Since there is no bullet-proof solution, defense in depth should be your strategy.
1) Use CAPTCHA as your first line 2) Dynamically create the elements on your verification form with random names so that the crawlers have to be even smarter. Change the input field names and submit button name. Human users won't notice the difference. 3) Add an email response verification link to fully activate the account, so the crawlers will be forced to use legimate email accounts 4) Track the client IPs. If you notice a pattern of abuse block the offending IPs, or if you really want to drive them nuts, set up a honey pot that runs them slowly through an extra set of verification steps On 7/27/05, Falls, Travis D (HTSC, CASD) <[EMAIL PROTECTED]> wrote: > Great point Matt; thanks I will mull that over and try to come up with > something that will catch at least some of the crawlers. > > Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | > [EMAIL PROTECTED] > > > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] Behalf Of Matthew > Macdonald-Wallace > Sent: Wednesday, July 27, 2005 10:34 AM > To: [email protected] > Subject: Re: [AspNetAnyQuestionIsOk] Image Verification > > > Falls, Travis D (HTSC, CASD) wrote: > > >Thanks Pete, I didn't know that and had planned on relying on them. Anyone > >have another idea on how I can validate that a human is submitting a form > >and not a crawler of sorts? > > > > > Stand next to them when they're entering the data? > > Seriously, with the advances in the capability of crawlers, short of > physically being in the same room as a person who is signing up, you're > never going to be able to be sure who's registering on your site. Its > one of those things on the net that is both a pro and a con - user > identification. > > The only other solution 've seen is that of listening to and audio file > and typing in the numbers that are read out to you. But that's a no-no > if you've not got a sound-card... > > Matt (being fairly pessimistic...) > > >Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | > >[EMAIL PROTECTED] > > > > > >-----Original Message----- > >From: [email protected] > >[mailto:[EMAIL PROTECTED] Behalf Of Peter Brunone > >Sent: Wednesday, July 27, 2005 11:12 AM > >To: [email protected] > >Subject: RE: [AspNetAnyQuestionIsOk] Image Verification > > > > > > > > Also, there are already algorithms that can read these... so don't > depend > >on them. > > > > From: "Falls, Travis D (HTSC, CASD)" [EMAIL PROTECTED] > > > >Thanks a lot Mischa! > > > >Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | > > > >-----Original Message----- > >From: [email protected] > > > >CAPTCHA > > > >----- Original Message ----- > >From: "Falls, Travis D (HTSC, CASD)" > > > > > > > >>I need to write/buy an image verifier so accounts can't be batch-created. > >>I > >>have seen this on several sites where they present you with a word in a > >>grid > >>and the word is all wavy or messy. Does anyone know what this is called > >>so > >>I can do some research? I am assuming I can using the image api in .net > >>to > >>create one. > >> > >>Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | > >>[EMAIL PROTECTED] > >> > >> > > > > > Yahoo! Groups Links > > > > > > > > > ************************************************************************* > PRIVILEGED AND CONFIDENTIAL: This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the intended > recipient, any use, copying, disclosure, dissemination or distribution is > strictly prohibited. If you are not the intended recipient, please notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > ************************************************************************* > > > > > Yahoo! Groups Links > > > > > > > > -- Dean Fiala Very Practical Software, Inc http://www.vpsw.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
