On 29/05/13 01:59, Pia Oliver wrote:
How is this happening? I have been told that robots are not capable of deciphering an image but possibly math. That's why I have changed every single one to image captchas.
Capcha just requires OCR capabilities, if it's important enough someone will do it.
It also drives legitimate users away. I rarely fill in capchas.
My D-Link wireless router defends itself (from internal users, why? I ask) using a capcha. It's validated in javascript. I nearly returned it for a refund, but first tried making an HTA (on Windows) based on the login form ant that works fine. So I figure that some capcha might by bypassed by anyone who knows what data to post to a form. For example, maybe I can configure a webform on testserver.example.com (it exists, it's on my LAN) to post the login data to my bank. It's not a lot different from what anonymous proxy servers do.
A technique I have seen recommended, but have not tried for myself, is to create a field in each protected form that is invisible but a bot would complete. It wouldn't bypass humans paid to bypass your antispam measures though.
In my particular case, I have a site for people in my area. If you're not located in Australia, you cannot register. If you're registered, you can login.