box, but since my  
blog is not very popular it's not worth the bad guys investing time to  
mod their bots to get past it. I had zero spam comments while that was  
in place. I've since switched to Wordpress and I have to say that  
Akismet kicks the crap out of any captcha in terms of effectiveness.

-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php























[Index of Archives]
 
 
[PHP Home]
 
 
[Apache Users]
 
 
[PHP on Windows]
 
 
[Kernel Newbies]
 
 
[PHP Install]
 
 
[PHP Classes]
 
 
[Pear]
 
 
[Postgresql]
 
 
[Postgresql PHP]
 
 
[PHP on Windows]
 
 
[PHP Database Programming]
 
 
[PHP SOAP]


















 
Powered by Linux