<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Times New Roman, Times, serif">One other thing I forgot
to mention about Honeypot - besides implementing reverse-CAPTCHA,
it also looks at how long it took from when your server sent the
HTML with the <form> and when the response arrived. A lot
of the malware out there is too dumb to delay a few seconds, so
the malware sends its response faster than a human possibly could.<br>
<br>
What's worrisome is that these solutions are only temporary
measures. I can easily think of ways around both of these tests if
I were writing code for the bad guys. So I expect that their
programmers will implement such workarounds in the near future.
And at that point we'll have no effective protection.<br>
<br>
</font><font face="Times New Roman, Times, serif"><font face="Times
New Roman, Times, serif">This is not just a Drupal problem - it
affects every website regardless of what technology it's built
with. </font>So, please put the word out to any developers you
know - we need to be dreaming up innovative ways of distinguishing
between software-generated responses and human-generated responses
right now so we'll be ready when the current approaches all start
failing.<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">Mark
Rosenthal</font><br>
<font face="Times New Roman, Times, serif"><a class="moz-txt-link-abbreviated" href="mailto:mbr@arlsoft.com">mbr@arlsoft.com</a></font><br>
</blockquote>
On 4/5/14 12:38 PM, Dan Kegel wrote:<br>
<blockquote
cite="mid:CAPF-yObGneOK9VrAYicQA28e+2CgTU0sUax0hyee6wrVN_wStA@mail.gmail.com"
type="cite">
<pre wrap="">I'll try honeypot!
I've been making do with the attached script and adding things to .htaccess;
it was surprisingly effective (though lately I'm seeing spam from within my
own city).
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>