Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evolution of the 'Captcha'

Posted by CmdrTaco on from the why-can't-i-even-read-them-half-the-time dept.

FireballX301 writes "The New York Times is running an article about the small word puzzles various sites use in order to defeat automated script registration while still letting humans through. It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created. This, of course, seems breakable as well — is there a feasible alternative to the captcha, or are we stuck jumping through more and more hoops to register at places?"

3 of 383 comments (clear)

  1. Re:Stop testing the Humans, test the Robots by jimstapleton · · Score: 5, Interesting

    have a random or semi random set of field names, with an associated "key" field. Use the key field to retrieve the field names of interest. Also have a "name" and "password" field set up so they are invisible to a normal user.

    Block any IP submitting a non-blank "name" or "password" field.

    --
    34486853790
    Connection too slow for X forwarding? Try "ssh -CX user@host"
  2. Captcha effectiveness isn't related to difficulty by Samrobb · · Score: 4, Interesting

    Shamus Young (the creator of the "DM of the Rings") recently introduced a captcha on his site to deal with comment spam. In his post about using a captcha on his site, he notes that:

    ... I used to get many hundreds of spam a day. Traffic here has jumped up since then, and I wouldn't be at all surprised to find I'm getting a couple of thousand a day by this point. But all of them bounce off the CAPTCHA, and I never even see them. I only see a spam make it through about once every other week, and I'm betting the ones that do make it though are entered manually... In any case, these are really impressive results for a CAPTCHA with only one short phrase that never changes.

    Emphasis mine. He's running a fairly popular site, and using a captcha based off of a single, unchanging, three-character phrase. Just the presence of the captcha was enough to effectively eliminate his spam problem. The indication seems to be that just the presence of a captcha is enough to keep spam off of even a moderately popular site.

    --
    "Great men are not always wise: neither do the aged understand judgement." Job 32:9
  3. Re:Alternative? by cyphergirl · · Score: 4, Interesting

    My husband and I run a forum for homebuilt aircraft and we've already got bots doing this. We're using captchas at registration, an email activiation link AND we have to have a moderator personally approve every registration...... and we still have some spammers who get through. I'm really beginning to think that there is an army of them out there earning .01 per hour to actually read our site and create profiles that match our user base. Some of the spammers have gone as far as to create signature blocks stating which type of kit they are building and the tail number they've reserved from the FAA. The account gets approved and then we've got hundreds of V1@grA posts to clean up in the morning.

    I read an advertisement recently -- apparently someone is collecting the URLs of web forum signup pages and then selling them to the botnets. I was thinking that maybe we could come up with a way of randomizing the signup page URL so that it would only work when the link is actually clicked on, but never got around to it. And let's be honest -- they'd figure that out too. *sigh*

    --
    --Insert catchy .sig line here--