public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: David Fetter <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: human validation on post comments
Date: Tue, 21 Mar 2006 17:23:05 -0000
Message-ID: <E7F85A1B5FF8D44C8A1AF6885BC9A0E4011C9697@ratbert.vale-housing.co.uk> (raw)
> -----Original Message-----
> From: David Fetter [mailto:[email protected]]
> Sent: 21 March 2006 17:16
> To: Dave Page
> Cc: PostgreSQL WWW
> Subject: Re: [pgsql-www] human validation on post comments
>
> I see I didn't explain it well enough. Here's the flow:
>
> 1. Spammer generates spam and queues it up for sites.
> 2. A person arrives at the porn site.
> 3. The spam system generates a request including the spam to the
> target site. Clock starts ticking.
> 4. The spam system presents the resulting capcha to the porn surfer.
> Less than a second has elapsed.
> 5. Porn surfer types in the string as asked. Time elapsed is
> probably still under 5 seconds.
> 6. Spam system sends the string to the target site. Time elapsed is
> under 10 seconds for >90% of cases.
Ahh, gotcha.
>
> > > But apart from its ineffectiveness on spammers, as others have
> > > mentioned, capcha excludes blind people. :(
> >
> > Yes - it's a shame none of us thought about it when Gevik was
> > originally working on it.
> >
> > There is the audio option I suggested which Paypal use IIRC -
> > alternatively we could use some sort of puzzle - such as 'enter the
> > third, second from last and 2nd character from this string'.
>
> That lends itself to exactly the same attack I sketched out above.
Undoubtedley, but unless they write something specifically to work with
our site which is a lot of effort... And all we do then is fall back to
how things are now until we've broken whatever they were doing by
modifying the regexps in the auto-reject code or re-jigged the puzzles.
Of course, doing any of this we mustn't make it too difficult for the
user to submit things.
Regards, Dave.
view thread (18+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: human validation on post comments
In-Reply-To: <E7F85A1B5FF8D44C8A1AF6885BC9A0E4011C9697@ratbert.vale-housing.co.uk>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox