On 2010-12-22, at 13:32, Anders Carlsson wrote: > silverdr wrote: > >> Wouldn't it be a) more efficient and b) potential users friendly >> if you put even a simple captcha instead of rejecting IP ranges? > > If one decides to use a captcha, make sure it is a non-standard one. > I have come to understand that the open sourced, standard captchas > involving scrambled graphics and such can be cracked or at least the > spammers have people to help them bypass them. Everything can be cracked. Or bypassed with human factor involved. It only depends on how much resources are being put to it. Most of the IPs generating spam registrations and spam entries in forums are dynamic IPs assigned to zombie Windows machines in people's homes. If the site is not mainstream one (as I guess the one we speak of) it is not going to pay to crack or bypass it by adopting the infecting scripts. All standard captchas, and even a simplest random numbers arithmetic would IMHO reduce the successful spam entries by two orders of magnitude. > > Instead I'd suggest a control question like this one: > > "How do you usually abbreviate the Commodore > Onehundredandtwentyeight in four characters?" > > I added a such trivial control question to a site of mine in 2006, > and to this day zero spammers have managed to bypass it! That site > had at least 20-50 spam entries every day before the check. > Certainly anyone who has two brain cells and reads English could > crack that control question too, but it seems spammers are not > prepared to make that much effort. That's exactly what I mean. The simplest captcha (like simple arithmetics) would do. And no - the standard graphic scramblers are not compromised yet. They would provide even better level of protection but are IMHO not worth implementing here. -- SD! Message was sent through the cbm-hackers mailing listReceived on 2010-12-22 14:00:13
Archive generated by hypermail 2.2.0.