Re: human validation on post comments
| От | David Fetter |
|---|---|
| Тема | Re: human validation on post comments |
| Дата | |
| Msg-id | 20060321171601.GA27311@fetter.org обсуждение исходный текст |
| Ответ на | Re: human validation on post comments ("Dave Page" <dpage@vale-housing.co.uk>) |
| Ответы |
Re: human validation on post comments
|
| Список | pgsql-www |
On Tue, Mar 21, 2006 at 04:54:24PM -0000, Dave Page wrote:
>
>
> > -----Original Message-----
> > From: David Fetter [mailto:david@fetter.org]
> > Sent: 21 March 2006 16:45
> > To: Dave Page
> > Cc: PostgreSQL WWW
> > Subject: Re: [pgsql-www] human validation on post comments
> >
> > The porn thing works just fine no matter what the timeout is, as
> > the spam is queued up already and the capcha gets presented as
> > soon as it's generated. The porn surfer will generally not dally
> > when presented with the capcha.
>
> Generating enough real traffic to a dummy site to ensure that there
> is always user ready to read a single capcha within a few minutes of
> it being generated just to post a single piece of spam seems like a
> pretty mean feat.
I see I didn't explain it well enough. Here's the flow:
1. Spammer generates spam and queues it up for sites.
2. A person arrives at the porn site.
3. The spam system generates a request including the spam to the
target site. Clock starts ticking.
4. The spam system presents the resulting capcha to the porn surfer.
Less than a second has elapsed.
5. Porn surfer types in the string as asked. Time elapsed is
probably still under 5 seconds.
6. Spam system sends the string to the target site. Time elapsed is
under 10 seconds for >90% of cases.
> I would think they could generate more revenue from bunging a few
> ads on the site than hoping that the spam they manage to get on a
> completely unrelated site might actually generate a customer. Still,
> I'm only speculating so may be completely wrong.
It's very cheap to set up such a system, and spammers routinely
expect--and profit from--"hit rates" that are less than one in a
million.
> > But apart from its ineffectiveness on spammers, as others have
> > mentioned, capcha excludes blind people. :(
>
> Yes - it's a shame none of us thought about it when Gevik was
> originally working on it.
>
> There is the audio option I suggested which Paypal use IIRC -
> alternatively we could use some sort of puzzle - such as 'enter the
> third, second from last and 2nd character from this string'.
That lends itself to exactly the same attack I sketched out above.
Cheers,
D
--
David Fetter <david@fetter.org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter
Remember to vote!
В списке pgsql-www по дате отправления: