Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Captcha Security
Author Message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Apr 16, 2008 5:12 pm Reply with quote

Only registered users can see links on this board! Get registered or login!

More reports of CAPTCHA cracking. No wonder the spam never stops.
I see CAPTCHAs not being effective for anything much longer

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Wed Apr 16, 2008 6:33 pm Reply with quote

Time for Akismet ...?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Wed Apr 16, 2008 6:34 pm Reply with quote

An other example:
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
evaders99
PostPosted: Wed Apr 16, 2008 7:21 pm Reply with quote

Anyone can translate Russian?

I see the form is supposed to POST and create Gmail accounts. But reading the CAPTCHA itself.. where are the files such as adddata_jpg_g.php coming from?
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Wed Apr 16, 2008 8:06 pm Reply with quote

kguske wrote:
Time for Akismet ...?

Definitely!!!
 
View user's profile Send private message Send e-mail
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Thu Apr 17, 2008 5:36 am Reply with quote

Yeah, even I am considering it...

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Susann
PostPosted: Thu Apr 17, 2008 4:09 pm Reply with quote

evaders I used the address above with google.com and its full translated in English.
" This page was automatically translated from Russian."
If you are interested you ´ll need to do the same with this link because they describe there better how the russian bot works by using a trojan horse:
Only registered users can see links on this board! Get registered or login!
 
kguske
PostPosted: Sun Jun 01, 2008 9:45 pm Reply with quote

Here's another possible alternative to Akismet, this one from the authors of Drupal: Only registered users can see links on this board! Get registered or login!
 
rackattack
New Member
New Member


Joined: Mar 30, 2009
Posts: 4

PostPosted: Mon Mar 30, 2009 8:41 pm Reply with quote

Instead of CAPTCHAs, in my opinion, the whole security system needs to be changed to some type of name-coded image.

For instance, show a picture of a ball, horse, house, tree, lake, cloud, etc.!!!

No "OCR" would be able to distinguish that -- (Not yet, I don't think. At least available to the bot makers. Maybe the Government - LOL)

Then ask the user to type what it is, in it's simplest form. And that would be the check.

This way a HUMAN can tell it's a ball, horse, house, tree, lake, cloud, etc. But the OCRs can't.

If the user gets it wrong by typing say, "football" instead of "ball" then just restart the whole process over again, and give him another shot and another picture. Eventually he'll get it right.

CAPTCHA is dead I think also evaders99.

Well, that's my idea. Maybe someone better & more experienced than me can implement it.

((I'm having trouble with a CAPTCHA right now. That's what I'm doing here, but figured I'd give my 2 cents on this post first. If I can't find an answer in these forums, I'll be creating a new Thread to deal with my problem.))

Take care; Good luck!

-- RackAttack
 
View user's profile Send private message
evaders99
PostPosted: Mon Mar 30, 2009 9:09 pm Reply with quote

There are numerous implementations of this, but they all rely on a library of images. As long as this library of images is finite, there will be ways to exploit it.
 
montego
PostPosted: Tue Mar 31, 2009 7:04 am Reply with quote

Also need to think about the site impaired... hhhhmmmm, maybe an audio captcha should be the norm? Will have to "noodle" that for a bit...
 
rackattack
PostPosted: Tue Mar 31, 2009 9:18 am Reply with quote

montego wrote:
Also need to think about the site impaired... hhhhmmmm, maybe an audio captcha should be the norm? Will have to "noodle" that for a bit...


They are breaking audio CAPTCHAs also.

You all probably know this -- (but I'm still very much a noob at PHP) -- but here's one video that will make you sick to your stomach:

Only registered users can see links on this board! Get registered or login!

The above dude should be arrested, put in jail, and the key thrown away.

I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day.

I've been working my rear-end off over the last few days, trying to find code, tweak code, enable the captcha, augment the captcha, etc. -- All to no avail. They get through, it seems no matter what I do. It's driving me crazy already!

Well, just venting.

Take care.

-- RackAttack
 
kd8hho
Worker
Worker


Joined: Mar 30, 2009
Posts: 118

PostPosted: Tue Mar 31, 2009 2:46 pm Reply with quote

im lucky so far. on the new site. have captcha and e-mail verification active, so far no bots.

but its all keeping 1 step ahead of the spammers

_________________
Linux Register User #481509 | Ubuntu Register User #25492 
View user's profile Send private message Visit poster's website
testy1
Involved
Involved


Joined: Apr 06, 2008
Posts: 484

PostPosted: Thu Apr 02, 2009 12:46 am Reply with quote

Guardian2003 wrote:
kguske wrote:
Time for Akismet ...?

Definitely!!!


cant believe I missed this, This has been mentioned before on here....

Last time it was mentioned I looked into it and started a module.I got the following done.

Currently Implemented and working

  • Admin and preferneces setup and working
  • Validation of API key
  • Couple of functions just for testing.
  • check_spam function in mainfile and intergrated the akismet class obviously


@todo or wish list

  • Moderation queue so admin can approve or deny
  • stats for spam captured
  • Satistics or addition to "waiting content" so your informed of comments needing approval
  • pagination for mod queue + admin config for max records
  • email notification + on/off
  • mod queue could show records for spam as well as ham so that it can be overruled
  • option to store details of confirmed usernames and email's locally, could then do an initial check locally before submitting to akismet to save on time
  • Admin option to turn the above on or off
  • time delay on local response to spammer, basically just to !@#$ them off Smile
  • automatic addition of username to the RNYA Blocked Username Strings
  • automatic addition of email domain to the RNYA Blocked Mail Domains
  • admin option for number of days to keep spam and/or ham in queue



I will give it to one of the devs here if they are interested and the RN team can develop it further.If the RN team are interested it is yours.I will just have to find it Sad
 
View user's profile Send private message
Guardian2003
PostPosted: Thu Apr 02, 2009 2:38 am Reply with quote

I integrated Akismet in the Feedback module some time ago as an experiment with great success. It was nothing fancy, just a simple routine to kill spam, no tracking or ham/spam 'reporting' function.
Having used Akismet with Wordpress for a long time and I think in 2.5 years I had only two false positives and absolutely no spam.

I never developed it further due to time constraints and the need for a more centralised 'comment' handling system to get the most from it.
 
montego
PostPosted: Thu Apr 02, 2009 7:07 am Reply with quote

rackattack wrote:
I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day.


<SHAMELSSPLUG>
BTW, I say this as only a shameless plug for the RavenNuke(tm) captcha (at least for now), as I am not getting these. It still seems to have stood up... but, I am sure not for long.
</SHAMELESSPLUG>
 
rackattack
PostPosted: Fri Apr 03, 2009 12:44 pm Reply with quote

montego wrote:
rackattack wrote:
I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day.


<SHAMELSSPLUG>
BTW, I say this as only a shameless plug for the RavenNuke(tm) captcha (at least for now), as I am not getting these. It still seems to have stood up... but, I am sure not for long.
</SHAMELESSPLUG>


<RedFacedAnswer>
Yep, when I got into PHP, someone told me to go "Nuke," so, not knowing what I was doing, or any other options, I did. I have heard many things since then, and learned a bit. Unfortunately, I have Nuke, (8.0) to boot!!, and although I'd like to make the switch now to RN, I'm stuck where I'm at. After MANY long hours though, I finally managed to tweak things with the CAPTCHA and haven't had any bot registrations yet. -- Unfortunately though, I switched my theme to Xtrato's "XG-DF" and now the CAPTCHA pictures don't show up!!! -- If it isn't one thing it's another!
</RedFacedAnswer>
Embarassed Embarassed Embarassed

-- RackAttack (very frustrated php noob)
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Captcha Security

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©