From: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
---|---|
To: | "David Fetter" <david(at)fetter(dot)org> |
Cc: | "PostgreSQL WWW" <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: human validation on post comments |
Date: | 2006-03-21 17:23:05 |
Message-ID: | E7F85A1B5FF8D44C8A1AF6885BC9A0E4011C9697@ratbert.vale-housing.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
> -----Original Message-----
> From: David Fetter [mailto:david(at)fetter(dot)org]
> Sent: 21 March 2006 17:16
> To: Dave Page
> Cc: PostgreSQL WWW
> Subject: Re: [pgsql-www] human validation on post comments
>
> I see I didn't explain it well enough. Here's the flow:
>
> 1. Spammer generates spam and queues it up for sites.
> 2. A person arrives at the porn site.
> 3. The spam system generates a request including the spam to the
> target site. Clock starts ticking.
> 4. The spam system presents the resulting capcha to the porn surfer.
> Less than a second has elapsed.
> 5. Porn surfer types in the string as asked. Time elapsed is
> probably still under 5 seconds.
> 6. Spam system sends the string to the target site. Time elapsed is
> under 10 seconds for >90% of cases.
Ahh, gotcha.
>
> > > But apart from its ineffectiveness on spammers, as others have
> > > mentioned, capcha excludes blind people. :(
> >
> > Yes - it's a shame none of us thought about it when Gevik was
> > originally working on it.
> >
> > There is the audio option I suggested which Paypal use IIRC -
> > alternatively we could use some sort of puzzle - such as 'enter the
> > third, second from last and 2nd character from this string'.
>
> That lends itself to exactly the same attack I sketched out above.
Undoubtedley, but unless they write something specifically to work with
our site which is a lot of effort... And all we do then is fall back to
how things are now until we've broken whatever they were doing by
modifying the regexps in the auto-reject code or re-jigged the puzzles.
Of course, doing any of this we mustn't make it too difficult for the
user to submit things.
Regards, Dave.
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Sabino Mullane | 2006-03-21 17:33:06 | Re: human validation on post comments |
Previous Message | David Fetter | 2006-03-21 17:16:01 | Re: human validation on post comments |