Re: [WebDNA] Captcha question (and free code)

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103439
interpreted = N
texte = FWIW I've been able to kill form spam on my (admittedly low-traffic) site= s using a combination of=20 the "invisible form field (CSS)" and "frequently change the name of the p= age that the form submits=20 to" techniques. I haven't needed to use CAPTHA yet. -Dan On Tue, 25 Aug 2009 11:54:53 -0400 William DeVaul wrote: > Good stuff. Hackers attempt to solve all types of CAPTCHAs. They use > automated tools to read and solve problems (OCR) and can even pass > through a CAPTCHA to their own users to solve and pass back the > result. >=20 > My view of CAPTCHA is like the story about two friends and the bear. > The first friend looks at the other on spotting the bear and says "Do > you think you can out run the bear?" The second friend replies, "No, > but I only have to out run you." CAPTCHA is just a bit of deterrent > to keep the bear on the slower friend. The problem is that there are > enough hackers for all of us. >=20 > Bill >=20 > On Tue, Aug 25, 2009 at 10:43 AM, Kenneth Grome wro= te: >> Do hackers these days use scripts that: >> >> 1- read the content of a web page >> 2- extract strings like "two hundred eighty three" >> 3- convert them into numbers like "283" >> 4- enter these values into blank form fields >> >> ... so they can get past text-based captcha systems designed to preven= t >> forms from being submitted by hackers? >> >> Sincerely, >> Ken Grome >> >> >> >> P.S. I'm giving the code away free but I don't think file attachments = are >> allowed in this talk list so you'll have to get it from my website. Pl= ease >> do not redistribute this file without my permission, thanks: >> >> http://kengrome.com/downloads/captcha.tpl.zip >> >> Here's my description so you can figure out if it's worth downloading >> *before* you download: >> >> This captcha.tpl page creates a word-based captcha system entirely in = webdna >> with no cookies or database required. It displays a 6-digit number as = words. >> To answer the captcha challenge correctly the visitor must translate t= his >> value into corresponding numeric digits. >> >> Here's how to use this file: >> >> 1- Place this captcha.tpl file somewhere inside your web folder hierar= chy >> >> 2- Place an [include /path/to/captcha.tpl] tag at the top of the form = page >> you want to protect >> >> 3- Insert this hidden form field into the form: > name=3DcaptchaLookup value=3D[captchaLookup]> >> >> 4- Insert this text input field into the form: > name=3DcaptchaAnswer> >> >> 5- Place the [captchaWords] tag on the page wherever you want the >> "number-as-words" text to appear >> >> The first part of the system is done, now let's proceed with the secon= d >> part. Use these showif's on the page that receives the form post to >> determine whether or not the visitor typed the correct answer to the >> captchaAnswer field, then change what's inside the showif's to show th= e >> proper code based on the visitor's captcha answer: >> >> [code removed for clarity in this email] >> >> When you uncomment the following webdna comment section >> you can test this captcha system entirely within this file >> before installing it in your website: >> >> [code removed for clarity in this email] > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Bug Reporting: http://forum.webdna.us/eucabb.html?page=3Dtopics&categor= y=3D288 Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Captcha question (and free code) (Stuart Tremain 2009)
  2. Re: [WebDNA] Captcha question (and free code) (Donovan Brooke 2009)
  3. Re: [WebDNA] Captcha question (and free code) (Stuart Tremain 2009)
  4. Re: [WebDNA] Captcha question (and free code) (Stuart Tremain 2009)
  5. Re: [WebDNA] Captcha question (and free code) (Kenneth Grome 2009)
  6. Re: [WebDNA] Captcha question (and free code) (Clint Davis 2009)
  7. Re: [WebDNA] Captcha question (and free code) (Kenneth Grome 2009)
  8. Re: [WebDNA] Captcha question (and free code) ("Dan Strong" 2009)
  9. Re: [WebDNA] Captcha question (and free code) (William DeVaul 2009)
  10. Re: [WebDNA] Captcha question (and free code) (Kenneth Grome 2009)
  11. Re: [WebDNA] Captcha question (and free code) ( 2009)
  12. [WebDNA] Captcha question (and free code) (Kenneth Grome 2009)
FWIW I've been able to kill form spam on my (admittedly low-traffic) site= s using a combination of=20 the "invisible form field (CSS)" and "frequently change the name of the p= age that the form submits=20 to" techniques. I haven't needed to use CAPTHA yet. -Dan On Tue, 25 Aug 2009 11:54:53 -0400 William DeVaul wrote: > Good stuff. Hackers attempt to solve all types of CAPTCHAs. They use > automated tools to read and solve problems (OCR) and can even pass > through a CAPTCHA to their own users to solve and pass back the > result. >=20 > My view of CAPTCHA is like the story about two friends and the bear. > The first friend looks at the other on spotting the bear and says "Do > you think you can out run the bear?" The second friend replies, "No, > but I only have to out run you." CAPTCHA is just a bit of deterrent > to keep the bear on the slower friend. The problem is that there are > enough hackers for all of us. >=20 > Bill >=20 > On Tue, Aug 25, 2009 at 10:43 AM, Kenneth Grome wro= te: >> Do hackers these days use scripts that: >> >> 1- read the content of a web page >> 2- extract strings like "two hundred eighty three" >> 3- convert them into numbers like "283" >> 4- enter these values into blank form fields >> >> ... so they can get past text-based captcha systems designed to preven= t >> forms from being submitted by hackers? >> >> Sincerely, >> Ken Grome >> >> >> >> P.S. I'm giving the code away free but I don't think file attachments = are >> allowed in this Talk List so you'll have to get it from my website. Pl= ease >> do not redistribute this file without my permission, thanks: >> >> http://kengrome.com/downloads/captcha.tpl.zip >> >> Here's my description so you can figure out if it's worth downloading >> *before* you download: >> >> This captcha.tpl page creates a word-based captcha system entirely in = webdna >> with no cookies or database required. It displays a 6-digit number as = words. >> To answer the captcha challenge correctly the visitor must translate t= his >> value into corresponding numeric digits. >> >> Here's how to use this file: >> >> 1- Place this captcha.tpl file somewhere inside your web folder hierar= chy >> >> 2- Place an [include /path/to/captcha.tpl] tag at the top of the form = page >> you want to protect >> >> 3- Insert this hidden form field into the form: > name=3DcaptchaLookup value=3D[captchaLookup]> >> >> 4- Insert this text input field into the form: > name=3DcaptchaAnswer> >> >> 5- Place the [captchaWords] tag on the page wherever you want the >> "number-as-words" text to appear >> >> The first part of the system is done, now let's proceed with the secon= d >> part. Use these showif's on the page that receives the form post to >> determine whether or not the visitor typed the correct answer to the >> captchaAnswer field, then change what's inside the showif's to show th= e >> proper code based on the visitor's captcha answer: >> >> [code removed for clarity in this email] >> >> When you uncomment the following webdna comment section >> you can test this captcha system entirely within this file >> before installing it in your website: >> >> [code removed for clarity in this email] > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Bug Reporting: http://forum.webdna.us/eucabb.html?page=3Dtopics&categor= y=3D288 "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Separate SSL Server (1997) This message couldn't reach the list! (multi-column (1998) truncating email part II (1997) AuthorizeNet Declines (2005) Problems getting parameters passed into email. (1997) [WebDNA] Array for Dummies (2010) required fields (1998) Searching (2000) ssl and invoic.tpl and back bttn (2002) script.tpl from shell?! (2003) Any Newsletters out there (1998) [WebDNA] SWITCH/CASE or SHOWIF (2008) Pass a form (2003) Appending space (1998) [shownext max=?] armed (1997) Date sorting (1997) RE: (1997) WebCatalog can't find database (1997) Trouble Searching (1999) [WebDNA] [OT] Free Windows FTP client recommendations (2009)