Re: [PHP] send form by email with image spam controler
tedd wrote: Here's a few. http://webbytedd.com/aa/assorted-captcha/ BUT, all can be broke by a spammer. There is no solution. How about this one - http://jessen.ch/articles/captcha Well, of course it can be broken too - it's only a matter of money and time, both of which are critical to spammers. (for the moment it has a limited number of questions and only in English). /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] send form by email with image spam controler
How about this one - http://jessen.ch/articles/captcha Well, of course it can be broken too - it's only a matter of money and time, both of which are critical to spammers. (for the moment it has a limited number of questions and only in English). Interesting. How well does this work? I'm interested because I wrote a number to text converter which could be used as a CAPTCHA and it was eventually broken, so I resorted to the more traditional image based CAPTCHA. For example: Enter the following in numbers: Four thousand and twenty two. And of course the answer is 4022. -- Richard Heyes Employ me: http://www.phpguru.org/cv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] send form by email with image spam controler
Richard Heyes wrote: How about this one - http://jessen.ch/articles/captcha Well, of course it can be broken too - it's only a matter of money and time, both of which are critical to spammers. Interesting. How well does this work? Well - it's an idea I've had for a while, but I only just implemented it this morning. The key thing is that in order to read the question, you need to render the HTML in an engine or browser with javascript support. Just parsing the page won't help you. Like I said, it can be broken too (given sufficient effort). I'm interested because I wrote a number to text converter which could be used as a CAPTCHA and it was eventually broken, so I resorted to the more traditional image based CAPTCHA. For example: Enter the following in numbers: Four thousand and twenty two. And of course the answer is 4022. Did you use javascript to do that too? Seems to me it should work just as well as what I proposed. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] send form by email with image spam controler
On 9 Mar 2008, at 12:47, Per Jessen wrote: Richard Heyes wrote: How about this one - http://jessen.ch/articles/captcha Well, of course it can be broken too - it's only a matter of money and time, both of which are critical to spammers. Interesting. How well does this work? Well - it's an idea I've had for a while, but I only just implemented it this morning. The key thing is that in order to read the question, you need to render the HTML in an engine or browser with javascript support. Just parsing the page won't help you. Like I said, it can be broken too (given sufficient effort). It's not much effort - you just need to request a second URL after you've got the form. It's not hard and really doesn't really put anything more in the way of a bot than an image-based captcha. In fact I'd argue that parsing the text in your questions is significantly easier than doing OCR on an image. I'm interested because I wrote a number to text converter which could be used as a CAPTCHA and it was eventually broken, so I resorted to the more traditional image based CAPTCHA. For example: Enter the following in numbers: Four thousand and twenty two. And of course the answer is 4022. Did you use javascript to do that too? Seems to me it should work just as well as what I proposed. Text-based captchas will never be a big hurdle for bots. Anything you can convert from a number or numbers into text can also be parsed back to the numbers. Fact. The key thing to remember when securing a form is that if you do something that's never been seen before it's unlikely that the generic bots will be able to get past it. If someone decides to target your site then a text-based captcha will never be good enough, and chances are nothing you do will work. If someone is willing to put in the effort you've got no chance. As an example I used to have a simple text-based captcha on the comment form on my blog. It was pitifully simple to get past because all it asked you to do was type 'human' into a text box, but since my blog is not very popular it's not worth the bad guys investing time to mod their bots to get past it. I had zero spam comments while that was in place. I've since switched to Wordpress and I have to say that Akismet kicks the crap out of any captcha in terms of effectiveness. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] send form by email with image spam controler
Stut wrote: On 9 Mar 2008, at 12:47, Per Jessen wrote: Like I said, it can be broken too (given sufficient effort). It's not much effort - you just need to request a second URL after you've got the form. It's not hard and really doesn't really put anything more in the way of a bot than an image-based captcha. In fact I'd argue that parsing the text in your questions is significantly easier than doing OCR on an image. Ah, yes, I see what you mean. The key thing to remember when securing a form is that if you do something that's never been seen before it's unlikely that the generic bots will be able to get past it. Which will still get rid of most of the attacks. But then so will something that automatically monitors accesses to your form, and selective bans IP-addresses (e.g. after too many attempts during N minutes). If someone decides to target your site then a text-based captcha will never be good enough, and chances are nothing you do will work. If someone is willing to put in the effort you've got no chance. Absolutely. Same goes for encryption etc. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] send form by email with image spam controler
Hi, i would like to allow web site users to fill a form when they request information. the purpose is to have something standardized and later on to archive all those request into database. to avoid spammer, i was thinking to use a code image which change to each page refresh in order to be sure that user is human and not a simple robot :-) after that, all data should be sent by web site (maybe a particular email account or function) to email address [EMAIL PROTECTED] is there a simple way to do that or a better way ? moreover where could i find similar example ? especially about image checking... thx -- Alain Windows XP SP2 PostgreSQL 8.2.4 / MS SQL server 2005 Apache 2.2.4 PHP 5.2.4 C# 2005-2008
Re: [PHP] send form by email with image spam controler
Alain Roger wrote: Hi, i would like to allow web site users to fill a form when they request information. the purpose is to have something standardized and later on to archive all those request into database. to avoid spammer, i was thinking to use a code image which change to each page refresh in order to be sure that user is human and not a simple robot :-) after that, all data should be sent by web site (maybe a particular email account or function) to email address [EMAIL PROTECTED] is there a simple way to do that or a better way ? moreover where could i find similar example ? especially about image checking... http://en.wikipedia.org/wiki/Captcha http://www.recaptcha.org There are also simpler captchas - text-based for instance: What is 2 times 10 divided by four? /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] send form by email with image spam controler
At 10:08 AM +0100 3/8/08, Alain Roger wrote: Hi, i would like to allow web site users to fill a form when they request information. the purpose is to have something standardized and later on to archive all those request into database. to avoid spammer, i was thinking to use a code image which change to each page refresh in order to be sure that user is human and not a simple robot :-) after that, all data should be sent by web site (maybe a particular email account or function) to email address [EMAIL PROTECTED] is there a simple way to do that or a better way ? moreover where could i find similar example ? especially about image checking... Here's a few. http://webbytedd.com/aa/assorted-captcha/ BUT, all can be broke by a spammer. There is no solution. So, make it as simple as can be for those who have problems with that sort of thing. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php