Posted by Sebastian Gottschalk on 03/03/07 12:02

Kimmo Laine wrote:

> Paul Furman kirjoitti:
>> Varn wrote:
>>
>>> Hi all,
>>>
>>> I've got a website coded in PHP, and a malicious person is
>>> posting fake spam messages to a low-security forum that I've coded.
>>> My forum code simply reads the POST data and in good faith
>>> posts the message to the forum and records the IP of the poster.
>>> Here is what is happening. Bogus messages are being posted
>>> always of roughly the same type or message, often with
>>> bogus URLs in them, and the IP address that I am recording
>>> is always random i.e. spoofed.
>>
>> If it's an automated spam, you may have to install one of those things
>> with the wiggly jpeg letters & numbers to be re-typed by a live human. I
>> know someone who had to install something like that, I think it was a
>> simple plugin sort of deal. Sorry I'm not more specific.
>
> You're talking about the Turing test, aka. Captcha:
> http://en.wikipedia.org/wiki/CAPTCHA

CAPTCHA is not a Turing test, since a Turing test doesn't allow / tolerates
cheating. A CAPTCHA is trivially solved by a computer by forwarding it to a
human, letting him calculate the answer for you, and backforwarding the
result.

[Back to original message]