- see footer for list info -<
Wouldn't pictures of objects in a captcha be far more difficult for bots to crack? e.g. you have to type in the names of 2 or 3 items in the captcha which vary each time. Random shapes and blobs are thrown in with some overlapping. Some examples for each visit:
1) cow, dog 2) car, house, truck 3) chair, mouse 4) train, plane A library of different styles of images will stop bots learning each object, plus a bit of "Where's Wally" will make it very tough for bots. Just an idea. Gary. On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote:
>- see footer for list info -< As Kola mentioned, there are serious accessibility issues with a visual captcha... it's utterly unusable for a blind person. "To reframe the problem, text is easy to manipulate, which is good for assistive technologies, but just as good for robots. So, a logical means of trying to solve this problem is to offer another non-textual method of using the same content. Hotmail serves a sound file that can be listened to if the visual verification is not suitable for the user." http://www.w3.org/TR/turingtest/#sound -- it would be a very useful web service if anyone were to develop it, visual/audio captcha... Like your idea Dom, anyone got an answer? d Snake wrote: >> - see footer for list info -< >> > Well it has certainly stopped the pests on our contact and feedback pages. I > can't imagine anyone is going to bother cracking your captcha protection > unless it is a really worthwhile cause, and on most sites, why would it be, > all that effort just just to send spam to one person? > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rich Wild > Sent: 17 August 2006 19:54 > To: Coldfusion Development > Subject: Re: problems with using captchas (was [CF-Dev]: Help ..!) > > >> - see footer for list info -< >> > I guess that's the main crux. For weblogs (arguably the main victims) > they're terrific and I will stand up and defend them till the cows come > home. > > ...and making the images was a lot of fun for the community me and the > Tazewell had on one of the particular weblogs concerned at the time, which > is always a bonus. > > On 8/17/06, Charlie Arehart <[EMAIL PROTECTED]> wrote: > >>> - see footer for list info -< >>> >> I'd like to speak up in favor of captchas, whether graphic or not. As >> to the usability issues, there are indeed other approaches out there >> to the traditional graphic, and to those who decry how difficult they >> are to see, I'll note that most captcha tools offer the site owner a >> way to simplify the presentation. >> >> Now, if someone would argue that doing so makes it "easier to crack", >> or as some of those links below assert, they feel that "captchas are >> crap because all of them can be broken", I have a different argument >> entirely. >> >> I'm not talking about there use in a bank or other important site. >> Like many, I just want to use a captcha to limit random (and >> incessant) spam on my blog comments and feedback. Do I really need to >> worry that some spammer's going to take the time to try to "break in" >> to my site? >> >> Put it another way, I don't want to use a captcha as a double-key >> deadbolt door to keep out intruders. If they want to break in, they >> will, just like in a house. >> >> I simply want a screen door, to keep out the random pests. >> >> >> /charlie >> http://www.carehart.org/blog/ >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> [EMAIL PROTECTED] >> Sent: Thursday, August 17, 2006 6:52 AM >> To: 'Coldfusion Development' >> Subject: problems with using captchas (was [CF-Dev]: Help ..!) >> >> >>> - see footer for list info -< >>> >> I think its worth mentioning that as well as the accessibility issues >> with using Captchas >> >> http://www.w3.org/TR/turingtest/ >> >> http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html >> >> >> There are projects demonstrating how many popular captchas can be >> easily decoded.... >> >> http://www.cs.sfu.ca/~mori/research/gimpy/ >> >> http://sam.zoy.org/pwntcha/ >> >> I only mention this because there seems to be a false sense of >> security that accompanies using Captchas. >> >> Kola >> >> >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] [mailto:dev- >>> [EMAIL PROTECTED] On Behalf Of Paul Swingewood >>> Sent: 17 August 2006 08:37 >>> To: [email protected] >>> Subject: Re: [Spam] Re: [CF-Dev] Help ..! >>> >>> >>>> - see footer for list info -< >>>> >>> Er.... I dunno. I got a complaint that some bod further along the >>> chain >>> >> was >> >>> getting loads of emails and was asked to investigate ..... >>> >>> I have started to look at captcha but also thinking about writing my >>> own based on images and magic words - I need to stay as accessible >>> as >>> >> possible. >> >>> However these are all nicey things at present. I have so much to do >>> that this will have to sit on the back burner for a while. >>> >>> Thanks for your help and suggestions >>> >>> Regards - Paul >>> >>> >>> >>>> From: Damien Gallagher <[EMAIL PROTECTED]> >>>> Reply-To: Coldfusion Development <[email protected]> >>>> To: Coldfusion Development <[email protected]> >>>> Subject: Re: [Spam] Re: [CF-Dev] Help ..! >>>> Date: Thu, 17 Aug 2006 09:21:52 +0100 >>>> >>>> >>>>> - see footer for list info -< >>>>> >>>> Out of interest, what are they getting out of submitting, say, a >>>> feedback form loads of times? >>>> >>>> >>>> >>>> Rich Wild wrote: >>>> >>>> >>>>>> - see footer for list info -< >>>>>> >>>>> oh, I see, that's what a captcha is.. >>>>> >>>>> God I'm so old, I can't keep up with these new fangled wizbits. >>>>> >>>>> Anyway, if like me, you're not a fan of plugging other people's >>>>> things into your site without knowing what they do, that's >>>>> basically the theory. >>>>> >>>>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: >>>>> >>>>> >>>>>> "The only difficulty would this is get-aroundable by bots, >>>>>> assuming any bot writer cares enough about your site to spend the >>>>>> time rewriting >>>>>> >> their >> >>>>>> bot to regex your form field to get the magic word." >>>>>> >>>>>> Aha - so don't use words, use images. >>>>>> >>>>>> I've done this before, and its a little fiddly, but practically >>>>>> 100% >>>>>> >> spam >> >>>>>> safe. >>>>>> >>>>>> On the page hit, read a directory full of images that have magic >>>>>> words written on them, the file called the same as the magic word. >>>>>> >>>>>> Get a random one of those filenames: >>>>>> <cfset session.secureImageName = qryImageNames.name[randrange(1, >>>>>> qryImageNames.recordcount)]> >>>>>> >>>>>> set that to a session and display the image in the form - >>>>>> however, >>>>>> >> don't >> >>>>>> display it using simple <img src="images/secureImages/HYU78.jpg"> >>>>>> >>>>>> instead, use a CF page that serves up an image with the >>>>>> appropriate mimetype using cfcontent >>>>>> >>>>>> <img src="serveSecureImage.cfm"> >>>>>> >>>>>> In serveSecureImage.cfm, you read the session variable ( >>>>>> session.secureImageName ) you set before and return that using >>>>>> >> cfcontent. >> >>>>>> This means that bots can't simply read the html on the page and >>>>>> find >>>>>> >> the >> >>>>>> filename and use that in the input as the magic word. >>>>>> >>>>>> Alternatively, use an image making tag to write a randomly pulled >>>>>> magic word from a database or equivalent and simply serve that - >>>>>> this way >>>>>> >> just >> >>>>>> stops you having to have a directory full of images, but I had >>>>>> fun >>>>>> >> making >> >>>>>> those. >>>>>> >>>>>> If the magic word posted in the form don't fit the served image - >>>>>> don't send the mail! >>>>>> >>>>>> Richio McStitchio >>>>>> Chief Neckchief >>>>>> http://www.theideasbarn.com >>>>>> >>>>>> >>>>>> >>>>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>>>> - see footer for list info -< >>>>>>>> >>>>>>> I'm not a fan of captchas. Generally inacessible, unless you >>>>>>> also >>>>>>> >>>>>> make >>>>>> >>>>>>> an audio version available, and even then not the nicest hoop >>>>>>> to >>>>>>> >> make >> >>>>>> users >>>>>> >>>>>>> jump through. >>>>>>> >>>>>>> One method I've seen elsewhere, but haven't used myself, is an >>>>>>> additional input box: >>>>>>> The magic word is blah. Please enter the magic word. >>>>>>> >>>>>>> The only place I've seen this method is the mysociety sites, e.g: >>>>>>> http://www.mysociety.org/?p=103 >>>>>>> >>>>>>> The only difficulty would this is get-aroundable by bots, >>>>>>> assuming >>>>>>> >> any >> >>>>>>> bot writer cares enough about your site to spend the time >>>>>>> rewriting >>>>>>> >>>>>> their >>>>>> >>>>>>> bot to regex your form field to get the magic word. >>>>>>> >>>>>>> >>>>>>> Duncan Cumming >>>>>>> New Media Developer >>>>>>> Customer Relations Management / Education Fife Council 700 >>>>>>> 4105 / 01592 414105 >>>>>>> >>>>>>> >>>>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> >>>>>>>>>> >>>>>>>> - see footer for list info -< >>>>>>>> >>>>>>> Hi all. >>>>>>> >>>>>>> I have a contact form which submits an email (cfmail) The form >>>>>>> is being hit by a web bot and sent hundreds of times >>>>>>> >>>>>>> Is there any way I can stop this? >>>>>>> >>>>>>> regards - paul >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> >>>>>>> For details on ALL mailing lists and for joining or leaving >>>>>>> lists, >>>>>>> >> go >> >>>>>> to >>>>>> >>>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo >>>>>>> >>>>>>> -- >>>>>>> CFDeveloper Sponsors:- >>>>>>> >>>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>>>>>>> - Lists hosted by www.Gradwell.com -< >>>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >>>>>>>> your >>>>>>>> >>>>>> help >>>>>> >>>>>>> -< >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>> ******************************************************************** >>> ** >>> >>>>>>> This email and any files transmitted with it are confidential >>>>>>> and intended solely for the use of the individual or entity to >>>>>>> whom they >>>>>>> >>>>>> are >>>>>> >>>>>>> addressed and should not be disclosed to any other party. >>>>>>> If you have received this email in error please notify your >>>>>>> system manager and the sender of this message. >>>>>>> >>>>>>> This email message has been swept for the presence of computer >>>>>>> >> viruses >> >>>>>>> but no guarantee is given that this e-mail message and any >>>>>>> >> attachments >> >>>>>> are >>>>>> >>>>>>> free from viruses. >>>>>>> >>>>>>> Fife Council >>>>>>> Tel: 08451 55 00 00 >>>>>>> ************************************************ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> >>>>>>> For details on ALL mailing lists and for joining or leaving >>>>>>> lists, >>>>>>> >> go >> >>>>>> to >>>>>> >>>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo >>>>>>> >>>>>>> -- >>>>>>> CFDeveloper Sponsors:- >>>>>>> >>>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>>>>>>> - Lists hosted by www.Gradwell.com -< >>>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >>>>>>>> your >>>>>>>> >>>>>> help >>>>>> >>>>>>> -< >>>>>>> >>>>>>> >>>>>> >>>>> _______________________________________________ >>>>> >>>>> For details on ALL mailing lists and for joining or leaving lists, >>>>> go to http://list.cfdeveloper.co.uk/mailman/listinfo >>>>> >>>>> -- >>>>> CFDeveloper Sponsors:- >>>>> >>>>> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>>>>> - Lists hosted by www.Gradwell.com -< >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >>>>>> your help -< >>>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> >>>> For details on ALL mailing lists and for joining or leaving lists, >>>> go to http://list.cfdeveloper.co.uk/mailman/listinfo >>>> >>>> -- >>>> CFDeveloper Sponsors:- >>>> >>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>>>> - Lists hosted by www.Gradwell.com -< >>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >>>>> help >>>>> >> -< >> >>> _______________________________________________ >>> >>> For details on ALL mailing lists and for joining or leaving lists, >>> go to http://list.cfdeveloper.co.uk/mailman/listinfo >>> >>> -- >>> CFDeveloper Sponsors:- >>> >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>>> - Lists hosted by www.Gradwell.com -< >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >>>> help >>>> >> -< >> >> >> >> _______________________________________________ >> >> For details on ALL mailing lists and for joining or leaving lists, go >> to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> -- >> CFDeveloper Sponsors:- >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>> - Lists hosted by www.Gradwell.com -< >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >>> help -< >>> >> _______________________________________________ >> >> For details on ALL mailing lists and for joining or leaving lists, go >> to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> -- >> CFDeveloper Sponsors:- >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >>> - Lists hosted by www.Gradwell.com -< >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >>> help >>> >> -< >> >> > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> - Lists hosted by www.Gradwell.com -< >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your help >> -< >> > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> - Lists hosted by www.Gradwell.com -< >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< >> > > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
_______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< - Lists hosted by www.Gradwell.com -< - CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
