Posted by Sherm Pendley on 02/23/07 23:27

"Jonathan N. Little" <lws4art@centralva.net> writes:

> Tina Peters wrote:
> <snip>
>> Yes, it does work. I'm not doubting that it can't be outsmarted and maybe
>> eventually it will. That said, I'm sure some wise alec is going to
>> purposely spam me...but we've gone from 10 spams to 1 legitimate email to
>> ZERO form spams since we started using it. We've been using it for several
>> months now and NOT ONE spam has made it through. Further, it doesn't have
>> the same usability issues that true CAPTCHA does.
>
> No it does *not* work! The whole point about CAPTCHA images is that
> they are images of characters that a "human" must view and interpret
> as the passcode and not trappable text. The font color and style means
> nothing to a script!
>
> Not to hard at all to devise a regular expression to extract "9f2bf"
> from your script's generated table...
>
> <table border="1" cellpadding="2" cellspacing="0" width="100%">
> <tbody><tr bgcolor="#ffffff">
> <td align="center"><font color="#0000ff" size="3">9</font></td>
> <td align="center"><font color="#006633" face="Arial, Helvetica,
> sans-serif">f</font></td>
> <td align="center"><font color="#330033" face="Times New Roman, Times,
> serif" size="3">2</font></td>
> <td align="center"><font color="#ff0000">b</font></td>
> <td align="center"><font face="Times New Roman, Times, serif"
> size="4">f</font></td>
> </tr>
> </tbody></table>

Just for grins...

#!/usr/bin/perl

use strict;
use warnings;

while(<DATA>) {
/">(.)<\/font/ && print $1;
}

__DATA__
<table border="1" cellpadding="2" cellspacing="0" width="100%">
<tbody><tr bgcolor="#ffffff">
<td align="center"><font color="#0000ff" size="3">9</font></td>
<td align="center"><font color="#006633" face="Arial, Helvetica,
sans-serif">f</font></td>
<td align="center"><font color="#330033" face="Times New Roman, Times,
serif" size="3">2</font></td>
<td align="center"><font color="#ff0000">b</font></td>
<td align="center"><font face="Times New Roman, Times, serif"
size="4">f</font></td>
</tr>
</tbody></table>

It took less than a minute to come up with that, and I'm no genius when it
comes to regexen. I wasn't guessing when I said it would take even the
stupidest script kiddie less than five minutes.

Tina, you've convinced yourself this is secure because otherwise you'd have
to admit you were suckered out of $10. Either that or you'd have to admit
you're selling snake oil; It's not clear to me whether you're the crook or
the sucker here.

The *only* reason you haven't gotten any spam yet is that no one has bothered
to try yet. You're not secure, you're just lucky.

sherm--

--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net

• Next in forum: Re: captcha to defeat form spammers
• Prev in forum: Re: captcha to defeat form spammers
• Thread view: Re: captcha to defeat form spammers

[Reply to this message]