Jump to content


Photo

You need to register to post on the Adverts forum.


  • Please log in to reply
39 replies to this topic

#21 Bart

Bart

  • Network Admins
  • 8,524 posts
  • Location:The Netherlands
  • Division:Revora
  • Job:Network Leader

Posted 26 February 2007 - 02:10 PM

because it's a 10-second change in the bot code

apart from the catcha reader, i could make a bot in PHP that posts topic in this forum in about 5 minutes
bartvh | Join me, make your signature small!
Einstein: "We can’t solve problems by using the same kind of thinking we used when we created them."

#22 ched

ched

    .

  • Undead
  • 4,431 posts
  • Location:Angers (France)
  • Projects:Rhovanion Alliance
  •  T3A Team Chamber Member
  • Division:BFME
  • Job:Previous Division Leader

Posted 26 February 2007 - 07:23 PM

still, the chances that they notice their bots are unable to post in this forum are very slim since they're spamming hundreds of thousands of boards
Software is like sex; it's better when it's free ~Linus Torvald

#23 Calamity_Jones

Calamity_Jones

    Boomers Disposable Minion

  • Project Team
  • 2,399 posts
  • Location:East Yorkshire - England
  • Projects:Only War 2
  •  The Lurker-Turned-Poster-Turned-Lurker

Posted 26 February 2007 - 10:05 PM

I like blodo's idea. He hath my vote. Make loads of crazy hidden forms, and hell, to spice things up, unhide some too!
Posted Image

#24 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 26 February 2007 - 11:01 PM

lmao, theres a thought :evgr:
As well as hidden fields to be left unfilled, you could add some unique to this board, so bots gets rejected if they fill the hidden box, OR are unable to specify a correct favorite pie :lol:

World Domination Status: 2.7%


#25 Ash

Ash

    Foxtrot Oscar.

  • Undead
  • 15,526 posts
  • Location:England
  • Projects:Robot Storm
  •  Keep calm and carry on.

Posted 26 February 2007 - 11:32 PM

because it's a 10-second change in the bot code

apart from the catcha reader, i could make a bot in PHP that posts topic in this forum in about 5 minutes


So could Immo. But again, unless you deliberately knew, cared about or had any vested interest in Revora, would you bother your arse to change the bot code to do that? I dare say half the bot coders don't even know what Revora is, much less would bother to alter their bot code specifically to target it. They're aimed at invisionfree more than anything else. Indeed, anywhere where guest posting is enabled is vulnerable, and that tends to be invisionfree boards run by dumbasses, or regular Invision boards run by dumbasses.

Ipso facto, bot runners target dumbasses. They aren't going to care about this one forum when there are a thousand other dumbass forums to target.

Edited by Paradox, 26 February 2007 - 11:33 PM.


#26 Blodo

Blodo

    The one who disagrees

  • Project Team
  • 3,002 posts
  • Location:Eastern Europe
  • Projects:siteMeister, Mental Omega
  •  The wise guy

Posted 26 February 2007 - 11:45 PM

That would probably work...for a few days ;) after that the bots will just be adapted :rolleyes:

The best bot prevention is good CAPTCHA.

Nope. Bots can crack CAPTCHA much easier than they can bypass a form they don't understand. Sure, the bot creators can adapt the bots to it - but how will they know that they need to, bearing in mind that this is not a standard forum upgrade - it's a custom fix. It's obvious that it will stop any and all bots.

We tried a rather good CAPTCHA, it didn't work. If you think you can code a CAPTCHA that will stop all bots dead in their tracks, I welcome you to try.

Edited by Blodo, 26 February 2007 - 11:47 PM.

ARGUMENT FROM CREATION, a.k.a. ARGUMENT FROM PERSONAL INCREDULITY (I)
(1) If evolution is false, then creationism is true, and therefore God exists.
(2) Evolution can't be true, since I lack the mental capacity to understand it; moreover, to accept its truth would cause me to be uncomfortable.
(3) Therefore, God exists.


#27 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 27 February 2007 - 12:02 AM

Dynamically generated character series as a background image to the field, requiring the same series for correct validation. Even I could probably do that, and bots wouldn't read it, but the simlicity of a dud field has something to be admired :rolleyes:

World Domination Status: 2.7%


#28 Blodo

Blodo

    The one who disagrees

  • Project Team
  • 3,002 posts
  • Location:Eastern Europe
  • Projects:siteMeister, Mental Omega
  •  The wise guy

Posted 27 February 2007 - 12:08 AM

You have to know that bots use OCR since some time now, which means they are able to read text from images, unless it's really done right. Something which practically nobody has been able to do 100% :rolleyes:

ARGUMENT FROM CREATION, a.k.a. ARGUMENT FROM PERSONAL INCREDULITY (I)
(1) If evolution is false, then creationism is true, and therefore God exists.
(2) Evolution can't be true, since I lack the mental capacity to understand it; moreover, to accept its truth would cause me to be uncomfortable.
(3) Therefore, God exists.


#29 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 27 February 2007 - 12:30 AM

Thats why you find somewhere they won't look to put it ;)
How about a compromise - hidden capcha :rolleyes:

World Domination Status: 2.7%


#30 Hostile

Hostile

    Benefitting Humanity Simply by Showing Up!

  • Veterans
  • 9,551 posts
  • Location:Washington DC
  •  T3A Founder
  • Division:Revora
  • Job:Global Administrator
  • Donated
  • Association

Posted 27 February 2007 - 12:54 AM

What about word association? Meaning upon registering, an image shows up with four checkboxes. Picture of a cat with options: cat, dog, tiger, duck.

There is no way a bot could determine which answer it was. Though it could cylce through all fours answers quickly, it would have to be designed to do that for it to work.

Are bots designed to solve that one? Maybe they are, I don't know.

#31 Destroyer

Destroyer

    Byte me

  • Members
  • 2,305 posts
  • Location:My back pocket
  • Projects:Having fun
  •  Just this guy, you know?

Posted 27 February 2007 - 01:07 AM

How about just

Are you sure you want to register?
* NO
* YES

default to NO. Just make sure that it's obvious to humans that it's there.

#32 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 27 February 2007 - 05:05 AM

Require a list of colors to be re-written as the color they appear as :rolleyes:

World Domination Status: 2.7%


#33 Bart

Bart

  • Network Admins
  • 8,524 posts
  • Location:The Netherlands
  • Division:Revora
  • Job:Network Leader

Posted 27 February 2007 - 08:28 AM

Nope. Bots can crack CAPTCHA much easier than they can bypass a form they don't understand. Sure, the bot creators can adapt the bots to it - but how will they know that they need to, bearing in mind that this is not a standard forum upgrade - it's a custom fix. It's obvious that it will stop any and all bots.

We tried a rather good CAPTCHA, it didn't work. If you think you can code a CAPTCHA that will stop all bots dead in their tracks, I welcome you to try.


http://sam.zoy.org/pwntcha/
bartvh | Join me, make your signature small!
Einstein: "We can’t solve problems by using the same kind of thinking we used when we created them."

#34 Calamity_Jones

Calamity_Jones

    Boomers Disposable Minion

  • Project Team
  • 2,399 posts
  • Location:East Yorkshire - England
  • Projects:Only War 2
  •  The Lurker-Turned-Poster-Turned-Lurker

Posted 27 February 2007 - 10:10 AM

Provide a complex conjugate partial differential equation to solve :rolleyes:

What about word association? Meaning upon registering, an image shows up with four checkboxes. Picture of a cat with options: cat, dog, tiger, duck.

There is no way a bot could determine which answer it was. Though it could cylce through all fours answers quickly, it would have to be designed to do that for it to work.

Are bots designed to solve that one? Maybe they are, I don't know.


I like this idea, 'cept you could have a text field saying "what is the name of this animal?" and a bunch of photo's of animals that it cycles through or something. Obvious animals of course... not like subtly differing species of sheep or something ;)

Edited by Calamity_Jones, 27 February 2007 - 10:11 AM.

Posted Image

#35 Bart

Bart

  • Network Admins
  • 8,524 posts
  • Location:The Netherlands
  • Division:Revora
  • Job:Network Leader

Posted 27 February 2007 - 10:29 AM

Or, "what does not belong in the list"

[-] cat
[-] duck
[-] dog
[x] laptop
bartvh | Join me, make your signature small!
Einstein: "We can’t solve problems by using the same kind of thinking we used when we created them."

#36 Blodo

Blodo

    The one who disagrees

  • Project Team
  • 3,002 posts
  • Location:Eastern Europe
  • Projects:siteMeister, Mental Omega
  •  The wise guy

Posted 27 February 2007 - 03:09 PM

http://sam.zoy.org/pwntcha/

Illustrates my point completely.

ARGUMENT FROM CREATION, a.k.a. ARGUMENT FROM PERSONAL INCREDULITY (I)
(1) If evolution is false, then creationism is true, and therefore God exists.
(2) Evolution can't be true, since I lack the mental capacity to understand it; moreover, to accept its truth would cause me to be uncomfortable.
(3) Therefore, God exists.


#37 Bart

Bart

  • Network Admins
  • 8,524 posts
  • Location:The Netherlands
  • Division:Revora
  • Job:Network Leader

Posted 27 February 2007 - 03:22 PM

Which illustrates my point that you don't (try to) read very well :rolleyes:, and that I was right in saying that we need a good captcha, which exists:

These captchas can currently not be defeated by PWNtcha. Note however that this is not an acknowledgement of efficiency; for instance, EZ-Gimpy can be easily defeated by other projects. However, the Passport/Yahoo and CFXCaptcha captchas are probably going to last for a long time.


CFXCaptcha:

Posted Image
bartvh | Join me, make your signature small!
Einstein: "We can’t solve problems by using the same kind of thinking we used when we created them."

#38 Blodo

Blodo

    The one who disagrees

  • Project Team
  • 3,002 posts
  • Location:Eastern Europe
  • Projects:siteMeister, Mental Omega
  •  The wise guy

Posted 27 February 2007 - 03:38 PM

You better learn to read first though. I said: Go ahead and code it, genius.

ARGUMENT FROM CREATION, a.k.a. ARGUMENT FROM PERSONAL INCREDULITY (I)
(1) If evolution is false, then creationism is true, and therefore God exists.
(2) Evolution can't be true, since I lack the mental capacity to understand it; moreover, to accept its truth would cause me to be uncomfortable.
(3) Therefore, God exists.


#39 Solinx

Solinx

    .

  • Undead
  • 3,101 posts
  • Location:The Netherlands
  • Projects:Real Life
  • Division:Revora
  • Job:Retired Leader / Manager

Posted 05 March 2007 - 06:52 PM

Worth pointing out that a huge amount of CAPTCHA scripts are actually easily crackable: http://sam.zoy.org/pwntcha/

It does claim the CFXCAPTCHA to be very good, but simply converting the
example to 2-colour and applying a gaussian blur and the text looks plain enough for an OCR to read (have not got one handy though, so can not test for sure.) More importantly though, is that they frustrate a lot of users, and are often unusable for people who are colour blind, dyslexic, etc...

Source

While he hasn't tested his idea yet, he does have an idea, and I believe it will be only a matter of time before someone will come up with an idea that will actually work. Because the Captcha is marked as hard to crack, some people will only try harder to gain the recognision they would get for cracking it. In short, I think it won't take as long as said at the site.

From the other side, creating such a Captcha with enough randomization would probably be a pretty though job.

The idea of Blodo is interesting, but if that won't work (I don't know about coding, so I leave that up to others to decide) and a captcha is needed, then how about putting in two words (or strings of random characters) and ask people to only type one of them?
I doubt a bot would do anything but enter all characters it finds in a captcha.

The third idea, to have a question that only a human could answer is something that could work too, but it shouldn't be multiple choice. As Hostile said:

Though it could cylce through all fours answers quickly, it would have to be designed to do that for it to work.


Hostiles idea is nice too, although not with checkboxes, but written input. From the site 2play linked too, a similar solution failed because it had bad programming.

We all have our ideas, and I think the only way to find out if any of them will work, is to actually try them.

If the idea from Blodo is really easy to implent, why not give it a try? It's certainly not going to bother people if it doesn't work.

After having done the most simple one, we can try the others.

Solinx
Posted Image

"An expert is a man who has made all the mistakes which can be made in a very narrow field." - Niels Bohr


#40 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 05 March 2007 - 11:10 PM

It's certainly not going to bother people if it doesn't work.

Unless someone views source or has a really really bad connection, nobody will even know its there :xcahik_:
And quite, nobodys saying this is a be all and end all solution, its just our occums razor - the easiest solution is likely the correct one. If for some whacko reason it doesn't work, theres no reason we cannot try an alternative.

World Domination Status: 2.7%





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users