Comments on: Captcha is failing! Is there another way http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/ Start-ups, Maps and Local Search in New Zealand Wed, 19 Nov 2008 16:17:20 +0000 http://wordpress.org/?v=2.6 By: Shoaib http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1033 Shoaib Sat, 24 Nov 2007 12:07:37 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1033 hxxp://shoaib.no-ip.org/iptables.sh that should cover pretty much all of new zealand :) hxxp://shoaib.no-ip.org/iptables.sh

that should cover pretty much all of new zealand :)

]]> By: john http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1030 john Sat, 24 Nov 2007 06:42:57 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1030 Iptables is too much work. I've done that before to stop spammers hammering my box. Regarded too much work. We have a email validation, its still not stopping registrations. The new captcha seems to be working as I've had no spam registrations since. fingers crossed. John Iptables is too much work. I’ve done that before to stop spammers hammering my box. Regarded too much work.

We have a email validation, its still not stopping registrations.

The new captcha seems to be working as I’ve had no spam registrations since. fingers crossed.

John

]]> By: Shoaib http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1029 Shoaib Fri, 23 Nov 2007 21:04:27 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1029 iptables ftw! iptables ftw!

]]> By: john http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1028 john Thu, 22 Nov 2007 23:53:00 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1028 Hmmm Google groups is sounding appealing... I installed a more advanced captcha and hopefully that will offset the default actions to stop the scripts from doing their thing... Hmmm Google groups is sounding appealing…

I installed a more advanced captcha and hopefully that will offset the default actions to stop the scripts from doing their thing…

]]> By: M Freitas http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1027 M Freitas Thu, 22 Nov 2007 23:52:01 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1027 In addition to hidden form (which should be discarded if filled because humans wouldn't do it), try doing a different thing: people should enter their email addresses requesting to join... Send an encoded URL containing the email address. Whe the actual registration comes in check that the e-mail used matches the one in the encoded URL. This is what I do on Geekzone and simply reduces spammers a lot... In addition to hidden form (which should be discarded if filled because humans wouldn’t do it), try doing a different thing: people should enter their email addresses requesting to join… Send an encoded URL containing the email address. Whe the actual registration comes in check that the e-mail used matches the one in the encoded URL. This is what I do on Geekzone and simply reduces spammers a lot…

]]> By: Stephen Judd http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1026 Stephen Judd Thu, 22 Nov 2007 22:05:09 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1026 Another angle: just set up a Google Group, and let them deal with it... Another angle: just set up a Google Group, and let them deal with it…

]]> By: Stephen Judd http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1025 Stephen Judd Thu, 22 Nov 2007 21:17:26 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1025 This may be useful to you: http://www.codinghorror.com/blog/archives/001001.html Basically, some captchas simply suck and are susceptible to automated OCR - others don't and aren't. FWIW, other strategies include: - multiple forms hidden by Javascript/CSS (don't allow users that post to the hidden form) - change default variable names - charge default posting URLs - add extra steps, eg mandatory preview - queue the first comment from a new user for moderation There's no solution that doesn't involve customisation - automated attackers focus their efforts on "out of the box" configurations. This may be useful to you:

http://www.codinghorror.com/blog/archives/001001.html

Basically, some captchas simply suck and are susceptible to automated OCR - others don’t and aren’t.

FWIW, other strategies include:
- multiple forms hidden by Javascript/CSS (don’t allow users that post to the hidden form)
- change default variable names
- charge default posting URLs
- add extra steps, eg mandatory preview
- queue the first comment from a new user for moderation

There’s no solution that doesn’t involve customisation - automated attackers focus their efforts on “out of the box” configurations.

]]> By: john http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1024 john Thu, 22 Nov 2007 20:16:05 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1024 We're using the defualt captcha as installed by phpBB. I'm note sure if we can overload it with something else. We’re using the defualt captcha as installed by phpBB. I’m note sure if we can overload it with something else.

]]> By: kirill volkov http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1023 kirill volkov Thu, 22 Nov 2007 20:15:44 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1023 Have you seen this article (Has CAPTCHA Been "Broken"?): http://www.codinghorror.com/blog/archives/001001.html It gives good comparison of different captchas. Have you seen this article (Has CAPTCHA Been “Broken”?): http://www.codinghorror.com/blog/archives/001001.html
It gives good comparison of different captchas.

]]> By: Glen Barnes http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1020 Glen Barnes Thu, 22 Nov 2007 19:43:10 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-1020 What type of CAPTCHA are you using? I was wondering if you have tried the RE-CAPTCHA as I wanted to see if this was any better (digitise books AND hopefully stop SPAM). What type of CAPTCHA are you using? I was wondering if you have tried the RE-CAPTCHA as I wanted to see if this was any better (digitise books AND hopefully stop SPAM).

]]>