News - Features - Downloads - Forum - Team - Support - Switch View: Screen
Login - Registrierung - Passwort vergessen

Antworten: 7
Seite [1]
Caps


Rock the board





Beiträge: 59
# Thema - 22.06.2011 um 01:03 Uhr
Text and image recognition is getting better and better and the use of audio allows anyone to get pass Captcha. There are many articles about security issue with the use of security code.

The harder Captcha makes it difficult for bots to detect the image, the more difficult it will be for members to detect the Captcha symbols - thus logging in becomes harder to do.

A better alternative is to ask the visitor to calculate an equation. This answer is hidden.


Zuletzt editiert von Caps am 22.06.2011 um 01:09 Uhr (1x Editiert)
Inaktiv
floH


Rock the board




Herkunft: Reichenberg
Beiträge: 82
# Antwort: 1 - 22.06.2011 um 02:04 Uhr
Calculates are useless too.

http://www.evengrounds.com/developers/alternatives-to-captcha

A good way is to delete Captcha and try different things. For CSP is the easiest way:

Add a hidden field and hope that bots fill out this hidden field. So you can block incomming comments with a filled field.
Or you can check how long the user nedded to fill out the form. Bots won't need more then 10 seconds.

A mixup of both is a good way to kick bots out!

I use a version of this two methods and all as "spam" marked comments I have to check. So I can delete this messages or allow those to display. To save time I added some filters who check for "standardmessages" and "trusted Users"

Sorry for my bad english Hope you understand me and know what I'm talking about

-floH


Inaktiv
|
Caps
Thread-Ersteller


Rock the board





Beiträge: 59
# Antwort: 2 - 22.06.2011 um 02:16 Uhr
Hi floH,

English = good. We have 2 outstanding players who are color blind. So we can not use Captcha which randomizes colors which contain colors which they can not see.


Inaktiv
|
floH


Rock the board




Herkunft: Reichenberg
Beiträge: 82
# Antwort: 3 - 22.06.2011 um 02:33 Uhr
Yes that is another reason why I hate Captcha

Try to add a field which is blank. Check after submit the data if the field is still blank.

Most Bots fill out automaticly every field in a form. Only Bots who send premade headers won't dedected by this method.
And then you can add a timer. So you can check how long a User needs to fill out the form. I use following term: Under 10 seconds == Bot, everything over 10 seconds == User


Inaktiv
|
Caps
Thread-Ersteller


Rock the board





Beiträge: 59
# Antwort: 4 - 22.06.2011 um 02:47 Uhr
I like that. Are you using that script with CS?


Inaktiv
|
floH


Rock the board




Herkunft: Reichenberg
Beiträge: 82
# Antwort: 5 - 22.06.2011 um 06:18 Uhr
Yes I do. Captcha is gone and every part of it deleted.

Now I have the "hidden field" and the "time stop". If a submit is marked as Spam I have to decide what will happen with that post. I also added some filters. First of all my code look at the message and if there is a submit found on the blacklist the post get deleted without any klick of the admin. After that the filter looks at the whitelist and if there is a User on it (I have to add the Users on the whitelist) who don't need the 10 seconds the post will be submitted and a note appears for the admin.

It is a great and well working code so I'm happy about it that Captcha is gone


Inaktiv
|
Caps
Thread-Ersteller


Rock the board





Beiträge: 59
# Antwort: 6 - 22.06.2011 um 07:22 Uhr
Hi floH,

Are you a php developer for CS scripts?


Inaktiv
|
floH


Rock the board




Herkunft: Reichenberg
Beiträge: 82
# Antwort: 7 - 22.06.2011 um 12:12 Uhr
I'm only a bored user who uses CS.

Everything I learned by my self and things like this will take there time


Inaktiv
|
Antworten: 7
Seite [1]


Sie müssen sich registrieren, um zu antworten.


ClanSphere Project - Mailus - Imprint - Disclaimer - Scriptinfo