Comments on: Captcha is failing! Is there another way http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/ Specialist Technology Consulting Tue, 30 Aug 2011 23:58:08 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Shoaib http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-123 Shoaib Sat, 24 Nov 2007 12:07:37 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-123 hxxp://shoaib.no-ip.org/iptables.sh that should cover pretty much all of new zealand :) hxxp://shoaib.no-ip.org/iptables.sh

that should cover pretty much all of new zealand :)

]]> By: john http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-122 john Sat, 24 Nov 2007 06:42:57 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-122 Iptables is too much work. I've done that before to stop spammers hammering my box. Regarded too much work. We have a email validation, its still not stopping registrations. The new captcha seems to be working as I've had no spam registrations since. fingers crossed. John Iptables is too much work. I’ve done that before to stop spammers hammering my box. Regarded too much work.

We have a email validation, its still not stopping registrations.

The new captcha seems to be working as I’ve had no spam registrations since. fingers crossed.

John

]]> By: Shoaib http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-121 Shoaib Fri, 23 Nov 2007 21:04:27 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-121 iptables ftw! iptables ftw!

]]> By: john http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-120 john Thu, 22 Nov 2007 23:53:00 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-120 Hmmm Google groups is sounding appealing... I installed a more advanced captcha and hopefully that will offset the default actions to stop the scripts from doing their thing... Hmmm Google groups is sounding appealing…

I installed a more advanced captcha and hopefully that will offset the default actions to stop the scripts from doing their thing…

]]> By: M Freitas http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-119 M Freitas Thu, 22 Nov 2007 23:52:01 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-119 In addition to hidden form (which should be discarded if filled because humans wouldn't do it), try doing a different thing: people should enter their email addresses requesting to join... Send an encoded URL containing the email address. Whe the actual registration comes in check that the e-mail used matches the one in the encoded URL. This is what I do on Geekzone and simply reduces spammers a lot... In addition to hidden form (which should be discarded if filled because humans wouldn’t do it), try doing a different thing: people should enter their email addresses requesting to join… Send an encoded URL containing the email address. Whe the actual registration comes in check that the e-mail used matches the one in the encoded URL. This is what I do on Geekzone and simply reduces spammers a lot…

]]> By: Stephen Judd http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-118 Stephen Judd Thu, 22 Nov 2007 22:05:09 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-118 Another angle: just set up a Google Group, and let them deal with it... Another angle: just set up a Google Group, and let them deal with it…

]]> By: Stephen Judd http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-117 Stephen Judd Thu, 22 Nov 2007 21:17:26 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-117 This may be useful to you: http://www.codinghorror.com/blog/archives/001001.html Basically, some captchas simply suck and are susceptible to automated OCR - others don't and aren't. FWIW, other strategies include: - multiple forms hidden by Javascript/CSS (don't allow users that post to the hidden form) - change default variable names - charge default posting URLs - add extra steps, eg mandatory preview - queue the first comment from a new user for moderation There's no solution that doesn't involve customisation - automated attackers focus their efforts on "out of the box" configurations. This may be useful to you:

http://www.codinghorror.com/blog/archives/001001.html

Basically, some captchas simply suck and are susceptible to automated OCR – others don’t and aren’t.

FWIW, other strategies include:
- multiple forms hidden by Javascript/CSS (don’t allow users that post to the hidden form)
- change default variable names
- charge default posting URLs
- add extra steps, eg mandatory preview
- queue the first comment from a new user for moderation

There’s no solution that doesn’t involve customisation – automated attackers focus their efforts on “out of the box” configurations.

]]> By: john http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-116 john Thu, 22 Nov 2007 20:16:05 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-116 We're using the defualt captcha as installed by phpBB. I'm note sure if we can overload it with something else. We’re using the defualt captcha as installed by phpBB. I’m note sure if we can overload it with something else.

]]> By: kirill volkov http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-115 kirill volkov Thu, 22 Nov 2007 20:15:44 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-115 Have you seen this article (Has CAPTCHA Been "Broken"?): http://www.codinghorror.com/blog/archives/001001.html It gives good comparison of different captchas. Have you seen this article (Has CAPTCHA Been “Broken”?): http://www.codinghorror.com/blog/archives/001001.html
It gives good comparison of different captchas.

]]> By: Glen Barnes http://www.projectx.co.nz/2007/11/captcha-is-failing-is-there-another-way/comment-page-1/#comment-114 Glen Barnes Thu, 22 Nov 2007 19:43:10 +0000 http://blog.projectxtech.com/2007/11/23/captcha-is-failing-is-there-another-way/#comment-114 What type of CAPTCHA are you using? I was wondering if you have tried the RE-CAPTCHA as I wanted to see if this was any better (digitise books AND hopefully stop SPAM). What type of CAPTCHA are you using? I was wondering if you have tried the RE-CAPTCHA as I wanted to see if this was any better (digitise books AND hopefully stop SPAM).

]]>