On Wed, Dec 15, 2010 at 3:36 PM, Carlos Macedo Gomes < powerofpri...@gmail.com> wrote:
> Unfortunately, attacks against CAPTCHAs aren't limited to sw bots: > http://www.technologyreview.com/blog/mimssbits/25594/ > <snip from above> > "How Spammers Use Low-cost Labor to Solve CAPTCHAS > Workers in Russia, Southeast Asia, and China are paid a pittance to solve > millions of CAPTCHAS. > CHRISTOPHER MIMS 08/11/2010" > </snip> > > ymmv, > C.G. > > On Wed, Dec 15, 2010 at 3:27 PM, Lisa Kachold <lisakach...@obnosis.com> > wrote: > > > > On most of my production Drupal sites, I CANNOT even enable comments. > It's a sad day when one cannot have a login based access that is not hit by > SPAM bots? > > > <snip> > OMG, surely you realize that most of the "free" php captcha tools contain web layer write or sql injection exploits? Many can also be broken: http://www.puremango.co.uk/2005/11/breaking_captcha_115/ Google your script (that's what the script kiddies do)! SEC CHECK your installation; DMZ exclude all web systems from internal networks. -- (503) 754-4452 (623) 688-3392 http://www.it-clowns.com | http://www.obnosis.com
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss