| Author |
Message |
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
 Posted:
Wed Apr 16, 2008 5:12 pm |
 
|
More reports of CAPTCHA cracking. No wonder the spam never stops.
I see CAPTCHAs not being effective for anything much longer |
|
|
 
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6044
|
| Posted:
Wed Apr 16, 2008 6:33 pm |
|
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3143
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Wed Apr 16, 2008 6:34 pm |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Apr 16, 2008 7:21 pm |
|
Anyone can translate Russian?
I see the form is supposed to POST and create Gmail accounts. But reading the CAPTCHA itself.. where are the files such as adddata_jpg_g.php coming from? |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6373
Location: Vsetin, Czech Republic
|
| Posted:
Wed Apr 16, 2008 8:06 pm |
|
| kguske wrote: | | Time for Akismet ...? |
Definitely!!! |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Thu Apr 17, 2008 5:36 am |
|
Yeah, even I am considering it... |
|
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3143
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Thu Apr 17, 2008 4:09 pm |
|
evaders I used the address above with google.com and its full translated in English.
" This page was automatically translated from Russian."
If you are interested you Žll need to do the same with this link because they describe there better how the russian bot works by using a trojan horse:
|
|
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6044
|
| Posted:
Sun Jun 01, 2008 9:45 pm |
|
Here's another possible alternative to Akismet, this one from the authors of Drupal: |
|
|
|
|
|
rackattack
New Member
Joined: Mar 30, 2009
Posts: 4
|
| Posted:
Mon Mar 30, 2009 8:41 pm |
|
Instead of CAPTCHAs, in my opinion, the whole security system needs to be changed to some type of name-coded image.
For instance, show a picture of a ball, horse, house, tree, lake, cloud, etc.!!!
No "OCR" would be able to distinguish that -- (Not yet, I don't think. At least available to the bot makers. Maybe the Government - LOL)
Then ask the user to type what it is, in it's simplest form. And that would be the check.
This way a HUMAN can tell it's a ball, horse, house, tree, lake, cloud, etc. But the OCRs can't.
If the user gets it wrong by typing say, "football" instead of "ball" then just restart the whole process over again, and give him another shot and another picture. Eventually he'll get it right.
CAPTCHA is dead I think also evaders99.
Well, that's my idea. Maybe someone better & more experienced than me can implement it.
((I'm having trouble with a CAPTCHA right now. That's what I'm doing here, but figured I'd give my 2 cents on this post first. If I can't find an answer in these forums, I'll be creating a new Thread to deal with my problem.))
Take care; Good luck!
-- RackAttack |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Mar 30, 2009 9:09 pm |
|
There are numerous implementations of this, but they all rely on a library of images. As long as this library of images is finite, there will be ways to exploit it. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Tue Mar 31, 2009 7:04 am |
|
Also need to think about the site impaired... hhhhmmmm, maybe an audio captcha should be the norm? Will have to "noodle" that for a bit... |
|
|
|
|
|
rackattack
New Member
Joined: Mar 30, 2009
Posts: 4
|
| Posted:
Tue Mar 31, 2009 9:18 am |
|
| montego wrote: | | Also need to think about the site impaired... hhhhmmmm, maybe an audio captcha should be the norm? Will have to "noodle" that for a bit... |
They are breaking audio CAPTCHAs also.
You all probably know this -- (but I'm still very much a noob at PHP) -- but here's one video that will make you sick to your stomach:
The above dude should be arrested, put in jail, and the key thrown away.
I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day.
I've been working my rear-end off over the last few days, trying to find code, tweak code, enable the captcha, augment the captcha, etc. -- All to no avail. They get through, it seems no matter what I do. It's driving me crazy already!
Well, just venting.
Take care.
-- RackAttack |
|
|
|
|
|
kd8hho
Worker
Joined: Mar 30, 2009
Posts: 111
|
| Posted:
Tue Mar 31, 2009 2:46 pm |
|
im lucky so far. on the new site. have captcha and e-mail verification active, so far no bots.
but its all keeping 1 step ahead of the spammers |
|
|
|
|
|
testy1
Involved
Joined: Apr 06, 2008
Posts: 483
|
| Posted:
Thu Apr 02, 2009 12:46 am |
|
| Guardian2003 wrote: | | kguske wrote: | | Time for Akismet ...? |
Definitely!!! |
cant believe I missed this, This has been mentioned before on here....
Last time it was mentioned I looked into it and started a module.I got the following done.
Currently Implemented and working
- Admin and preferneces setup and working
- Validation of API key
- Couple of functions just for testing.
- check_spam function in mainfile and intergrated the akismet class obviously
@todo or wish list
- Moderation queue so admin can approve or deny
- stats for spam captured
- Satistics or addition to "waiting content" so your informed of comments needing approval
- pagination for mod queue + admin config for max records
- email notification + on/off
- mod queue could show records for spam as well as ham so that it can be overruled
- option to store details of confirmed usernames and email's locally, could then do an initial check locally before submitting to akismet to save on time
- Admin option to turn the above on or off
- time delay on local response to spammer, basically just to !@#$ them off
- automatic addition of username to the RNYA Blocked Username Strings
- automatic addition of email domain to the RNYA Blocked Mail Domains
- admin option for number of days to keep spam and/or ham in queue
I will give it to one of the devs here if they are interested and the RN team can develop it further.If the RN team are interested it is yours.I will just have to find it  |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6373
Location: Vsetin, Czech Republic
|
| Posted:
Thu Apr 02, 2009 2:38 am |
|
I integrated Akismet in the Feedback module some time ago as an experiment with great success. It was nothing fancy, just a simple routine to kill spam, no tracking or ham/spam 'reporting' function.
Having used Akismet with Wordpress for a long time and I think in 2.5 years I had only two false positives and absolutely no spam.
I never developed it further due to time constraints and the need for a more centralised 'comment' handling system to get the most from it. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Thu Apr 02, 2009 7:07 am |
|
| rackattack wrote: | | I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day. |
<SHAMELSSPLUG>
BTW, I say this as only a shameless plug for the RavenNuke(tm) captcha (at least for now), as I am not getting these. It still seems to have stood up... but, I am sure not for long.
</SHAMELESSPLUG> |
|
|
|
|
|
rackattack
New Member
Joined: Mar 30, 2009
Posts: 4
|
| Posted:
Fri Apr 03, 2009 12:44 pm |
|
| montego wrote: | | rackattack wrote: | | I have a PHP site, and we're getting anywhere from 10 to 30 "bot registrations" per day. |
<SHAMELSSPLUG>
BTW, I say this as only a shameless plug for the RavenNuke(tm) captcha (at least for now), as I am not getting these. It still seems to have stood up... but, I am sure not for long.
</SHAMELESSPLUG> |
<RedFacedAnswer>
Yep, when I got into PHP, someone told me to go "Nuke," so, not knowing what I was doing, or any other options, I did. I have heard many things since then, and learned a bit. Unfortunately, I have Nuke, (8.0) to boot!!, and although I'd like to make the switch now to RN, I'm stuck where I'm at. After MANY long hours though, I finally managed to tweak things with the CAPTCHA and haven't had any bot registrations yet. -- Unfortunately though, I switched my theme to Xtrato's "XG-DF" and now the CAPTCHA pictures don't show up!!! -- If it isn't one thing it's another!
</RedFacedAnswer>
-- RackAttack (very frustrated php noob) |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
