>- see footer for list info -< I'd like to speak up in favor of captchas, whether graphic or not. As to the usability issues, there are indeed other approaches out there to the traditional graphic, and to those who decry how difficult they are to see, I'll note that most captcha tools offer the site owner a way to simplify the presentation.
Now, if someone would argue that doing so makes it "easier to crack", or as some of those links below assert, they feel that "captchas are crap because all of them can be broken", I have a different argument entirely. I'm not talking about there use in a bank or other important site. Like many, I just want to use a captcha to limit random (and incessant) spam on my blog comments and feedback. Do I really need to worry that some spammer's going to take the time to try to "break in" to my site? Put it another way, I don't want to use a captcha as a double-key deadbolt door to keep out intruders. If they want to break in, they will, just like in a house. I simply want a screen door, to keep out the random pests. /charlie http://www.carehart.org/blog/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 17, 2006 6:52 AM To: 'Coldfusion Development' Subject: problems with using captchas (was [CF-Dev]: Help ..!) >- see footer for list info -< I think its worth mentioning that as well as the accessibility issues with using Captchas http://www.w3.org/TR/turingtest/ http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html There are projects demonstrating how many popular captchas can be easily decoded.... http://www.cs.sfu.ca/~mori/research/gimpy/ http://sam.zoy.org/pwntcha/ I only mention this because there seems to be a false sense of security that accompanies using Captchas. Kola > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:dev- > [EMAIL PROTECTED] On Behalf Of Paul Swingewood > Sent: 17 August 2006 08:37 > To: [email protected] > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > > >- see footer for list info -< > Er.... I dunno. I got a complaint that some bod further along the > chain was > getting loads of emails and was asked to investigate ..... > > I have started to look at captcha but also thinking about writing my > own based on images and magic words - I need to stay as accessible as possible. > However these are all nicey things at present. I have so much to do > that this will have to sit on the back burner for a while. > > Thanks for your help and suggestions > > Regards - Paul > > > >From: Damien Gallagher <[EMAIL PROTECTED]> > >Reply-To: Coldfusion Development <[email protected]> > >To: Coldfusion Development <[email protected]> > >Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >Date: Thu, 17 Aug 2006 09:21:52 +0100 > > > >>- see footer for list info -< > >Out of interest, what are they getting out of submitting, say, a > >feedback form loads of times? > > > > > > > >Rich Wild wrote: > > > >>>- see footer for list info -< > >> > >>oh, I see, that's what a captcha is.. > >> > >>God I'm so old, I can't keep up with these new fangled wizbits. > >> > >>Anyway, if like me, you're not a fan of plugging other people's > >>things into your site without knowing what they do, that's basically > >>the theory. > >> > >>On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > >> > >>> > >>>"The only difficulty would this is get-aroundable by bots, assuming > >>>any bot writer cares enough about your site to spend the time > >>>rewriting their > >>>bot to regex your form field to get the magic word." > >>> > >>>Aha - so don't use words, use images. > >>> > >>>I've done this before, and its a little fiddly, but practically > >>>100% spam > >>>safe. > >>> > >>>On the page hit, read a directory full of images that have magic > >>>words written on them, the file called the same as the magic word. > >>> > >>>Get a random one of those filenames: > >>><cfset session.secureImageName = qryImageNames.name[randrange(1, > >>>qryImageNames.recordcount)]> > >>> > >>>set that to a session and display the image in the form - however, don't > >>>display it using simple <img src="images/secureImages/HYU78.jpg"> > >>> > >>>instead, use a CF page that serves up an image with the appropriate > >>>mimetype using cfcontent > >>> > >>><img src="serveSecureImage.cfm"> > >>> > >>>In serveSecureImage.cfm, you read the session variable ( > >>>session.secureImageName ) you set before and return that using cfcontent. > >>>This means that bots can't simply read the html on the page and > >>>find the > >>>filename and use that in the input as the magic word. > >>> > >>>Alternatively, use an image making tag to write a randomly pulled > >>>magic word from a database or equivalent and simply serve that - > >>>this way just > >>>stops you having to have a directory full of images, but I had fun making > >>>those. > >>> > >>>If the magic word posted in the form don't fit the served image - > >>>don't send the mail! > >>> > >>>Richio McStitchio > >>>Chief Neckchief > >>>http://www.theideasbarn.com > >>> > >>> > >>> > >>>On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > >>> > > >>> > >- see footer for list info -< > >>> > I'm not a fan of captchas. Generally inacessible, unless you > >>> > also > >>>make > >>> > an audio version available, and even then not the nicest hoop to make > >>>users > >>> > jump through. > >>> > > >>> > One method I've seen elsewhere, but haven't used myself, is an > >>> > additional input box: > >>> > The magic word is blah. Please enter the magic word. > >>> > > >>> > The only place I've seen this method is the mysociety sites, e.g: > >>> > http://www.mysociety.org/?p=103 > >>> > > >>> > The only difficulty would this is get-aroundable by bots, > >>> > assuming any > >>> > bot writer cares enough about your site to spend the time > >>> > rewriting > >>>their > >>> > bot to regex your form field to get the magic word. > >>> > > >>> > > >>> > Duncan Cumming > >>> > New Media Developer > >>> > Customer Relations Management / Education Fife Council 700 4105 > >>> > / 01592 414105 > >>> > > >>> > >>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > >>> > >- see footer for list info -< > >>> > Hi all. > >>> > > >>> > I have a contact form which submits an email (cfmail) The form > >>> > is being hit by a web bot and sent hundreds of times > >>> > > >>> > Is there any way I can stop this? > >>> > > >>> > regards - paul > >>> > > >>> > > >>> > _______________________________________________ > >>> > > >>> > For details on ALL mailing lists and for joining or leaving > >>> > lists, go > >>>to > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > >>> > > >>> > -- > >>> > CFDeveloper Sponsors:- > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> > >- Lists hosted by www.Gradwell.com -< > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer > >>> > >your > >>>help > >>> > -< > >>> > > >>> > > >>> > > ******************************************************************** > ** > >>> > This email and any files transmitted with it are confidential > >>> > and intended solely for the use of the individual or entity to > >>> > whom they > >>>are > >>> > addressed and should not be disclosed to any other party. > >>> > If you have received this email in error please notify your > >>> > system manager and the sender of this message. > >>> > > >>> > This email message has been swept for the presence of computer viruses > >>> > but no guarantee is given that this e-mail message and any attachments > >>>are > >>> > free from viruses. > >>> > > >>> > Fife Council > >>> > Tel: 08451 55 00 00 > >>> > ************************************************ > >>> > > >>> > _______________________________________________ > >>> > > >>> > For details on ALL mailing lists and for joining or leaving > >>> > lists, go > >>>to > >>> > http://list.cfdeveloper.co.uk/mailman/listinfo > >>> > > >>> > -- > >>> > CFDeveloper Sponsors:- > >>> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> > >- Lists hosted by www.Gradwell.com -< > >>> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer > >>> > >your > >>>help > >>> > -< > >>> > > >>> > >>> > >>_______________________________________________ > >> > >>For details on ALL mailing lists and for joining or leaving lists, > >>go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >>-- > >>CFDeveloper Sponsors:- > >> > >>>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>- Lists hosted by www.Gradwell.com -< > >>>- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>>help -< > >> > >> > >> > >_______________________________________________ > > > >For details on ALL mailing lists and for joining or leaving lists, go > >to http://list.cfdeveloper.co.uk/mailman/listinfo > > > >-- > >CFDeveloper Sponsors:- > >>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>- Lists hosted by www.Gradwell.com -< > >>- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
