• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What do you call those images that make you type what's on them...

Scarpozzi

Scarpozzi

Lifer
I've created a registration page for new users on a website I designed. Everything is done except for the content. I started thinking though, my registration page could potentially be populated by a bot. It sends a confirmation email with a link that activates the account, but I don't want to take a chance of having a bot come along and fill my database with random generated dummy accounts.

Where can I figure out what I need to get some pictures and line them up with some text for a submit verify type thing. I suppose I can make them and build it all myself (I'm just looking for a less time-consuming way to do it). Thanks.
 
they're called captcha

if this is for your class reunion site, don't bother

bots don't just go around filling out forms, they're typically instructed to do so for spamming purposes
 
Originally posted by: troytime
they're called captcha

if this is for your class reunion site, don't bother

bots don't just go around filling out forms, they're typically instructed to do so for spamming purposes
Click to expand...
That's what I thought, but I've heard stories of databases being flooded simply to "fill them up". Think of it as a denial of service attack for web-hosted SQL servers. Thanks...now that you said captcha, that sounds familiar for some reason. I think I was looking at some hot scripts that you could use to add those in to a site easily a few years ago.
 
Captcha.

Sourceforge.
Wikipedia.

IMHO they're from hell and are "considered harmful".

a) even being moderately correctable in my vision (glasses), I have a hard time reading the things correctly a decent amount of the time.
It's frustrating, annoying, and inconvenient.

b) Someone that *is* more visually impaired (or totally blind and using a screen reader software) will have no hope of it working.

c) You're assuming someone even has images enabled in their browser, which is a bad assumption because people still do use text mode browsers and other people turn off images to prevent slow page loads, malware, etc.

d) It's a further waste of someone's time.

e) I don't WANT to jump through sixteen levels of captcha, email, profile, etc. hoops just to contribute to / use some online forum. Chances are if Anandtech had done that when I'd gone to register, I wouldn't have bothered, and wouldn't be nicely answering your question now.
Sure maybe it's a minor inconvenience in any single site but multiply that by something like the 100 different sites I may use on a routine basis and there goes several wasted hours of my life dealing with stupid registration junk.

f) Of course then that raises the issue of registration pages that don't even WORK without javascript, flash, cookies, active X, etc. etc. etc. not any/all of which any given browser may have turned on or be compatible with....

Find a simpler less annnoying solution that doesn't prevent disabled people from using your site.

 
its certainly a possibility for a bot to fill up a db as a DOS attack

but seriously. you won't be a target
 
Originally posted by: troytime
its certainly a possibility for a bot to fill up a db as a DOS attack

but seriously. you won't be a target
Click to expand...
You had me at Hello.

I agree with QuixoticOne too... I think it's a lot more trouble than it's worth. However, I work as a sys admin in a large environment. I'm always thinking of ways to lock down stuff and secure pages, scripts, etc.... I certainly don't want to compromise functionality, but I've never built a registration page before like this. I run about 8 LDAP servers all with pre-populated directories at work...I never had to think about what makes a user "valid" until now. 😛
 
Find a simpler less annnoying solution that doesn't prevent disabled people from using your site.
Click to expand...

That's good advice, and everyone from MS to MIT is working on it, so if you succeed you'll be rich.

But in the meantime I'm afraid CAPTCHA, with suitable enhancements such as the ability to read the letters out loud so that a vision-challenged person can hear them, is the best solution we currently have.

Bots fill out post forms on websites for one reason and one reason only: to insert links into pages in order to increase the chances of people landing on an ad page, or a page that distributes malware.

As for the "you won't be a target" concept... you will if the page is out there long enough. I don't care how many people use it.
 
Most of the stories you here about are people who are using prebuilt web packages like phpBB or similar suites so the forms are well known and very easy to write the bots for. That's not to say someone won't come along and write a bot to fill your form, it only takes a matter of minutes to capture the headers being sent and replay them using curl or something similar.
 
Originally posted by: Crusty
Most of the stories you here about are people who are using prebuilt web packages like phpBB or similar suites so the forms are well known and very easy to write the bots for. That's not to say someone won't come along and write a bot to fill your form, it only takes a matter of minutes to capture the headers being sent and replay them using curl or something similar.
Click to expand...

I have what might be the least-visited blog/forums site on the net, and yet I had to introduce CAPTCHA because I started getting 20-40 spam inserts per day. Originally they exploited a hole that allowed script through, and inserted redirectors. I plugged that and they just inserted text links all over the place. Funny thing was, they always hit my file comments, never the forums, or the front page posts. It was obviously automated, which means they don't really care how much traffic your site gets. They're just spidering and farming 24 hours a day, and if the bots can find a way through then you will eventually get hit. My site is built on heavily customized ASP.Net 1.1 forum code, and probably had more holes than a better commercial package would.
 
That was kind of exactly my point, maybe I was a little vague. Basically I was saying eventually bots will find any site that has a hole in it, but for the most part the bots go after the easiest target. Those would be all the ones with known exploits first, like phpbb!
 
Originally posted by: Crusty
That was kind of exactly my point, maybe I was a little vague. Basically I was saying eventually bots will find any site that has a hole in it, but for the most part the bots go after the easiest target. Those would be all the ones with known exploits first, like phpbb!
Click to expand...

yeah phpbb and all the other really common free web apps are easy targets

typically home-grown and custom apps don't have bot problems
i work for a pretty large site with a ton of users and traffic
no captcha system, and we've never had a bot problem
 
Originally posted by: Crusty
That was kind of exactly my point, maybe I was a little vague. Basically I was saying eventually bots will find any site that has a hole in it, but for the most part the bots go after the easiest target. Those would be all the ones with known exploits first, like phpbb!
Click to expand...

Yeah, I just thought it was a good supporting anecdote. I think basically, if you can post an anonymous reply on a blog or board, then bots will find that site and post to it.
 
Microsoft has an experimental one out that claims to identify a responder as a browser-hosted application without any user interaction at all. Not sure if it is worth looking into.
 
Doesn't Captcha have a "listen" button that will "say" the letters through your speakers? If the alt text is written properly, then a "reader" for the visually impaired would identify the button to "listen" to the letters.

I think it works this way, apologies if I'm wrong...
 
speaking of captchas, to prove spammers stupid, I made my phpbb forum have 3 captchas, 2 are the same. The instructions say to enter the one that is the same. Not a single spammer registered so far - used to get 100 per day - they'd even reply to the confirmation emails at that.

Spammers should be hung by their nuts, naked, in a -50c blizzard then shot repeatedly with a pellet gun.
 
They make pellet guns that work at -50c? Wow 🙂.

Doing something offbeat will usually stop them, unless enough others start doing it and it becomes worth their while to script for it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top