>- see footer for list info -< I think its worth mentioning that as well as the accessibility issues with using Captchas
http://www.w3.org/TR/turingtest/ http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html There are projects demonstrating how many popular captchas can be easily decoded.... http://www.cs.sfu.ca/~mori/research/gimpy/ http://sam.zoy.org/pwntcha/ I only mention this because there seems to be a false sense of security that accompanies using Captchas. Kola > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:dev- > [EMAIL PROTECTED] On Behalf Of Paul Swingewood > Sent: 17 August 2006 08:37 > To: [email protected] > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > > >- see footer for list info -< > Er.... I dunno. I got a complaint that some bod further along the chain was > getting loads of emails and was asked to investigate ..... > > I have started to look at captcha but also thinking about writing my own > based on images and magic words - I need to stay as accessible as possible. > However these are all nicey things at present. I have so much to do that > this will have to sit on the back burner for a while. > > Thanks for your help and suggestions > > Regards - Paul > > > >From: Damien Gallagher <[EMAIL PROTECTED]> > >Reply-To: Coldfusion Development <[email protected]> > >To: Coldfusion Development <[email protected]> > >Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >Date: Thu, 17 Aug 2006 09:21:52 +0100 > > > >>- see footer for list info -< > >Out of interest, what are they getting out of submitting, say, a feedback > >form loads of times? > > > > > > > >Rich Wild wrote: > > > >>>- see footer for list info -< > >> > >>oh, I see, that's what a captcha is.. > >> > >>God I'm so old, I can't keep up with these new fangled wizbits. > >> > >>Anyway, if like me, you're not a fan of plugging other people's things > >>into > >>your site without knowing what they do, that's basically the theory. > >> > >>On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > >> > >>> > >>>"The only difficulty would this is get-aroundable by bots, assuming any > >>>bot writer cares enough about your site to spend the time rewriting their > >>>bot to regex your form field to get the magic word." > >>> > >>>Aha - so don't use words, use images. > >>> > >>>I've done this before, and its a little fiddly, but practically 100% spam > >>>safe. > >>> > >>>On the page hit, read a directory full of images that have magic words > >>>written on them, the file called the same as the magic word. > >>> > >>>Get a random one of those filenames: > >>><cfset session.secureImageName = qryImageNames.name[randrange(1, > >>>qryImageNames.recordcount)]> > >>> > >>>set that to a session and display the image in the form - however, don't > >>>display it using simple <img src="images/secureImages/HYU78.jpg"> > >>> > >>>instead, use a CF page that serves up an image with the appropriate > >>>mimetype using cfcontent > >>> > >>><img src="serveSecureImage.cfm"> > >>> > >>>In serveSecureImage.cfm, you read the session variable ( > >>>session.secureImageName ) you set before and return that using cfcontent. > >>>This means that bots can't simply read the html on the page and find the > >>>filename and use that in the input as the magic word. > >>> > >>>Alternatively, use an image making tag to write a randomly pulled magic > >>>word from a database or equivalent and simply serve that - this way just > >>>stops you having to have a directory full of images, but I had fun making > >>>those. > >>> > >>>If the magic word posted in the form don't fit the served image - don't > >>>send the mail! > >>> > >>>Richio McStitchio > >>>Chief Neckchief > >>>http://www.theideasbarn.com > >>> > >>> > >>> > >>>On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > >>> > > >>> > >- see footer for list info -< > >>> > I'm not a fan of captchas. Generally inacessible, unless you also > >>>make > >>> > an audio version available, and even then not the nicest hoop to make > >>>users > >>> > jump through. > >>> > > >>> > One method I've seen elsewhere, but haven't used myself, is an > >>> > additional input box: > >>> > The magic word is blah. Please enter the magic word. > >>> > > >>> > The only place I've seen this method is the mysociety sites, e.g: > >>> > http://www.mysociety.org/?p=103 > >>> > > >>> > The only difficulty would this is get-aroundable by bots, assuming any > >>> > bot writer cares enough about your site to spend the time rewriting > >>>their > >>> > bot to regex your form field to get the magic word. > >>> > > >>> > > >>> > Duncan Cumming > >>> > New Media Developer > >>> > Customer Relations Management / Education > >>> > Fife Council > >>> > 700 4105 / 01592 414105 > >>> > > >>> > >>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > >>> > >- see footer for list info -< > >>> > Hi all. > >>> > > >>> > I have a contact form which submits an email (cfmail) > >>> > The form is being hit by a web bot and sent hundreds of times > >>> > > >>> > Is there any way I can stop this? > >>> > > >>> > regards - paul > >>> > > >>> > > >>> > _______________________________________________ > >>> > > >>> > For details on ALL mailing lists and for joining or leaving lists, go > >>>to > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > >>> > > >>> > -- > >>> > CFDeveloper Sponsors:- > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> > >- Lists hosted by www.Gradwell.com -< > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>>help > >>> > -< > >>> > > >>> > > >>> > > ******************************************************************** > ** > >>> > This email and any files transmitted with it are confidential and > >>> > intended solely for the use of the individual or entity to whom they > >>>are > >>> > addressed and should not be disclosed to any other party. > >>> > If you have received this email in error please notify your system > >>> > manager and the sender of this message. > >>> > > >>> > This email message has been swept for the presence of computer viruses > >>> > but no guarantee is given that this e-mail message and any attachments > >>>are > >>> > free from viruses. > >>> > > >>> > Fife Council > >>> > Tel: 08451 55 00 00 > >>> > ************************************************ > >>> > > >>> > _______________________________________________ > >>> > > >>> > For details on ALL mailing lists and for joining or leaving lists, go > >>>to > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > >>> > > >>> > -- > >>> > CFDeveloper Sponsors:- > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> > >- Lists hosted by www.Gradwell.com -< > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>>help > >>> > -< > >>> > > >>> > >>> > >>_______________________________________________ > >> > >>For details on ALL mailing lists and for joining or leaving lists, go to > >>http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >>-- > >>CFDeveloper Sponsors:- > >> > >>>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>- Lists hosted by www.Gradwell.com -< > >>>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help > >>>-< > >> > >> > >> > >_______________________________________________ > > > >For details on ALL mailing lists and for joining or leaving lists, go to > >http://list.cfdeveloper.co.uk/mailman/listinfo > > > >-- > >CFDeveloper Sponsors:- > >>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>- Lists hosted by www.Gradwell.com -< > >>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
