Login

11-12-2008, 01:54 PM

[eluser]Pascal Kriete[/eluser]
My argument would be that submitting a form is in itself user interaction. I can certainly see how this will work on a small site - I use a similar technique for my own contact form. Just feels silly to have the answer right there Wink

.

11-13-2008, 10:38 AM

[eluser]Moon 111[/eluser]
What kinds of questions? Even if you store the answer in a session, they can't be simple, or mathimatical. I could make my spam bot able to crack that in 15 minutes.

(Since yours are mathimatical the answer is there, either way! If a human can answer the question, surely a computer can solve it in far less time!

11-13-2008, 03:04 PM

[eluser]ray73864[/eluser]
One of the questions it just asked me was 'what day of the week is it?', i would suggest leaving questions like that out of the system.

The reason i say this is because if your server is in the US and i am in Western Australia (i am Smile

), the logical answer for me to that question would be 'Friday', however when i viewed the page source your system was expecting an answer of 'Thursday'.

This is why captchas work so well, they are timezone unbiased, so if you are going to try and create a 'am i human' question system your system too needs to be timezone unbiased (is that even a word?). Otherwise if a timezone question (like the one i got) suddenly pops up at the user they will answer it correctly from their point of view but the system might deem it incorrect.

11-13-2008, 03:13 PM

[eluser]Iverson[/eluser]
I personally like the time questions. I'll just have to make sure I check local timezones. And I've come up with a better solution than that. I'm going to generate images for the questions. The same idea as captcha but without the ugly letters and numbers.

11-14-2008, 04:51 AM

[eluser]Moon 111[/eluser]
So.... you're making a captcha, except your 'new idea' is to make it easy to beat? It really isn't that hard to beat home-made captchas. I've done it personally on sevral occasions.

11-14-2008, 06:06 AM

[eluser]johnwbaxter[/eluser]
@Moon 111 - why do you have "spam bots" that you've made?

11-14-2008, 08:06 AM

[eluser]Iverson[/eluser]
[quote author="audiopleb" date="1226685973"]@Moon 111 - why do you have "spam bots" that you've made?[/quote]

That was going to be my first question. Second question is why don't the people that are saying they could beat it, do it and let everybody know how they did it so we can make our code stronger. That's the whole point of forums. I never said any of my code is perfect. That's why I bring it amongst other good programmers (minus the ones that make spam bots) and get their feedback on it.

And everybody says they can "beat" other people's code. Let's see it! Let's not forget the number one rule of security as it relates to PHP. There will NEVER be unbeatable code. The point of security isn't to make something that can't be hacked because that's impossible. The point is to make code so tedious to try to hack that the benefit of actually hacking it isn't worth the time and effort of the hacker.

11-14-2008, 08:14 AM

[eluser]johnwbaxter[/eluser]
Yeah, good point well made Iverson.

Lets see it then Moon 111, we want reasons and code or there will be trouble.....

11-16-2008, 08:19 AM

[eluser]Moon 111[/eluser]
First off, I am a hacker at heart. Always will be. There is nothing, nothing, like knowing that you have beating someone intellectually. It also something that I enjoy about chess. However, my hat is a white one. I won't destroy ruin anyone elses work.

I'm not going to bother to explain how I would do it. There are mediocre articles on websites like http://www.hackthissite.org that are 5 pages long. I am going to say, though, that there is a reason why the captchas are so distorted.