On Mar 12, 2006, at 5:53 PM, Daejuan Jacobs wrote:
Getting the image doesn't do much without the session ID. You should destory the session anyway. On 3/12/06, Kevin Ballard <[EMAIL PROTECTED]> wrote:On Mar 12, 2006, at 4:50 PM, Trejkaz wrote:You can get round CAPTCHAs too by re-serving the captcha images aslegitimate captchas on, say, your porn sites and feeding the punter'sresponse back to the spammed site. Even if you miss the timeout 9 times out of 10, there's always another punter.I'm not sure I follow you, but how does this allow a spammer to decodemy CAPTCHA in order to successfully post a comment?The spammer, who also runs a porn site, hits up your blog, sees your captcha, copies the image and re-serves it as the captcha for someone visiting his porn site. That unknowing person successfully deciphers the captcha, and the spammer takes the result and feeds it back to the blog.
-- Kevin Ballard [EMAIL PROTECTED] http://kevin.sb.org http://www.tildesoft.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Typo-list mailing list Typo-list@rubyforge.org http://rubyforge.org/mailman/listinfo/typo-list
