Thanks everyone for your comments and links to other resources. It's provided some very good reading on the topic, and some great insight.
Paul Morton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Arehart Sent: Wednesday, February 28, 2007 10:19 PM To: [email protected] Subject: RE: [ACFUG Discuss] OT: CAPTCHA Effectiveness This subject, of whether one should worry about someone trying to break a captcha on your own site, is something I blogged about: Captchas: making them simpler, and dialing down the angst against them <http://carehart.org/blog/client/index.cfm/2006/8/17/the_angst_against_captc has> I was making the point (which may address some of your concerns Paul) that the default captcha used by LylaCaptcha, which underlies BlogCFC, was just more complicated than it needed to be (which could be hurting bloggers whose sites were being protected by it). As I said there, my blog is not a bank, so I don't need to worry about people "breaking in" to leave me a spam comment. It's just not worth it to them. I just felt the captcha could be simplified without grave risk, based on the arguments in the entry above: Simplifying the captcha graphic in Lyla Captcha (and BlogCFC) <http://carehart.org/blog/client/index.cfm/2006/8/17/simplifying_lyla_in_blo gcfc> I used the analogy of putting on a screen door versus a double-key deadbolt. It seems my arguments made sense. Besides the favorable comments, soon after those entries, Ray changed the default in BlogCFC to use the simpler captcha I advocated. But for those using an older version, I offer the XML file to update it at: Want to simplify your Blogcfc (or other Lyla-based) captcha? Here's the XML file. <http://carehart.org/blog/client/index.cfm/2006/10/7/lyla_captcha_simplified _xml_file> As usual, my answer is more than you asked, Paul, but I hope it's helpful to you and others. /Charlie http://www.carehart.org/blog/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Morton Sent: Wednesday, February 28, 2007 1:11 PM To: [email protected] Subject: RE: [ACFUG Discuss] OT: CAPTCHA Effectiveness Thanks for the quick response Dean. I guess if you paid someone to fill out the forms manually, there is really no way to stop it, short of taking the form off line. Paul Morton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Wednesday, February 28, 2007 11:01 AM To: [email protected] Subject: Re: [ACFUG Discuss] OT: CAPTCHA Effectiveness CAPTCHA is easy to bypass, in general. If there is enough value you can do it programatically or pay poor people in developing countries to manually bypass CAPTCHA devices. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918 On Feb 28, 2007, at 12:35 PM, Paul Morton wrote: > Sorry about the off topic post, but I'm curious as to how effective > people have found CAPTCHA at stopping, or at least slowing down the > SPAM form hijacking on public pages? > > I have little experience on public sites as most of my development is > on intranet sites. > > Paul Morton > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
