Getting the image doesn't do much without the session ID. You should destory the session anyway.
On 3/12/06, Kevin Ballard <[EMAIL PROTECTED]> wrote: > On Mar 12, 2006, at 4:50 PM, Trejkaz wrote: > > >> You can get round CAPTCHAs too by re-serving the captcha images as > >> legitimate captchas on, say, your porn sites and feeding the punter's > >> response back to the spammed site. Even if you miss the timeout 9 > >> times out of 10, there's always another punter. > > > > I'm not sure I follow you, but how does this allow a spammer to decode > > my CAPTCHA in order to successfully post a comment? > > The spammer, who also runs a porn site, hits up your blog, sees your > captcha, copies the image and re-serves it as the captcha for someone > visiting his porn site. That unknowing person successfully deciphers > the captcha, and the spammer takes the result and feeds it back to > the blog. > > -- > Kevin Ballard > [EMAIL PROTECTED] > http://kevin.sb.org > http://www.tildesoft.com > > > > > _______________________________________________ > Typo-list mailing list > Typo-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/typo-list > > > -- Man Wit Da Plan. http://d-jacobs.com _______________________________________________ Typo-list mailing list Typo-list@rubyforge.org http://rubyforge.org/mailman/listinfo/typo-list