[IMC-Tech] Captcha implementation: which way to choose?
fluffymike at googlemail.com
Tue Aug 3 01:47:50 PDT 2010
I'm just now looking into Bayes filters and SpamAssassin rules as a
way to stop the spam based on content rather than captcha, although
both are probably a good idea.
Ideally this might be done as e.g. an xmlrpc web service to allow it
to be easily incorporated into any indymedia system.
But it's early days yet, so don't hold your breath.
On 3 August 2010 00:32, Terence <terence010203 at yahoo.co.uk> wrote:
> --- On Mon, 2/8/10, mark burdett <mark at indymedia.org> wrote:
>> From: mark burdett <mark at indymedia.org>
>> Subject: Re: [IMC-Tech] Captcha implementation: which way to choose?
>> To: "Dmitry Borodaenko" <angdraug at gmail.com>
>> Cc: samizdat-devel at nongnu.org, imc-tech at lists.indymedia.org
>> Date: Monday, 2 August, 2010, 19:30
>> On Mon, 02 Aug 2010 17:56:18 +0300,
>> Dmitry Borodaenko wrote:
>> > > Self-made textual captcha implementation:
>> > > + do not require 3rd-party service
>> > > + should not affect site load significantly
>> > > - textual captchas are considered relatively
>> weak in comparison w/ graphical ones
>> > Implementing Captcha is a very common problem, let's
>> make sure there's
>> > definitely no other option before starting yet another
>> I've found if you code your own captcha, and it's only used
>> by a very
>> small number of sites, spammers apparently won't waste time
>> developing a
>> work-around, when they could attack thousands of sites
>> using the same
>> captcha plugin. Knock on wood.
>> Maybe I shouldn't encourage this, for fear someone will
>> finally start
>> cracking all the self-made textual captcha implementations
>> out there..
> The best anti-spam measures consist of multiple defences because each one increases the probability that the spammers will fail. You will catch and reject a lot of spam even with basic validation and other stuff like long sequences of random characters but with fixed embedded characters at key points which then must be returned by the form. You can encode these and also configure their positioning on the site side. Taking a timestamp and splitting out each digit spread over a much longer set, can be useful, because you can then narrow the time window of submission.
> And as to captcha's, I recall Bristol IMC developed a text based numeric captcha which was much simpler to code up. This was then integrated into the Oscailt CMS.
> It is probably relatively easy for sophisticated spammers to overcome, but if you add in an option to turn off open-publishing while the spam attack is under way, they will often get tired, and then you can go back and switch it on again later and any anti-spam measures will continue to work against the other spammers who are not so clever.
> imc-tech mailing list
> imc-tech at lists.indymedia.org
More information about the imc-tech