[support] Many false applications for accounts
MBR
mbr at arlsoft.com
Sat Apr 5 16:58:04 UTC 2014
One other thing I forgot to mention about Honeypot - besides
implementing reverse-CAPTCHA, it also looks at how long it took from
when your server sent the HTML with the <form> and when the response
arrived. A lot of the malware out there is too dumb to delay a few
seconds, so the malware sends its response faster than a human possibly
could.
What's worrisome is that these solutions are only temporary measures. I
can easily think of ways around both of these tests if I were writing
code for the bad guys. So I expect that their programmers will
implement such workarounds in the near future. And at that point we'll
have no effective protection.
This is not just a Drupal problem - it affects every website regardless
of what technology it's built with. So, please put the word out to any
developers you know - we need to be dreaming up innovative ways of
distinguishing between software-generated responses and human-generated
responses right now so we'll be ready when the current approaches all
start failing.
Mark Rosenthal
mbr at arlsoft.com
On 4/5/14 12:38 PM, Dan Kegel wrote:
> I'll try honeypot!
>
> I've been making do with the attached script and adding things to .htaccess;
> it was surprisingly effective (though lately I'm seeing spam from within my
> own city).
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/6db52c43/attachment.html
More information about the support
mailing list