RE: [PHP] Alternative/Addition to using a CAPTCHA



-----Original Message-----
From: tedd [mailto:tedd@xxxxxxxxxxxx]
Sent: Friday, March 30, 2007 3:06 PM
To: Tijnema !; John Comerford
Cc: php-general@xxxxxxxxxxxxx
Subject: Re: [PHP] Alternative/Addition to using a CAPTCHA

At 3:37 PM +0200 3/30/07, Tijnema ! wrote:
On 3/30/07, John Comerford <johnc@xxxxxxxxxxxxxxxxxxxx> wrote:
I was reading the current tread on CAPTCHA and possible cracks and I
thought maybe I'd throw this out to the group to see what you think.
Recently I saw a forum where in order to post you first had
to click on
a div that was placed at a random location on the page, it read
something like, "Click here if you are human". I was thinking that
maybe you could put together a system that looks something
like this:

http://people.aapt.net.au/JComerford/ClickMe.htm

I was thinking you could use it in a couple of ways:

1) As a replacement to a CAPTCHA image
2) When you click the image a CAPTCHA image is loaded into
the 'Click
Me' container

The main problem is how to tell the server that the div has been
clicked, in a way that can't be simulated. I am not an expect with
either JS or PHP, but maybe some of the bigger brains out
there could
throw in their 2 cents......

JC

This looks maybe hard to crack, but actually it isn't very hard. All
the clicking does is calling a javascript function. You still could
submit the page without clicking the box.

Tijnema

Tijnema & John:

The above link I've already done a long time ago. But check out my
dot CAPTCHA here:

http://sperling.com/examples/p-captcha



Maybe I'm going blind.. But I don't see a circle on that page anywhere?
Everywhere I click it fails......
Jake



This does not use javascript, but does use sessions.

As you can see, the blue dot can be placed anywhere on the entrance
page. Granted this presents problem for the visually impaired, so I'm
not recommending it. But, it's just a proof of concept at this point.
Plus, I have not checked this on all browsers. I suspect that some
browsers may have problems with alpha channel images -- so your
mileage may differ.

In any event, I think this may be a bit more difficult to crack than
something that replies upon javascript -- what do you think?

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.23/740 - Release
Date: 3/30/2007 1:15 PM



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.23/740 - Release Date: 3/30/2007
1:15 PM

.

Relevant Pages

  • RE: [PHP] Cannot send a hyperlink
    ... [PHP] Cannot send a hyperlink ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)
  • RE: [PHP] Array Question
    ... Subject: [PHP] Array Question ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)
  • RE: [PHP] re-post (unanswered) Tables, flash and text
    ... You can see that I have a bunch of text underneath the flash animation in ... One would think that php would fill the dead space if the is nothing ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)
  • RE: [PHP] two small issues with php mail
    ... [PHP] two small issues with php mail ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)
  • RE: [PHP] Audio CAPTCHA review request
    ... It's mixture of a several languages, but there is php in it, so I ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)