numero = 103439
interpreted = N
texte = FWIW I've been able to kill form spam on my (admittedly low-traffic) site=s using a combination of=20the "invisible form field (CSS)" and "frequently change the name of the p=age that the form submits=20to" techniques. I haven't needed to use CAPTHA yet. -DanOn Tue, 25 Aug 2009 11:54:53 -0400 William DeVaul wrote:> Good stuff. Hackers attempt to solve all types of CAPTCHAs. They use> automated tools to read and solve problems (OCR) and can even pass> through a CAPTCHA to their own users to solve and pass back the> result.>=20> My view of CAPTCHA is like the story about two friends and the bear.> The first friend looks at the other on spotting the bear and says "Do> you think you can out run the bear?" The second friend replies, "No,> but I only have to out run you." CAPTCHA is just a bit of deterrent> to keep the bear on the slower friend. The problem is that there are> enough hackers for all of us.>=20> Bill>=20> On Tue, Aug 25, 2009 at 10:43 AM, Kenneth Grome wro=te:>> Do hackers these days use scripts that:>>>> 1- read the content of a web page>> 2- extract strings like "two hundred eighty three">> 3- convert them into numbers like "283">> 4- enter these values into blank form fields>>>> ... so they can get past text-based captcha systems designed to preven=t>> forms from being submitted by hackers?>>>> Sincerely,>> Ken Grome>>>>>>>> P.S. I'm giving the code away free but I don't think file attachments =are>> allowed in this talk list so you'll have to get it from my website. Pl=ease>> do not redistribute this file without my permission, thanks:>>>> http://kengrome.com/downloads/captcha.tpl.zip>>>> Here's my description so you can figure out if it's worth downloading>> *before* you download:>>>> This captcha.tpl page creates a word-based captcha system entirely in =webdna>> with no cookies or database required. It displays a 6-digit number as =words.>> To answer the captcha challenge correctly the visitor must translate t=his>> value into corresponding numeric digits.>>>> Here's how to use this file:>>>> 1- Place this captcha.tpl file somewhere inside your web folder hierar=chy>>>> 2- Place an [include /path/to/captcha.tpl] tag at the top of the form =page>> you want to protect>>>> 3- Insert this hidden form field into the form: > name=3DcaptchaLookup value=3D[captchaLookup]>>>>> 4- Insert this text input field into the form: > name=3DcaptchaAnswer>>>>> 5- Place the [captchaWords] tag on the page wherever you want the>> "number-as-words" text to appear>>>> The first part of the system is done, now let's proceed with the secon=d>> part. Use these showif's on the page that receives the form post to>> determine whether or not the visitor typed the correct answer to the>> captchaAnswer field, then change what's inside the showif's to show th=e>> proper code based on the visitor's captcha answer:>>>> [code removed for clarity in this email]>>>> When you uncomment the following webdna comment section>> you can test this captcha system entirely within this file>> before installing it in your website:>>>> [code removed for clarity in this email]> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> Bug Reporting: http://forum.webdna.us/eucabb.html?page=3Dtopics&categor=y=3D288
Associated Messages, from the most recent to the oldest:
FWIW I've been able to kill form spam on my (admittedly low-traffic) site=s using a combination of=20the "invisible form field (CSS)" and "frequently change the name of the p=age that the form submits=20to" techniques. I haven't needed to use CAPTHA yet. -DanOn Tue, 25 Aug 2009 11:54:53 -0400 William DeVaul wrote:> Good stuff. Hackers attempt to solve all types of CAPTCHAs. They use> automated tools to read and solve problems (OCR) and can even pass> through a CAPTCHA to their own users to solve and pass back the> result.>=20> My view of CAPTCHA is like the story about two friends and the bear.> The first friend looks at the other on spotting the bear and says "Do> you think you can out run the bear?" The second friend replies, "No,> but I only have to out run you." CAPTCHA is just a bit of deterrent> to keep the bear on the slower friend. The problem is that there are> enough hackers for all of us.>=20> Bill>=20> On Tue, Aug 25, 2009 at 10:43 AM, Kenneth Grome wro=te:>> Do hackers these days use scripts that:>>>> 1- read the content of a web page>> 2- extract strings like "two hundred eighty three">> 3- convert them into numbers like "283">> 4- enter these values into blank form fields>>>> ... so they can get past text-based captcha systems designed to preven=t>> forms from being submitted by hackers?>>>> Sincerely,>> Ken Grome>>>>>>>> P.S. I'm giving the code away free but I don't think file attachments =are>> allowed in this Talk List so you'll have to get it from my website. Pl=ease>> do not redistribute this file without my permission, thanks:>>>> http://kengrome.com/downloads/captcha.tpl.zip>>>> Here's my description so you can figure out if it's worth downloading>> *before* you download:>>>> This captcha.tpl page creates a word-based captcha system entirely in =webdna>> with no cookies or database required. It displays a 6-digit number as =words.>> To answer the captcha challenge correctly the visitor must translate t=his>> value into corresponding numeric digits.>>>> Here's how to use this file:>>>> 1- Place this captcha.tpl file somewhere inside your web folder hierar=chy>>>> 2- Place an [include /path/to/captcha.tpl] tag at the top of the form =page>> you want to protect>>>> 3- Insert this hidden form field into the form: > name=3DcaptchaLookup value=3D[captchaLookup]>>>>> 4- Insert this text input field into the form: > name=3DcaptchaAnswer>>>>> 5- Place the [captchaWords] tag on the page wherever you want the>> "number-as-words" text to appear>>>> The first part of the system is done, now let's proceed with the secon=d>> part. Use these showif's on the page that receives the form post to>> determine whether or not the visitor typed the correct answer to the>> captchaAnswer field, then change what's inside the showif's to show th=e>> proper code based on the visitor's captcha answer:>>>> [code removed for clarity in this email]>>>> When you uncomment the following webdna comment section>> you can test this captcha system entirely within this file>> before installing it in your website:>>>> [code removed for clarity in this email]> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> Bug Reporting: http://forum.webdna.us/eucabb.html?page=3Dtopics&categor=y=3D288
"Dan Strong"
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...