vb.org Archive - View Single Post - Miscellaneous Hacks - Enhanced Captcha Image Verification

steadicamop · #58 11-29-2006, 07:42 AM

Quote:

Originally Posted by John_Shaft

Steadi, first of all I commend you on a great effort to defeat the (to me) tremendously growing problem of spam wrecking forums.

Ah, but there's the rub. _It doesn't have to_. A real person isn't at all needed to defeat it.

I was thinking of installing this (as I need a solution from somewhere) but I see an inherent problem with this that will surely allow it to be defeated with absolute ease, should it ever reach the popularity that it's worth spending a little time (and that's all it would take) to deal with it.

Quite simply, it doesn't need to be programmed to read the image or anything complicated like that. It has four pictures of which it has to click the right one to proceed. The easy way to beat it is to code the bot to just click on images, and go back and repeatedly click on images, until it reaches the accepted part of the page (birthdate or whatever). As there's only four images it's going to do it in a handfull of tries.

Whether they get around to coding that I don't know, but if they do it's instantly sunk as far as I can see.

The one way I can see to deal with bots doing that is to have the user type in the name of a single image (i.e. "cloud"). That's why captcha is a tougher problem (even though it's beaten atm) because there's a massive amount of inputs that need to be tried, rather than just "pick a number, 1 to 4".

Has this occured to you, or do you just believe they won't specifically target your hack, even if it gets popular?

I understand that no matter how hard you make the security - it will be cracked eventually - I'm working on making this slightly more harder for bots, it will give you four attempts to get it right then it locks you out from using the register page for a set amount of time (I was thinking of 24 hours) - I do realise that repeat clicking, going back and clicking again will eventually find the correct one - but for me this has stopped bots signing up - I'm working on making it more secure with different measures.

I appreciate your feedback.

Jason

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01097 seconds Memory Usage 1,769KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: