New Captcha Form That I Like!
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
It's cyan... OK, it's turquoise... Then it's blue-green... Oh, bugger. How do you set monitor colour profiles again?
I wanna be a eunuchs developer! Pass me a bread knife!
-
Surely trivial to write a bot to crack that, though?
MVVM # - I did it My Way ___________________________________________ Man, you're a god. - walterhevedeich 26/05/2011 .\\axxx (That's an 'M')
Well, a dynamically created form requires you to have a browser with a JS engine in your spambot, not just a HTTP client. And unless you're one of the big boys, no-one's going to bother writing a spambot specifically to target your site, so you just need to be unavailable for the generic ones.
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
I saw something similar once. The graphic presented a simple arithmetic problem (fully parenthesized) and you had to enter the result: (4+2)3+2
Software Zen:
delete this; -
I've been considering building a contact form with throttling based on IP address. So, maybe I limit the number of submissions to 10 per day per IP address. I could even build it dynamically using JavaScript to avoid what I imagine the bulk of bots do (i.e., perform simple HTTP POSTS against any detected input fields). Would certainly be less annoying for users (unless I got very popular and lots of people wanted to contact me), and probably easier to build/maintain. Another idea would be to have multiple buttons. One button would say something like "Block My IP For a Week" and the other would say "Submit Form". They would be swapped dynamically, and each would have a JavaScript prompt ("you sure?"). :)
I would consider allowing three incorrect ones, and then start adding delays for every three they get wrong. rqst rqst rqst delay 10 secs rqst delay 10 secs rqst delay 10 secs rqst delay 20 secs ... and so on
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997 -
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
I've run across a couple of them and it sure makes it easy, don't know why more of that's not going on?
VS2010/Atmel Studio 6.1 ToDo Manager Extension Some days, it's just not worth chewing through the restraints.
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
-
I saw something similar once. The graphic presented a simple arithmetic problem (fully parenthesized) and you had to enter the result: (4+2)3+2
Software Zen:
delete this;Gary R. Wheeler wrote:
(4+2)3+2
I know the answer is 22. 4 + 2 = 6 6base3 = 20 20 + 2 = 22 woohoo :suss::suss:
Every time you think, you weaken the nation.
-
I would consider allowing three incorrect ones, and then start adding delays for every three they get wrong. rqst rqst rqst delay 10 secs rqst delay 10 secs rqst delay 10 secs rqst delay 20 secs ... and so on
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997Yeah, I was thinking along those lines as well. That makes more sense for a lot of things, but for a contact form that gets used like once every 3 months, a hard limit would work for me.
-
I've been considering building a contact form with throttling based on IP address. So, maybe I limit the number of submissions to 10 per day per IP address. I could even build it dynamically using JavaScript to avoid what I imagine the bulk of bots do (i.e., perform simple HTTP POSTS against any detected input fields). Would certainly be less annoying for users (unless I got very popular and lots of people wanted to contact me), and probably easier to build/maintain. Another idea would be to have multiple buttons. One button would say something like "Block My IP For a Week" and the other would say "Submit Form". They would be swapped dynamically, and each would have a JavaScript prompt ("you sure?"). :)
Major flaw with your first idea... What about people stuck behind a Proxy or NAT firewall or VPN? You can have many-many-many people behind one IP address, particularly now IPv4 addresses have run out. Plus don't forget the transition to IPv6 is going to see an increase in various forms of Tunnelling and NAT in the short term. You would also need code that can handle IPv6 addresses as well. The second idea is better but a bot would defeat it straight away because it could read the text or image of the buttons. If you randomly change a button image each time but it still conveys which button is which to the user, that could work because the bot would have to figure this out as well (just like a traditional captcha).
-
There is this company[^] which started to bring innovative captcha ideas ... Points to remember the horrified captchas I get to solve each day ... The fantastically swirled charaters are sometimes unreadable even by a simple human brain like mine... Sometimes we just over-complicate things. I just wonder why
Nice solution to the problem!
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
Better than a "Voight-Kampff" test. ;P
I need an app that will automatically deliver a new BBBBBBBBaBB (beautiful blonde bimbo brandishing bountiful bobbing bare breasts and bodacious butt) every day. John Simmons / outlaw programmer
-
Major flaw with your first idea... What about people stuck behind a Proxy or NAT firewall or VPN? You can have many-many-many people behind one IP address, particularly now IPv4 addresses have run out. Plus don't forget the transition to IPv6 is going to see an increase in various forms of Tunnelling and NAT in the short term. You would also need code that can handle IPv6 addresses as well. The second idea is better but a bot would defeat it straight away because it could read the text or image of the buttons. If you randomly change a button image each time but it still conveys which button is which to the user, that could work because the bot would have to figure this out as well (just like a traditional captcha).
thecodeproject@treacy.co.uk wrote:
What about people stuck behind a Proxy or NAT firewall or VPN
Not a problem if I only get a submission every few months.
thecodeproject@treacy.co.uk wrote:
If you randomly change a button image each time
I was thinking of randomly injecting characters into the button text, and randomly removing characters. And maybe have a few different messages. For a quick and dirty solution, I doubt this would be necessary. Something else I was thinking was to dynamically generate the button ID's/names. I'd randomly assign them a GUID or something, and only accept one of them as correct (I'd log the correct one to the database, or session, or whatever). They'd be single use. That way, they could just do an HTTP POST knowing the correct key to use.
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
I've seen this kind of captchas from a time on, but I think they're easier to solve than reCaptcha ones, reCaptcha captchas are harder to solve, even to some humans... :rolleyes:
CEO at: - Rafaga Systems - Para Facturas - Modern Components for the moment...
-
There is this company[^] which started to bring innovative captcha ideas ... Points to remember the horrified captchas I get to solve each day ... The fantastically swirled charaters are sometimes unreadable even by a simple human brain like mine... Sometimes we just over-complicate things. I just wonder why
-
I just registered my new rifle on the manufacturer's website, and was surprised to see a Captcha form I haven't seen before. Instead of completely unintelligible letters and numbers, there was just three simple, clear characters presented. The question to be answered was, "What color is the first character above?" Nice. :-D
Will Rogers never met me.
I think women would have trouble with that.[^] ;) Marc
Testers Wanted!
Latest Article: User Authentication on Ruby on Rails - the definitive how to
My Blog -
Agreed ... and why not, if machines can read brain signals and draw pictures of what the brain interprets. Its more than a belief that machine-armageddon is a possibility
