A nice article describing the current state of things in CAPTCHA land: http://www.jjbresearch.org/acs/blogs/optionsscalper/archive/2005/07/21/DoubleIComments.aspx
----- Original Message ----- From: "Dean Fiala" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, July 27, 2005 7:11 PM Subject: Re: [AspNetAnyQuestionIsOk] Image Verification > Since there is no bullet-proof solution, defense in depth should be > your strategy. > > 1) Use CAPTCHA as your first line > 2) Dynamically create the elements on your verification form with > random names so that the crawlers have to be even smarter. Change the > input field names and submit button name. Human users won't notice the > difference. > 3) Add an email response verification link to fully activate the > account, so the crawlers will be forced to use legimate email accounts > 4) Track the client IPs. If you notice a pattern of abuse block the > offending IPs, or if you really want to drive them nuts, set up a > honey pot that runs them slowly through an extra set of verification > steps > > > > On 7/27/05, Falls, Travis D (HTSC, CASD) <[EMAIL PROTECTED]> > wrote: >> Great point Matt; thanks I will mull that over and try to come up with >> something that will catch at least some of the crawlers. >> >> Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | >> [EMAIL PROTECTED] >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[EMAIL PROTECTED] Behalf Of Matthew >> Macdonald-Wallace >> Sent: Wednesday, July 27, 2005 10:34 AM >> To: [email protected] >> Subject: Re: [AspNetAnyQuestionIsOk] Image Verification >> >> >> Falls, Travis D (HTSC, CASD) wrote: >> >> >Thanks Pete, I didn't know that and had planned on relying on them. >> >Anyone >> >have another idea on how I can validate that a human is submitting a >> >form >> >and not a crawler of sorts? >> > >> > >> Stand next to them when they're entering the data? >> >> Seriously, with the advances in the capability of crawlers, short of >> physically being in the same room as a person who is signing up, you're >> never going to be able to be sure who's registering on your site. Its >> one of those things on the net that is both a pro and a con - user >> identification. >> >> The only other solution 've seen is that of listening to and audio file >> and typing in the numbers that are read out to you. But that's a no-no >> if you've not got a sound-card... >> >> Matt (being fairly pessimistic...) >> >> >Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | >> >[EMAIL PROTECTED] >> > >> > >> >-----Original Message----- >> >From: [email protected] >> >[mailto:[EMAIL PROTECTED] Behalf Of Peter Brunone >> >Sent: Wednesday, July 27, 2005 11:12 AM >> >To: [email protected] >> >Subject: RE: [AspNetAnyQuestionIsOk] Image Verification >> > >> > >> > >> > Also, there are already algorithms that can read these... so don't >> depend >> >on them. >> > >> > From: "Falls, Travis D (HTSC, CASD)" [EMAIL PROTECTED] >> > >> >Thanks a lot Mischa! >> > >> >Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | >> > >> >-----Original Message----- >> >From: [email protected] >> > >> >CAPTCHA >> > >> >----- Original Message ----- >> >From: "Falls, Travis D (HTSC, CASD)" >> > >> > >> > >> >>I need to write/buy an image verifier so accounts can't be >> >>batch-created. >> >>I >> >>have seen this on several sites where they present you with a word in a >> >>grid >> >>and the word is all wavy or messy. Does anyone know what this is called >> >>so >> >>I can do some research? I am assuming I can using the image api in .net >> >>to >> >>create one. >> >> >> >>Travis D. Falls | Consultant RAFT.Net IT | 860.547.4070 | >> >>[EMAIL PROTECTED] >> >> >> >> >> >> >> >> >> Yahoo! Groups Links >> >> >> >> >> >> >> >> >> ************************************************************************* >> PRIVILEGED AND CONFIDENTIAL: This communication, including attachments, >> is >> for the exclusive use of addressee and may contain proprietary, >> confidential and/or privileged information. If you are not the intended >> recipient, any use, copying, disclosure, dissemination or distribution is >> strictly prohibited. If you are not the intended recipient, please >> notify >> the sender immediately by return e-mail, delete this communication and >> destroy all copies. >> ************************************************************************* >> >> >> >> >> Yahoo! Groups Links >> >> >> >> >> >> >> >> > > > -- > Dean Fiala > Very Practical Software, Inc > http://www.vpsw.com > > > > Yahoo! Groups Links > > > > > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
