X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org Received: from localhost (av.hub.org [200.46.204.144]) by postgresql.org (Postfix) with ESMTP id 621769DCBF2 for ; Tue, 21 Mar 2006 01:42:37 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 73344-01 for ; Tue, 21 Mar 2006 01:42:36 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey- Received: from fetter.org (dsl092-188-065.sfo1.dsl.speakeasy.net [66.92.188.65]) by postgresql.org (Postfix) with ESMTP id 07DC19DC9C8 for ; Tue, 21 Mar 2006 01:42:34 -0400 (AST) Received: by fetter.org (Postfix, from userid 500) id A2AFECF1CE; Mon, 20 Mar 2006 21:42:34 -0800 (PST) Date: Mon, 20 Mar 2006 21:42:34 -0800 From: David Fetter To: PostgreSQL WWW Subject: Re: human validation on post comments Message-ID: <20060321054234.GA20550@fetter.org> References: <200603181057.20254.travis.hein@travnet.org> <200603181015.12200.josh@agliodbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603181015.12200.josh@agliodbs.com> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, score=0.129 required=5 tests=[AWL=0.129] X-Spam-Score: 0.129 X-Spam-Level: X-Archive-Number: 200603/115 X-Sequence-Number: 9705 On Sat, Mar 18, 2006 at 10:15:12AM -0800, Josh Berkus wrote: > Travis, > > > I have been integrating a component that will ask the user to > > enter the word in a dynamic image before their comments can be > > submitted. > > Terrific! I'm sure the people who clear the comments will have nice > things to say. > > The image is generated dynamically? That's good -- the spammers > are already working on systems that harvest static images from sites > and match them against a database. Grrrr. Actually, they've already got one, and here's how it works: 1. Put up a free porn site. 2. Present somebody else's capcha image as an entry. 3. Let the person see the porn if they've correctly cracked the capcha. 4. Spam site. The sad part of this one is that they don't have to crack any single capcha system. Instead, they've cracked the entire capcha process. Cheers, D -- David Fetter http://fetter.org/ phone: +1 415 235 3778 AIM: dfetter666 Skype: davidfetter Remember to vote!