Re: [PHP] Alternative/Addition to using a CAPTCHA

At 3:37 PM +0200 3/30/07, Tijnema ! wrote:
On 3/30/07, John Comerford <johnc@xxxxxxxxxxxxxxxxxxxx> wrote:
I was reading the current tread on CAPTCHA and possible cracks and I
thought maybe I'd throw this out to the group to see what you think.
Recently I saw a forum where in order to post you first had to click on
a div that was placed at a random location on the page, it read
something like, "Click here if you are human". I was thinking that
maybe you could put together a system that looks something like this:

http://people.aapt.net.au/JComerford/ClickMe.htm

I was thinking you could use it in a couple of ways:

1) As a replacement to a CAPTCHA image
2) When you click the image a CAPTCHA image is loaded into the 'Click
Me' container

The main problem is how to tell the server that the div has been
clicked, in a way that can't be simulated. I am not an expect with
either JS or PHP, but maybe some of the bigger brains out there could
throw in their 2 cents......

JC

This looks maybe hard to crack, but actually it isn't very hard. All
the clicking does is calling a javascript function. You still could
submit the page without clicking the box.

Tijnema

Tijnema & John:

The above link I've already done a long time ago. But check out my dot CAPTCHA here:

http://sperling.com/examples/p-captcha

This does not use javascript, but does use sessions.

As you can see, the blue dot can be placed anywhere on the entrance page. Granted this presents problem for the visually impaired, so I'm not recommending it. But, it's just a proof of concept at this point. Plus, I have not checked this on all browsers. I suspect that some browsers may have problems with alpha channel images -- so your mileage may differ.

In any event, I think this may be a bit more difficult to crack than something that replies upon javascript -- what do you think?

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
.