[support] Captcha and spam issues
John Summerfield
summer at js.id.au
Sat Jun 8 02:23:33 UTC 2013
On 29/05/13 01:59, Pia Oliver wrote:
> How is this happening? I have been told that robots are not capable
> of deciphering an image but possibly math. That's why I have changed
> every single one to image captchas.
Capcha just requires OCR capabilities, if it's important enough someone
will do it.
It also drives legitimate users away. I rarely fill in capchas.
My D-Link wireless router defends itself (from internal users, why? I
ask) using a capcha. It's validated in javascript. I nearly returned it
for a refund, but first tried making an HTA (on Windows) based on the
login form ant that works fine. So I figure that some capcha might by
bypassed by anyone who knows what data to post to a form. For example,
maybe I can configure a webform on testserver.example.com (it exists,
it's on my LAN) to post the login data to my bank. It's not a lot
different from what anonymous proxy servers do.
A technique I have seen recommended, but have not tried for myself, is
to create a field in each protected form that is invisible but a bot
would complete. It wouldn't bypass humans paid to bypass your antispam
measures though.
In my particular case, I have a site for people in my area. If you're
not located in Australia, you cannot register. If you're registered, you
can login.
More information about the support
mailing list