any ideas why a captcha image will not work
Moderator: General Moderators
any ideas why a captcha image will not work
Hello,
I never have problems with captcha image, but every now and then , someone will tell me that they tried to create an account more than 10 times, and the form will say that the captcha image is invalid.
Does anyone has any ideas why will a user experience this? My captcha always convert to lower case and is just 5 letters to make it easier for the user.
Could it has to do with a session?
Thank you
I never have problems with captcha image, but every now and then , someone will tell me that they tried to create an account more than 10 times, and the form will say that the captcha image is invalid.
Does anyone has any ideas why will a user experience this? My captcha always convert to lower case and is just 5 letters to make it easier for the user.
Could it has to do with a session?
Thank you
Re: any ideas why a captcha image will not work
Probably PEBKAC (Problem Exists Between Keyboard And Chair)
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: any ideas why a captcha image will not work
No, it was the programmer. I found the problem in my code.
Re: any ideas why a captcha image will not work
Do you sit in a chair? Do you type on a keyboard?
No, seriously I meant the user - glad you found the bug.
No, seriously I meant the user - glad you found the bug.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: any ideas why a captcha image will not work
The CAPTCHA solution is extensive for a simple problem. Bots are dumb and there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
- Bill H
- DevNet Resident
- Posts: 1136
- Joined: Sat Jun 01, 2002 10:16 am
- Location: San Diego CA
- Contact:
Re: any ideas why a captcha image will not work
Pointers?...there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
Re: any ideas why a captcha image will not work
the error was mine. I was using strlower to compare, but only on on side. It just happens that almost everyone typed in lower case, so that why it seems to work.
Re: any ideas why a captcha image will not work
I don't use captcha on my site - I simply have a required question asking if the sun is hot or cold... works a treat 
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: any ideas why a captcha image will not work
Your web server's access log is the first place to start. It's so easy to look at two MSIE user agents and figure out which one the bot is. I'm not going to give out all the secrets...you really have to know what a bot and what a human will support or not. There are just so many differences though that even coming up with one solution will effectively leave spammers in the dust. Why bother with image generation or what have you? Form traps, link traps...and not giving content in the first place, not obeying robots.txt...these are not difficult concepts.Bill H wrote:Pointers?...there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
Just think of a bot of as deaf, blind, and greedy to the point that they'll drink anything you give them.
...why Inkyskin are you having your users fill in data? Bots will gladly fill in form fields that users will never see and would never fill out.
Re: any ideas why a captcha image will not work
Yeah, I've heard of that method too - mine helps weed out extremely stupid humans too
lol
- Bill H
- DevNet Resident
- Posts: 1136
- Joined: Sat Jun 01, 2002 10:16 am
- Location: San Diego CA
- Contact:
Re: any ideas why a captcha image will not work
Okay, you can maintain your secrets and your sense of exclusivity, I will remain stupid and will continue to wish that I didn't have to have a dratted form on my dratted website and will delete the dratted spam than emanates from it.Your web server's access log is the first place to start. It's so easy to look at two MSIE user agents and figure out which one the bot is. I'm not going to give out all the secrets...you really have to know what a bot and what a human will support or not. There are just so many differences though that even coming up with one solution will effectively leave spammers in the dust. Why bother with image generation or what have you? Form traps, link traps...and not giving content in the first place, not obeying robots.txt...these are not difficult concepts.
I wasn't asking for a tutorial or for any proprietary that you have invented and do not wish to divulge. From the nature of your post ("there are countless techniques") I thought that there might be material on the web that you could point me to. Thus my "Pointers?" and not a request that you write a lengthy tutorial teaching an absolute idiot like me how to suck eggs.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: any ideas why a captcha image will not work
Code: Select all
Okay, you can maintain your secrets and your sense of exclusivity, I will remain stupid and will continue to wish that I didn't have to have a dratted form on my dratted website and will delete the dratted spam than emanates from it.
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: any ideas why a captcha image will not work
Well stop thinking like developers for a moment and think like a designer...you want to give your users a seamless experience right? You don't want to bombard them with captcha images and rocket science math questions like what is 1+1! 
But there are things you can ask for (or not ask for and get any way) to all things (humans and otherwise) that will easily dictate if they are in fact a human or a robot.
1.) Bots are dumb.
With the exception of robots that adhere to robots.txt a content or email scrapper will follow every link on your domain's front page. If you've marked the first link forbidden by robots.txt and hide it via CSS then obviously only one type of visitor will ever visit that link.
2.) Bots are greedy.
If you give a bad bot a form and lots of fields what do you think they are going to do with it? They're going to fill them all out right? So what happens when you merge one of the last solution's idea to a form? If a human can't see it and the form action is forbidden by robots.txt again what is that going to tell you about that visitor?
Those are two very insanely simple solutions that your visitors will never notice. Heck there are tons of other ways to approach this problem but if you're good at something never give it all away for free.
But there are things you can ask for (or not ask for and get any way) to all things (humans and otherwise) that will easily dictate if they are in fact a human or a robot.
1.) Bots are dumb.
With the exception of robots that adhere to robots.txt a content or email scrapper will follow every link on your domain's front page. If you've marked the first link forbidden by robots.txt and hide it via CSS then obviously only one type of visitor will ever visit that link.
2.) Bots are greedy.
If you give a bad bot a form and lots of fields what do you think they are going to do with it? They're going to fill them all out right? So what happens when you merge one of the last solution's idea to a form? If a human can't see it and the form action is forbidden by robots.txt again what is that going to tell you about that visitor?
Those are two very insanely simple solutions that your visitors will never notice. Heck there are tons of other ways to approach this problem but if you're good at something never give it all away for free.
- Bill H
- DevNet Resident
- Posts: 1136
- Joined: Sat Jun 01, 2002 10:16 am
- Location: San Diego CA
- Contact:
Re: any ideas why a captcha image will not work
I have no idea what you said. You have convinced me to ditch what I've been doing for the last fifteen years and to take up mowing lawns for a living.
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: any ideas why a captcha image will not work
Bill, you've worked with web server access and web statistics before haven't you? You've seen absurd URL's such as insanely long URL's that don't exist that were requested by spam bots? Have you've looked at an access log looking at how a spam bot's IP address behaves on any of the sites you work on that are live?
1.) What does an email scrapper want?
2.) Then what is an email scrapper going to request?
3.) What is an email scrapper not going to request?
An email scrapper isn't going to render a web page. It's not going to download anything unless it's programmed to which means it's only going to request pages that the author considers where email addresses are going to be present.
If it's a spam bot then it's going to fill out every possible field. Go ahead and test it out...put an invisible link at the top of whatever website you have to a page that is forbidden to be crawled by robots.txt. Then add a form and don't bother with any validation. Add a ton of fields and create a basic guest book without any sort of validation or anything and just have it store the $_POST data to wherever it's easiest for you to view. Depending on how much spam and scrapper traffic you get on that given domain name you should start seeing something being posted as quickly as a few moments to a few hours. You also have to keep in mind that spammers also tend to work in waves...they may be inactive for a few days and then start back up on their campaigns. Have you ever read any stories about these kinds of people? They don't seem to really keep to any schedule but there are enough of them out there with enough resources that you'll be able to see what I'm talking about.
Remember that part about bots being greedy? They want to take but they don't want to give. All they are going to do on a request is suck up HTML code. What in example can you not do with PHP once you use echo? Do you think a spam bot is going to care? If a spam bot is a guy who breaks in and enters your house and keeps stealing your milk you put a lock on the door right? Well now he needs a key. Imagine spam bots as burglars who will never show up with a lock pick. 'Nuff said.
1.) What does an email scrapper want?
2.) Then what is an email scrapper going to request?
3.) What is an email scrapper not going to request?
An email scrapper isn't going to render a web page. It's not going to download anything unless it's programmed to which means it's only going to request pages that the author considers where email addresses are going to be present.
If it's a spam bot then it's going to fill out every possible field. Go ahead and test it out...put an invisible link at the top of whatever website you have to a page that is forbidden to be crawled by robots.txt. Then add a form and don't bother with any validation. Add a ton of fields and create a basic guest book without any sort of validation or anything and just have it store the $_POST data to wherever it's easiest for you to view. Depending on how much spam and scrapper traffic you get on that given domain name you should start seeing something being posted as quickly as a few moments to a few hours. You also have to keep in mind that spammers also tend to work in waves...they may be inactive for a few days and then start back up on their campaigns. Have you ever read any stories about these kinds of people? They don't seem to really keep to any schedule but there are enough of them out there with enough resources that you'll be able to see what I'm talking about.
Remember that part about bots being greedy? They want to take but they don't want to give. All they are going to do on a request is suck up HTML code. What in example can you not do with PHP once you use echo? Do you think a spam bot is going to care? If a spam bot is a guy who breaks in and enters your house and keeps stealing your milk you put a lock on the door right? Well now he needs a key. Imagine spam bots as burglars who will never show up with a lock pick. 'Nuff said.