Twokinds ARCHIVE Forums

As I said in the other topic, If someone were color blind, this would screw them.

I can most of it, but there are certain points where i cant see a blasted thing in it.

How about the grey-scale version?

This is the hardest Captch I have ever seen... And my eyes are supposed to be rather good -_-' ... The greyscale is at least managable, but the "r" (as stated before) still is a problem. Either way, there must be better methods than using such captchas O o...

I've taken to embedding an input text box with a suggestive name (like "name" or "address1" or "city") in a span with the CSS display:none parameter. So for a real browser, it shouldn't even appear to exist except in the source. However, if you ignore the CSS (as I assume bots do), they see a text input box with a name that looks like it's definitely something they need to fill in. So they put gibberish of some kind in the "invisible" box. When I reach the form processing stage, if there's any content in that field, I can generally assume that the request comes from a bot and should be ignored.

Like I said on the FAQ board, however, I don't have any real idea how effective this is. I should try to do some testing with a honeypot and get some real numbers.

Captches are effective, sure, but I have been unable to get past some because of details, or rather, lack of such. Should I check capitalization? How can I tell "O" from "0" etc. etc. So they're kind of a double-edged sword.

Aren't there bot-eating links somewhere in the internet? You know, those which lure the bots inside and loop them in a never ending circle.

I saw one captcha I thought might work well, where it uses images rather than numbers, such as, "How many blue cats are there?" in a box full of different coloured cats and dogs. I imagine it would be able to throw off most bots?

Only for so long. Rapidshare did such a thing for a while; but it got cracked too.

Then again, with enough determination, anything is crackable.

Sounds like KittenAuth.

(It has accessibility problems mind you)

To Avwolf: text fields in the source can be easily avoided by bots unfortunately. Autoit is an example of an interpreted language that is capable of seeing what is "hidden" and what is "visible" in most cases, and can be further adjusted to know how to avoid text and fields that are made invisible by being blended into the background. Although AutoIt was made primarily for automated operations like installing upgrades on every computer out of hundreds in a network for example.

Oh, certainly. My banking is on the bot writers being lazy. I still use Javascript obfuscation for keeping my email out of the hands of spammers. It's the oldest trick in the book, but it still works at least reasonably well because it's too much work to make the scrapers particularly Javascript aware. Anyone willing to put forth the effort can find a way to break virtually anything with an automated tool. But I'd rather come up with something that mostly works and doesn't vastly inconvenience my users (and, generally, therefore me) and deal with the smart ones who get through than try to come up with a "bulletproof" system. *shrug* Though, as I've said before, I don't know how effective this is, I don't have any numbers to back it up.

Can I see the code that you've used for the captcha? I might be able to get something better out of it. And what language is it in?

Mine? It's super pansy. It's in PHP, like 90% or so of everything I write now. Figures that the only guy in the office who can write in a couple different assembly dialects is the one who writes almost exclusively PHP and Javascript. :P

...It's a little long to drop in a code block here (103 lines, counting whitespace and comments). I'll get something together so you can see its innards in a link. Might be a bit, things are still busy-ish here at work.

My bot hunter before all the later aditions was around 450 lines...>.>

How about these two captcha image examples that I made?

Much better, and much easier on the eyes.