>- see footer for list info -< Rich, 5 minutes ago you didn't even know what captcha was, have u been googling :-)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Wild Sent: 17 August 2006 13:34 To: Coldfusion Development Subject: Re: problems with using captchas (was [CF-Dev]: Help ..!) >- see footer for list info -< I think they tend to focus on the fact that many Captchas use constant fonts. A clever captcha test will use many fonts, but that's where its easiest to use the method of pre-creating your images as opposed to having a routine write images on the fly, so that they can be read easily by a human whilst still using esoteric fonts that won't be in OCR databases. There *is* still the accessibility problem however. On 8/17/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote: > > >- see footer for list info -< > I think its worth mentioning that as well as the accessibility issues > with > > using Captchas > > http://www.w3.org/TR/turingtest/ > > http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html > > > There are projects demonstrating how many popular captchas can be > easily decoded.... > > http://www.cs.sfu.ca/~mori/research/gimpy/<http://www.cs.sfu.ca/%7Emor > i/research/gimpy/> > > http://sam.zoy.org/pwntcha/ > > I only mention this because there seems to be a false sense of > security that accompanies using Captchas. > > Kola > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:dev- > > [EMAIL PROTECTED] On Behalf Of Paul Swingewood > > Sent: 17 August 2006 08:37 > > To: [email protected] > > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > > > > >- see footer for list info -< > > Er.... I dunno. I got a complaint that some bod further along the > > chain > was > > getting loads of emails and was asked to investigate ..... > > > > I have started to look at captcha but also thinking about writing my > > own based on images and magic words - I need to stay as accessible > > as > possible. > > However these are all nicey things at present. I have so much to do > > that this will have to sit on the back burner for a while. > > > > Thanks for your help and suggestions > > > > Regards - Paul > > > > > > >From: Damien Gallagher <[EMAIL PROTECTED]> > > >Reply-To: Coldfusion Development < [email protected]> > > >To: Coldfusion Development <[email protected]> > > >Subject: Re: [Spam] Re: [CF-Dev] Help ..! > > >Date: Thu, 17 Aug 2006 09:21:52 +0100 > > > > > >>- see footer for list info -< > > >Out of interest, what are they getting out of submitting, say, a > feedback > > >form loads of times? > > > > > > > > > > > >Rich Wild wrote: > > > > > >>>- see footer for list info -< > > >> > > >>oh, I see, that's what a captcha is.. > > >> > > >>God I'm so old, I can't keep up with these new fangled wizbits. > > >> > > >>Anyway, if like me, you're not a fan of plugging other people's > > >>things into your site without knowing what they do, that's > > >>basically the theory. > > >> > > >>On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > > >> > > >>> > > >>>"The only difficulty would this is get-aroundable by bots, > > >>>assuming > any > > >>>bot writer cares enough about your site to spend the time > > >>>rewriting > their > > >>>bot to regex your form field to get the magic word." > > >>> > > >>>Aha - so don't use words, use images. > > >>> > > >>>I've done this before, and its a little fiddly, but practically > > >>>100% > spam > > >>>safe. > > >>> > > >>>On the page hit, read a directory full of images that have magic > words > > >>>written on them, the file called the same as the magic word. > > >>> > > >>>Get a random one of those filenames: > > >>><cfset session.secureImageName = qryImageNames.name [randrange(1, > > >>>qryImageNames.recordcount)]> > > >>> > > >>>set that to a session and display the image in the form - > > >>>however, > don't > > >>>display it using simple <img src="images/secureImages/HYU78.jpg"> > > >>> > > >>>instead, use a CF page that serves up an image with the > > >>>appropriate mimetype using cfcontent > > >>> > > >>><img src="serveSecureImage.cfm "> > > >>> > > >>>In serveSecureImage.cfm, you read the session variable ( > > >>>session.secureImageName ) you set before and return that using > cfcontent. > > >>>This means that bots can't simply read the html on the page and > > >>>find > the > > >>>filename and use that in the input as the magic word. > > >>> > > >>>Alternatively, use an image making tag to write a randomly pulled > magic > > >>>word from a database or equivalent and simply serve that - this > > >>>way > just > > >>>stops you having to have a directory full of images, but I had > > >>>fun > making > > >>>those. > > >>> > > >>>If the magic word posted in the form don't fit the served image - > don't > > >>>send the mail! > > >>> > > >>>Richio McStitchio > > >>>Chief Neckchief > > >>>http://www.theideasbarn.com > > >>> > > >>> > > >>> > > >>>On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > > >>> > > > >>> > >- see footer for list info -< > > >>> > I'm not a fan of captchas. Generally inacessible, unless you > > >>> > also > > >>>make > > >>> > an audio version available, and even then not the nicest hoop > > >>> > to > make > > >>>users > > >>> > jump through. > > >>> > > > >>> > One method I've seen elsewhere, but haven't used myself, is an > > >>> > additional input box: > > >>> > The magic word is blah. Please enter the magic word. > > >>> > > > >>> > The only place I've seen this method is the mysociety sites, e.g: > > >>> > http://www.mysociety.org/?p=103 > > >>> > > > >>> > The only difficulty would this is get-aroundable by bots, > > >>> > assuming > any > > >>> > bot writer cares enough about your site to spend the time > rewriting > > >>>their > > >>> > bot to regex your form field to get the magic word. > > >>> > > > >>> > > > >>> > Duncan Cumming > > >>> > New Media Developer > > >>> > Customer Relations Management / Education Fife Council 700 > > >>> > 4105 / 01592 414105 > > >>> > > > >>> > >>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > > >>> > >- see footer for list info -< > > >>> > Hi all. > > >>> > > > >>> > I have a contact form which submits an email (cfmail) The form > > >>> > is being hit by a web bot and sent hundreds of times > > >>> > > > >>> > Is there any way I can stop this? > > >>> > > > >>> > regards - paul > > >>> > > > >>> > > > >>> > _______________________________________________ > > >>> > > > >>> > For details on ALL mailing lists and for joining or leaving > > >>> > lists, > go > > >>>to > > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > > >>> > > > >>> > -- > > >>> > CFDeveloper Sponsors:- > > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > > >>> > >- Lists hosted by www.Gradwell.com -< > > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer > your > > >>>help > > >>> > -< > > >>> > > > >>> > > > >>> > > > ******************************************************************** > > ** > > >>> > This email and any files transmitted with it are confidential > > >>> > and intended solely for the use of the individual or entity to > > >>> > whom > they > > >>>are > > >>> > addressed and should not be disclosed to any other party. > > >>> > If you have received this email in error please notify your > > >>> > system > > > >>> > manager and the sender of this message. > > >>> > > > >>> > This email message has been swept for the presence of computer > viruses > > >>> > but no guarantee is given that this e-mail message and any > attachments > > >>>are > > >>> > free from viruses. > > >>> > > > >>> > Fife Council > > >>> > Tel: 08451 55 00 00 > > >>> > ************************************************ > > >>> > > > >>> > _______________________________________________ > > >>> > > > >>> > For details on ALL mailing lists and for joining or leaving > > >>> > lists, > go > > >>>to > > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > > >>> > > > >>> > -- > > >>> > CFDeveloper Sponsors:- > > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > > >>> > >- Lists hosted by www.Gradwell.com -< > > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer > your > > >>>help > > >>> > -< > > >>> > > > >>> > > >>> > > >>_______________________________________________ > > >> > > >>For details on ALL mailing lists and for joining or leaving lists, > > >>go > to > > >> http://list.cfdeveloper.co.uk/mailman/listinfo > > >> > > >>-- > > >>CFDeveloper Sponsors:- > > >> > > >>>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > > >>>- Lists hosted by www.Gradwell.com -< > > >>>- CFdeveloper is run by Russ Michaels, feel free to volunteer > > >>>your > help > > >>>-< > > >> > > >> > > >> > > >_______________________________________________ > > > > > >For details on ALL mailing lists and for joining or leaving lists, > > >go > to > > >http://list.cfdeveloper.co.uk/mailman/listinfo > > > > > >-- > > >CFDeveloper Sponsors:- > > >>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > > >>- Lists hosted by www.Gradwell.com -< > > >>- CFdeveloper is run by Russ Michaels, feel free to volunteer your > help > -< > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, > > go to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help > -< > > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help > -< > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
