| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "David Fetter" <david(at)fetter(dot)org>, "PostgreSQL WWW" <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: human validation on post comments |
| Date: | 2006-03-21 13:42:01 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCEA3519D@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
> > > I have been integrating a component that will ask the
> user to enter
> > > the word in a dynamic image before their comments can be
> submitted.
> >
> > Terrific! I'm sure the people who clear the comments will
> have nice
> > things to say.
> >
> > The image is generated dynamically? That's good -- the spammers
> > are already working on systems that harvest static images
> from sites
> > and match them against a database. Grrrr.
>
> Actually, they've already got one, and here's how it works:
>
> 1. Put up a free porn site.
> 2. Present somebody else's capcha image as an entry.
> 3. Let the person see the porn if they've correctly cracked the
> capcha.
> 4. Spam site.
>
> The sad part of this one is that they don't have to crack any
> single capcha system. Instead, they've cracked the entire
> capcha process.
I don't know how this particular system is set up, but how can they
defeat something like:
* Fill in form data. Submit
* Generate verification page containing an image. Along with the code,
store the hash of the form data.
* Validate the image against the hash of the data.
Means you need to put in all your data in the form beforehand, so you
have to tailor one page to each set of contenst. Or am I thinking
completely wrong here :-)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2006-03-21 14:50:01 | FW: Undeliverable:Re: [PERFORM] Auto performance tuning? |
| Previous Message | Dave Page | 2006-03-21 08:43:09 | Re: human validation on post comments |