DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th October 2008
harold harold is offline
Real Name: Harold
Port Guard
 
Join Date: May 2008
Location: Wisconsin, US
Posts: 10
Thanked 0 Times in 0 Posts
Default 3-D CAPTCHA

http://spamfizzle.com/CAPTCHA.aspx

This, of course, is not the only way to do it. The following method should be highly effective!
http://random.irb.hr/signup.php

Why do all this? Well, according to SJVN, the standard CAPTCHA is now practically useless.
http://www.pcworld.idg.com.au/index.php/id;489635775
Reply With Quote
  #2   (View Single Post)  
Old 19th October 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Looks effective, but most people I know wouldn't know a sin from a cos, outside of church lol.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.

Last edited by TerryP; 19th October 2008 at 04:45 PM. Reason: missed an e
Reply With Quote
  #3   (View Single Post)  
Old 19th October 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is online now
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,062
Thanked 198 Times in 156 Posts
Default

This is the math question I was asked ... Seriously ...
Attached Images
File Type: gif 87e5584ac298c80419932b38bcccc606.gif (1.3 KB, 36 views)
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #4   (View Single Post)  
Old 19th October 2008
harold harold is offline
Real Name: Harold
Port Guard
 
Join Date: May 2008
Location: Wisconsin, US
Posts: 10
Thanked 0 Times in 0 Posts
Default

I suppose that the 3-D CAPTCHA is an interesting problem to a programmer. Seems to me, though, that "What is the Capitol of 'some country' " or "What are the second, middle and last letters of 'alkdfjalkjljkha' " would be as effective. Either way, it appears that we are moving towards CAPTCHAs that have to be translated into many languages.
Reply With Quote
  #5   (View Single Post)  
Old 19th October 2008
bsddaemon bsddaemon is offline
Slack Daemon
 
Join Date: Oct 2008
Posts: 35
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by harold View Post
Seems to me, though, that "What is the Capitol of 'some country' "
Sounds unrealistic to me. I dont know every capital in the world, well you can say "google it!", but not all people know how to google (elderly for instance), last but not least, not hard to build a capital database for bot.

Quote:
"What are the second, middle and last letters of 'alkdfjalkjljkha' " would be as effective.
A simple algorithm would beat this easily.

BTW1, I HATE spam, really really HATE spam!

BTW2, Im wondering why this forum doesnt require email verification?
Reply With Quote
  #6   (View Single Post)  
Old 19th October 2008
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,051
Thanked 118 Times in 93 Posts
Default

IMHO ASCII Captcha is a better idea [ http://www.asciicaptcha.com ].

there is also other 3D method:
http://www.ocr-research.org.ua/index.php?action=teabag

... but in the end, the best method is the one that works.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #7   (View Single Post)  
Old 19th October 2008
ddekok ddekok is offline
Port Guard
 
Join Date: May 2008
Posts: 38
Thanked 4 Times in 3 Posts
Default

One spam prevention measure, which I had implemented (after reading about it somewhere) is a bit of form trickery.

Basically, you have an array of several inputs for a given field. You randomly select one as the valid field, giving it a CSS class to make it visible. The rest get a CSS class to hide them. The form has a hidden input with information on which input is valid for a given field (indexed). This data is encrypted. When the form is submitted, the encrypted string is decrypted, and the inputs checked. If any of the invalid inputs have values, the submission is considered spam.

I like this method because it is unobtrusive. However, it be a bit of a PITA on the back end. Writing a good library for it helps.

There are some pitfalls, though. For instance, the CSS could be parsed. You can do some trickery with that though. Usually I have 5 - 10 different CSS classes for both the hidden and visible inputs and randomly assign one of the classes to each input. The CSS is defined in an external file. It would be possible to have multiple definitions for a given class, with the last one taking precedence.

Also, it wouldn't be viable for people running browsers without CSS (eg: console, or CSS disabled).

I figure that if the spam check fails (within a certain range, such as 1%-30% of the fields fail), then it could revert to a captcha style spam prevention measure.

Spam prevention is just like virus protection - you either have to be ahead of the game, or really good at playing catch-up.
Reply With Quote
  #8   (View Single Post)  
Old 19th October 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Quote:
Originally Posted by vermaden View Post
... but in the end, the best method is the one that works.
Well, I'd say four or five guys with shotguns and MP5 kicking in the spammers doors, and a 40 year jail sentence would work best... but the internet doesn't make that very practical.


What sucks, is when the CAPTCHA ends up keeping more visitors out then it does bots.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 19th October 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is online now
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,062
Thanked 198 Times in 156 Posts
Default

Quote:
Well, I'd say four or five guys with shotguns and MP5 kicking in the spammers doors, and a 40 year jail sentence would work best... but the internet doesn't make that very practical.
I think this makes it official ... You have been playing waaay too much Swat4 and Raven Shield ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 20th October 2008
harold harold is offline
Real Name: Harold
Port Guard
 
Join Date: May 2008
Location: Wisconsin, US
Posts: 10
Thanked 0 Times in 0 Posts
Default

ddekok> One spam prevention measure, which I had implemented (after reading about it somewhere) is a bit of form trickery...

URL, please.
Reply With Quote
Old 20th October 2008
ddekok ddekok is offline
Port Guard
 
Join Date: May 2008
Posts: 38
Thanked 4 Times in 3 Posts
Default

Quote:
Originally Posted by harold View Post
ddekok> One spam prevention measure, which I had implemented (after reading about it somewhere) is a bit of form trickery...

URL, please.
I was inspired by a site that showed up on Digg -- http://digg.com/programming/Preventi...ing_a_CAPTCHA/

The site it links to is unavailable, but the wayback machine got it
Reply With Quote
Old 21st October 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
I think this makes it official ... You have been playing waaay too much Swat4 and Raven Shield ...
I noticed that when I started instinctively checking peoples hands for guns & grenades at the grocery store ;-)
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:59 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick