- see footer for list info -<
As Kola mentioned, there are serious accessibility issues with a visual
captcha... it's utterly unusable for a blind person.
"To reframe the problem, text is easy to manipulate, which is good for
assistive technologies, but just as good for robots. So, a logical means
of trying to solve this problem is to offer another non-textual method
of using the same content. Hotmail serves a sound file that can be
listened to if the visual verification is not suitable for the user."
http://www.w3.org/TR/turingtest/#sound -- it would be a very useful web
service if anyone were to develop it, visual/audio captcha...
Like your idea Dom, anyone got an answer?
d
Snake wrote:
- see footer for list info -<
Well it has certainly stopped the pests on our contact and feedback pages. I
can't imagine anyone is going to bother cracking your captcha protection
unless it is a really worthwhile cause, and on most sites, why would it be,
all that effort just just to send spam to one person?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Wild
Sent: 17 August 2006 19:54
To: Coldfusion Development
Subject: Re: problems with using captchas (was [CF-Dev]: Help ..!)
- see footer for list info -<
I guess that's the main crux. For weblogs (arguably the main victims)
they're terrific and I will stand up and defend them till the cows come
home.
...and making the images was a lot of fun for the community me and the
Tazewell had on one of the particular weblogs concerned at the time, which
is always a bonus.
On 8/17/06, Charlie Arehart <[EMAIL PROTECTED]> wrote:
- see footer for list info -<
I'd like to speak up in favor of captchas, whether graphic or not. As
to the usability issues, there are indeed other approaches out there
to the traditional graphic, and to those who decry how difficult they
are to see, I'll note that most captcha tools offer the site owner a
way to simplify the presentation.
Now, if someone would argue that doing so makes it "easier to crack",
or as some of those links below assert, they feel that "captchas are
crap because all of them can be broken", I have a different argument
entirely.
I'm not talking about there use in a bank or other important site.
Like many, I just want to use a captcha to limit random (and
incessant) spam on my blog comments and feedback. Do I really need to
worry that some spammer's going to take the time to try to "break in"
to my site?
Put it another way, I don't want to use a captcha as a double-key
deadbolt door to keep out intruders. If they want to break in, they
will, just like in a house.
I simply want a screen door, to keep out the random pests.
/charlie
http://www.carehart.org/blog/
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, August 17, 2006 6:52 AM
To: 'Coldfusion Development'
Subject: problems with using captchas (was [CF-Dev]: Help ..!)
- see footer for list info -<
I think its worth mentioning that as well as the accessibility issues
with using Captchas
http://www.w3.org/TR/turingtest/
http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html
There are projects demonstrating how many popular captchas can be
easily decoded....
http://www.cs.sfu.ca/~mori/research/gimpy/
http://sam.zoy.org/pwntcha/
I only mention this because there seems to be a false sense of
security that accompanies using Captchas.
Kola
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:dev-
[EMAIL PROTECTED] On Behalf Of Paul Swingewood
Sent: 17 August 2006 08:37
To: [email protected]
Subject: Re: [Spam] Re: [CF-Dev] Help ..!
- see footer for list info -<
Er.... I dunno. I got a complaint that some bod further along the
chain
was
getting loads of emails and was asked to investigate .....
I have started to look at captcha but also thinking about writing my
own based on images and magic words - I need to stay as accessible
as
possible.
However these are all nicey things at present. I have so much to do
that this will have to sit on the back burner for a while.
Thanks for your help and suggestions
Regards - Paul
From: Damien Gallagher <[EMAIL PROTECTED]>
Reply-To: Coldfusion Development <[email protected]>
To: Coldfusion Development <[email protected]>
Subject: Re: [Spam] Re: [CF-Dev] Help ..!
Date: Thu, 17 Aug 2006 09:21:52 +0100
- see footer for list info -<
Out of interest, what are they getting out of submitting, say, a
feedback form loads of times?
Rich Wild wrote:
- see footer for list info -<
oh, I see, that's what a captcha is..
God I'm so old, I can't keep up with these new fangled wizbits.
Anyway, if like me, you're not a fan of plugging other people's
things into your site without knowing what they do, that's
basically the theory.
On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote:
"The only difficulty would this is get-aroundable by bots,
assuming any bot writer cares enough about your site to spend the
time rewriting
their
bot to regex your form field to get the magic word."
Aha - so don't use words, use images.
I've done this before, and its a little fiddly, but practically
100%
spam
safe.
On the page hit, read a directory full of images that have magic
words written on them, the file called the same as the magic word.
Get a random one of those filenames:
<cfset session.secureImageName = qryImageNames.name[randrange(1,
qryImageNames.recordcount)]>
set that to a session and display the image in the form -
however,
don't
display it using simple <img src="images/secureImages/HYU78.jpg">
instead, use a CF page that serves up an image with the
appropriate mimetype using cfcontent
<img src="serveSecureImage.cfm">
In serveSecureImage.cfm, you read the session variable (
session.secureImageName ) you set before and return that using
cfcontent.
This means that bots can't simply read the html on the page and
find
the
filename and use that in the input as the magic word.
Alternatively, use an image making tag to write a randomly pulled
magic word from a database or equivalent and simply serve that -
this way
just
stops you having to have a directory full of images, but I had
fun
making
those.
If the magic word posted in the form don't fit the served image -
don't send the mail!
Richio McStitchio
Chief Neckchief
http://www.theideasbarn.com
On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote:
- see footer for list info -<
I'm not a fan of captchas. Generally inacessible, unless you
also
make
an audio version available, and even then not the nicest hoop
to
make
users
jump through.
One method I've seen elsewhere, but haven't used myself, is an
additional input box:
The magic word is blah. Please enter the magic word.
The only place I've seen this method is the mysociety sites, e.g:
http://www.mysociety.org/?p=103
The only difficulty would this is get-aroundable by bots,
assuming
any
bot writer cares enough about your site to spend the time
rewriting
their
bot to regex your form field to get the magic word.
Duncan Cumming
New Media Developer
Customer Relations Management / Education Fife Council 700
4105 / 01592 414105
[EMAIL PROTECTED] 16/08/2006 14:25 >>>
- see footer for list info -<
Hi all.
I have a contact form which submits an email (cfmail) The form
is being hit by a web bot and sent hundreds of times
Is there any way I can stop this?
regards - paul
_______________________________________________
For details on ALL mailing lists and for joining or leaving
lists,
go
to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer
your
help
-<
********************************************************************
**
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they
are
addressed and should not be disclosed to any other party.
If you have received this email in error please notify your
system manager and the sender of this message.
This email message has been swept for the presence of computer
viruses
but no guarantee is given that this e-mail message and any
attachments
are
free from viruses.
Fife Council
Tel: 08451 55 00 00
************************************************
_______________________________________________
For details on ALL mailing lists and for joining or leaving
lists,
go
to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer
your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists,
go to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer
your help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists,
go to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists,
go to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
