Improve the CAPTCHA System?

registered · Posted: Mon Jul 09, 2007 6:06 am

I've been reading up on these various systems and am learning that most implementations of it are very ineffective.

Here's a pretty interesting read:

http://sam.zoy.org/pwntcha/

Just thought I'd post it here for the Raven Team.

Posted: Mon Jul 09, 2007 6:27 am

That is an interesting read.

The captcha in RN is a vast improvement over the standard Nuke one, but I'm sure further work can be done on it.

I know Guardian is looking at using an animated GIF, which would make it extremely difficult to crack.

registered · Posted: Mon Jul 09, 2007 6:54 am

Yeah, I personally like the direction of requiring human reasoning power to figure out "problem". But, unfortunately, like with most captchas, it can really hurt the visually impaired folks.

Posted: Mon Jul 09, 2007 10:16 am

To be honest it's a shame we have to do this in the first place Sad

registered · Posted: Mon Jul 09, 2007 10:22 am

It should be mentioned that link isn't safe for work. Shocked

registered · Posted: Wed Jul 11, 2007 12:23 pm

Seen this link already, without seeing the script in-action, I have no guarentees on its effectiveness. There are many spam engines that will break CAPCHTAs though, so it may be a mute point.

Posted: Wed Jul 11, 2007 12:51 pm

There was a recent posting on Slashdot related to this subject:

http://it.slashdot.org/article.pl?sid=07/07/09/0110203

Posted: Fri Nov 02, 2007 7:49 am

Only registered users can see links on this board! Get registered or login!

Spammers employ stripper to break Captcha

Posted: Sat Nov 03, 2007 8:51 am

Isn't it sickening? Now how do you stop from having actual human beings being employed to register at a bunch of sites? How can you win... Sad

Posted: Sun Nov 04, 2007 2:26 pm

montego wrote:

Isn't it sickening? Now how do you stop from having actual human beings being employed to register at a bunch of sites? How can you win... Sad

You can't. Game over.

Posted: Mon Nov 05, 2007 7:49 am

I agree with manunkind with one major exception. For web sites that are "private" or even semi-private (local clubs, soccer leagues, family groups etc.) and where you don't need or even want to boost membership beyond the local interest group, having some kind of Approve Membership would really help. Spammers could still get thru, but if you made them write a paragraph or so about "why they want to join your site" and evaluated where they are from etc., the number who would get thru would be cut significantly. Perhaps for RN 3.0 (or whatever) we can get this done.

Posted: Tue Feb 12, 2008 8:22 am

As always, the problem remains the same.
How do you take measures to prevent spammers and other undesirables from siging up without it affecting accessibility or putting off the peple who genuinely want to sign up.
If I had to write some text about why I wanted to join a site every time, I would very quickly not even bother joining sites any more.

Of course you can use a combination of CAPTCHA's, blacklist comparing, referer checking etc to really narrow things down but even with those, you will still get the odd email from someone who is disgrntled because their registration was rejected.

I use Montego's Approve Membership Lite which is a great little tool and I have also added a warning on my registration page that I will reject applications from gmail, hotmail and other 'free' email accounts. In my 'rejection' email I do include an email link which genuine users who still apply using these amail accounts can contact me for me to review their application.
I have probably rejected over 300 registrations in the last year, of which maybe 4 emailed me to ask why they had been rejected using the link in my rejection email.

Posted: Wed Feb 13, 2008 6:54 am

BTW, I will be releasing the 2.20.00 version today or tomorrow. I have it ready but just need the time...