>- see footer for list info -< A job for you then Gary, write cf_WallyCaptcha :-)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Sent: 18 August 2006 14:50 To: Coldfusion Development Subject: Re: problems with using captchas (was [CF-Dev]: Help ..!) >- see footer for list info -< Wouldn't pictures of objects in a captcha be far more difficult for bots to crack? e.g. you have to type in the names of 2 or 3 items in the captcha which vary each time. Random shapes and blobs are thrown in with some overlapping. Some examples for each visit: 1) cow, dog 2) car, house, truck 3) chair, mouse 4) train, plane A library of different styles of images will stop bots learning each object, plus a bit of "Where's Wally" will make it very tough for bots. Just an idea. Gary. On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote: > > >- see footer for list info -< > As Kola mentioned, there are serious accessibility issues with a > visual captcha... it's utterly unusable for a blind person. > > "To reframe the problem, text is easy to manipulate, which is good for > assistive technologies, but just as good for robots. So, a logical > means of trying to solve this problem is to offer another non-textual > method of using the same content. Hotmail serves a sound file that can > be listened to if the visual verification is not suitable for the user." > http://www.w3.org/TR/turingtest/#sound -- it would be a very useful > web service if anyone were to develop it, visual/audio captcha... > > Like your idea Dom, anyone got an answer? > > d > > Snake wrote: > >> - see footer for list info -< > >> > > Well it has certainly stopped the pests on our contact and feedback > pages. I > > can't imagine anyone is going to bother cracking your captcha > > protection unless it is a really worthwhile cause, and on most > > sites, why would it > be, > > all that effort just just to send spam to one person? > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rich Wild > > Sent: 17 August 2006 19:54 > > To: Coldfusion Development > > Subject: Re: problems with using captchas (was [CF-Dev]: Help ..!) > > > > > >> - see footer for list info -< > >> > > I guess that's the main crux. For weblogs (arguably the main > > victims) they're terrific and I will stand up and defend them till > > the cows come home. > > > > ...and making the images was a lot of fun for the community me and > > the Tazewell had on one of the particular weblogs concerned at the > > time, > which > > is always a bonus. > > > > On 8/17/06, Charlie Arehart <[EMAIL PROTECTED]> wrote: > > > >>> - see footer for list info -< > >>> > >> I'd like to speak up in favor of captchas, whether graphic or not. > >> As to the usability issues, there are indeed other approaches out > >> there to the traditional graphic, and to those who decry how > >> difficult they are to see, I'll note that most captcha tools offer > >> the site owner a way to simplify the presentation. > >> > >> Now, if someone would argue that doing so makes it "easier to > >> crack", or as some of those links below assert, they feel that > >> "captchas are crap because all of them can be broken", I have a > >> different argument entirely. > >> > >> I'm not talking about there use in a bank or other important site. > >> Like many, I just want to use a captcha to limit random (and > >> incessant) spam on my blog comments and feedback. Do I really need > >> to worry that some spammer's going to take the time to try to "break in" > >> to my site? > >> > >> Put it another way, I don't want to use a captcha as a double-key > >> deadbolt door to keep out intruders. If they want to break in, they > >> will, just like in a house. > >> > >> I simply want a screen door, to keep out the random pests. > >> > >> > >> /charlie > >> http://www.carehart.org/blog/ > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of > >> [EMAIL PROTECTED] > >> Sent: Thursday, August 17, 2006 6:52 AM > >> To: 'Coldfusion Development' > >> Subject: problems with using captchas (was [CF-Dev]: Help ..!) > >> > >> > >>> - see footer for list info -< > >>> > >> I think its worth mentioning that as well as the accessibility > >> issues with using Captchas > >> > >> http://www.w3.org/TR/turingtest/ > >> > >> http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html > >> > >> > >> There are projects demonstrating how many popular captchas can be > >> easily decoded.... > >> > >> http://www.cs.sfu.ca/~mori/research/gimpy/ > >> > >> http://sam.zoy.org/pwntcha/ > >> > >> I only mention this because there seems to be a false sense of > >> security that accompanies using Captchas. > >> > >> Kola > >> > >> > >> > >>> -----Original Message----- > >>> From: [EMAIL PROTECTED] [mailto:dev- > >>> [EMAIL PROTECTED] On Behalf Of Paul Swingewood > >>> Sent: 17 August 2006 08:37 > >>> To: [email protected] > >>> Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >>> > >>> > >>>> - see footer for list info -< > >>>> > >>> Er.... I dunno. I got a complaint that some bod further along the > >>> chain > >>> > >> was > >> > >>> getting loads of emails and was asked to investigate ..... > >>> > >>> I have started to look at captcha but also thinking about writing > >>> my own based on images and magic words - I need to stay as > >>> accessible as > >>> > >> possible. > >> > >>> However these are all nicey things at present. I have so much to > >>> do that this will have to sit on the back burner for a while. > >>> > >>> Thanks for your help and suggestions > >>> > >>> Regards - Paul > >>> > >>> > >>> > >>>> From: Damien Gallagher <[EMAIL PROTECTED]> > >>>> Reply-To: Coldfusion Development <[email protected]> > >>>> To: Coldfusion Development <[email protected]> > >>>> Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >>>> Date: Thu, 17 Aug 2006 09:21:52 +0100 > >>>> > >>>> > >>>>> - see footer for list info -< > >>>>> > >>>> Out of interest, what are they getting out of submitting, say, a > >>>> feedback form loads of times? > >>>> > >>>> > >>>> > >>>> Rich Wild wrote: > >>>> > >>>> > >>>>>> - see footer for list info -< > >>>>>> > >>>>> oh, I see, that's what a captcha is.. > >>>>> > >>>>> God I'm so old, I can't keep up with these new fangled wizbits. > >>>>> > >>>>> Anyway, if like me, you're not a fan of plugging other people's > >>>>> things into your site without knowing what they do, that's > >>>>> basically the theory. > >>>>> > >>>>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > >>>>> > >>>>> > >>>>>> "The only difficulty would this is get-aroundable by bots, > >>>>>> assuming any bot writer cares enough about your site to spend > >>>>>> the time rewriting > >>>>>> > >> their > >> > >>>>>> bot to regex your form field to get the magic word." > >>>>>> > >>>>>> Aha - so don't use words, use images. > >>>>>> > >>>>>> I've done this before, and its a little fiddly, but practically > >>>>>> 100% > >>>>>> > >> spam > >> > >>>>>> safe. > >>>>>> > >>>>>> On the page hit, read a directory full of images that have > >>>>>> magic words written on them, the file called the same as the magic word. > >>>>>> > >>>>>> Get a random one of those filenames: > >>>>>> <cfset session.secureImageName = > >>>>>> qryImageNames.name[randrange(1, qryImageNames.recordcount)]> > >>>>>> > >>>>>> set that to a session and display the image in the form - > >>>>>> however, > >>>>>> > >> don't > >> > >>>>>> display it using simple <img > >>>>>> src="images/secureImages/HYU78.jpg"> > >>>>>> > >>>>>> instead, use a CF page that serves up an image with the > >>>>>> appropriate mimetype using cfcontent > >>>>>> > >>>>>> <img src="serveSecureImage.cfm"> > >>>>>> > >>>>>> In serveSecureImage.cfm, you read the session variable ( > >>>>>> session.secureImageName ) you set before and return that using > >>>>>> > >> cfcontent. > >> > >>>>>> This means that bots can't simply read the html on the page and > >>>>>> find > >>>>>> > >> the > >> > >>>>>> filename and use that in the input as the magic word. > >>>>>> > >>>>>> Alternatively, use an image making tag to write a randomly > >>>>>> pulled magic word from a database or equivalent and simply > >>>>>> serve that - this way > >>>>>> > >> just > >> > >>>>>> stops you having to have a directory full of images, but I had > >>>>>> fun > >>>>>> > >> making > >> > >>>>>> those. > >>>>>> > >>>>>> If the magic word posted in the form don't fit the served image > >>>>>> - don't send the mail! > >>>>>> > >>>>>> Richio McStitchio > >>>>>> Chief Neckchief > >>>>>> http://www.theideasbarn.com > >>>>>> > >>>>>> > >>>>>> > >>>>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > >>>>>> > >>>>>>>> - see footer for list info -< > >>>>>>>> > >>>>>>> I'm not a fan of captchas. Generally inacessible, unless you > >>>>>>> also > >>>>>>> > >>>>>> make > >>>>>> > >>>>>>> an audio version available, and even then not the nicest hoop > >>>>>>> to > >>>>>>> > >> make > >> > >>>>>> users > >>>>>> > >>>>>>> jump through. > >>>>>>> > >>>>>>> One method I've seen elsewhere, but haven't used myself, is an > >>>>>>> additional input box: > >>>>>>> The magic word is blah. Please enter the magic word. > >>>>>>> > >>>>>>> The only place I've seen this method is the mysociety sites, e.g: > >>>>>>> http://www.mysociety.org/?p=103 > >>>>>>> > >>>>>>> The only difficulty would this is get-aroundable by bots, > >>>>>>> assuming > >>>>>>> > >> any > >> > >>>>>>> bot writer cares enough about your site to spend the time > >>>>>>> rewriting > >>>>>>> > >>>>>> their > >>>>>> > >>>>>>> bot to regex your form field to get the magic word. > >>>>>>> > >>>>>>> > >>>>>>> Duncan Cumming > >>>>>>> New Media Developer > >>>>>>> Customer Relations Management / Education Fife Council 700 > >>>>>>> 4105 / 01592 414105 > >>>>>>> > >>>>>>> > >>>>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > >>>>>>>>>> > >>>>>>>> - see footer for list info -< > >>>>>>>> > >>>>>>> Hi all. > >>>>>>> > >>>>>>> I have a contact form which submits an email (cfmail) The form > >>>>>>> is being hit by a web bot and sent hundreds of times > >>>>>>> > >>>>>>> Is there any way I can stop this? > >>>>>>> > >>>>>>> regards - paul > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> > >>>>>>> For details on ALL mailing lists and for joining or leaving > >>>>>>> lists, > >>>>>>> > >> go > >> > >>>>>> to > >>>>>> > >>>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >>>>>>> > >>>>>>> -- > >>>>>>> CFDeveloper Sponsors:- > >>>>>>> > >>>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>>>>>> - Lists hosted by www.Gradwell.com -< > >>>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >>>>>>>> your > >>>>>>>> > >>>>>> help > >>>>>> > >>>>>>> -< > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>> ****************************************************************** > >>> ** > >>> ** > >>> > >>>>>>> This email and any files transmitted with it are confidential > >>>>>>> and intended solely for the use of the individual or entity to > >>>>>>> whom they > >>>>>>> > >>>>>> are > >>>>>> > >>>>>>> addressed and should not be disclosed to any other party. > >>>>>>> If you have received this email in error please notify your > >>>>>>> system manager and the sender of this message. > >>>>>>> > >>>>>>> This email message has been swept for the presence of computer > >>>>>>> > >> viruses > >> > >>>>>>> but no guarantee is given that this e-mail message and any > >>>>>>> > >> attachments > >> > >>>>>> are > >>>>>> > >>>>>>> free from viruses. > >>>>>>> > >>>>>>> Fife Council > >>>>>>> Tel: 08451 55 00 00 > >>>>>>> ************************************************ > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> > >>>>>>> For details on ALL mailing lists and for joining or leaving > >>>>>>> lists, > >>>>>>> > >> go > >> > >>>>>> to > >>>>>> > >>>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >>>>>>> > >>>>>>> -- > >>>>>>> CFDeveloper Sponsors:- > >>>>>>> > >>>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>>>>>> - Lists hosted by www.Gradwell.com -< > >>>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >>>>>>>> your > >>>>>>>> > >>>>>> help > >>>>>> > >>>>>>> -< > >>>>>>> > >>>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> > >>>>> For details on ALL mailing lists and for joining or leaving > >>>>> lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > >>>>> > >>>>> -- > >>>>> CFDeveloper Sponsors:- > >>>>> > >>>>> > >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>>>> - Lists hosted by www.Gradwell.com -< > >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >>>>>> your help -< > >>>>>> > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> > >>>> For details on ALL mailing lists and for joining or leaving > >>>> lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > >>>> > >>>> -- > >>>> CFDeveloper Sponsors:- > >>>> > >>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>>> - Lists hosted by www.Gradwell.com -< > >>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >>>>> your help > >>>>> > >> -< > >> > >>> _______________________________________________ > >>> > >>> For details on ALL mailing lists and for joining or leaving lists, > >>> go to http://list.cfdeveloper.co.uk/mailman/listinfo > >>> > >>> -- > >>> CFDeveloper Sponsors:- > >>> > >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>>> - Lists hosted by www.Gradwell.com -< > >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >>>> your help > >>>> > >> -< > >> > >> > >> > >> _______________________________________________ > >> > >> For details on ALL mailing lists and for joining or leaving lists, > >> go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >> -- > >> CFDeveloper Sponsors:- > >> > >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> - Lists hosted by www.Gradwell.com -< > >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>> help -< > >>> > >> _______________________________________________ > >> > >> For details on ALL mailing lists and for joining or leaving lists, > >> go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >> -- > >> CFDeveloper Sponsors:- > >> > >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >>> - Lists hosted by www.Gradwell.com -< > >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >>> help > >>> > >> -< > >> > >> > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, > > go to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > > > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> - Lists hosted by www.Gradwell.com -< > >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help -< > >> > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, > > go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > > > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> - Lists hosted by www.Gradwell.com -< > >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help > -< > >> > > > > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help > -< > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
