any ideas why a captcha image will not work

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

any ideas why a captcha image will not work

Post by yacahuma »

Hello,

I never have problems with captcha image, but every now and then , someone will tell me that they tried to create an account more than 10 times, and the form will say that the captcha image is invalid.

Does anyone has any ideas why will a user experience this? My captcha always convert to lower case and is just 5 letters to make it easier for the user.

Could it has to do with a session?

Thank you
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: any ideas why a captcha image will not work

Post by pickle »

Probably PEBKAC (Problem Exists Between Keyboard And Chair)
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: any ideas why a captcha image will not work

Post by yacahuma »

No, it was the programmer. I found the problem in my code.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: any ideas why a captcha image will not work

Post by pickle »

Do you sit in a chair? Do you type on a keyboard? :twisted:

No, seriously I meant the user - glad you found the bug.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: any ideas why a captcha image will not work

Post by JAB Creations »

The CAPTCHA solution is extensive for a simple problem. Bots are dumb and there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Re: any ideas why a captcha image will not work

Post by Bill H »

...there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
Pointers?
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: any ideas why a captcha image will not work

Post by yacahuma »

the error was mine. I was using strlower to compare, but only on on side. It just happens that almost everyone typed in lower case, so that why it seems to work.
User avatar
Inkyskin
Forum Contributor
Posts: 282
Joined: Mon Nov 19, 2007 10:15 am
Location: UK

Re: any ideas why a captcha image will not work

Post by Inkyskin »

I don't use captcha on my site - I simply have a required question asking if the sun is hot or cold... works a treat :D
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: any ideas why a captcha image will not work

Post by JAB Creations »

Bill H wrote:
...there are countless techniques to block them with 100% effectiveness that can go completely unnoticed by users.
Pointers?
Your web server's access log is the first place to start. It's so easy to look at two MSIE user agents and figure out which one the bot is. I'm not going to give out all the secrets...you really have to know what a bot and what a human will support or not. There are just so many differences though that even coming up with one solution will effectively leave spammers in the dust. Why bother with image generation or what have you? Form traps, link traps...and not giving content in the first place, not obeying robots.txt...these are not difficult concepts. :wink:

Just think of a bot of as deaf, blind, and greedy to the point that they'll drink anything you give them. :twisted:

...why Inkyskin are you having your users fill in data? Bots will gladly fill in form fields that users will never see and would never fill out. :wink:
User avatar
Inkyskin
Forum Contributor
Posts: 282
Joined: Mon Nov 19, 2007 10:15 am
Location: UK

Re: any ideas why a captcha image will not work

Post by Inkyskin »

Yeah, I've heard of that method too - mine helps weed out extremely stupid humans too ;) lol
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Re: any ideas why a captcha image will not work

Post by Bill H »

Your web server's access log is the first place to start. It's so easy to look at two MSIE user agents and figure out which one the bot is. I'm not going to give out all the secrets...you really have to know what a bot and what a human will support or not. There are just so many differences though that even coming up with one solution will effectively leave spammers in the dust. Why bother with image generation or what have you? Form traps, link traps...and not giving content in the first place, not obeying robots.txt...these are not difficult concepts.
Okay, you can maintain your secrets and your sense of exclusivity, I will remain stupid and will continue to wish that I didn't have to have a dratted form on my dratted website and will delete the dratted spam than emanates from it.

I wasn't asking for a tutorial or for any proprietary that you have invented and do not wish to divulge. From the nature of your post ("there are countless techniques") I thought that there might be material on the web that you could point me to. Thus my "Pointers?" and not a request that you write a lengthy tutorial teaching an absolute idiot like me how to suck eggs.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: any ideas why a captcha image will not work

Post by John Cartwright »

Code: Select all

Okay, you can maintain your secrets and your sense of exclusivity, I will remain stupid and will continue to wish that I didn't have to have a dratted form on my dratted website and will delete the dratted spam than emanates from it.
 
Ditto. What harm is there is sharing security measures? You never know, we might improve (or disprove) it ;) Assuming of course we are talking about security and not obscurity.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: any ideas why a captcha image will not work

Post by JAB Creations »

Well stop thinking like developers for a moment and think like a designer...you want to give your users a seamless experience right? You don't want to bombard them with captcha images and rocket science math questions like what is 1+1! :twisted:

But there are things you can ask for (or not ask for and get any way) to all things (humans and otherwise) that will easily dictate if they are in fact a human or a robot.

1.) Bots are dumb.

With the exception of robots that adhere to robots.txt a content or email scrapper will follow every link on your domain's front page. If you've marked the first link forbidden by robots.txt and hide it via CSS then obviously only one type of visitor will ever visit that link.

2.) Bots are greedy.

If you give a bad bot a form and lots of fields what do you think they are going to do with it? They're going to fill them all out right? So what happens when you merge one of the last solution's idea to a form? If a human can't see it and the form action is forbidden by robots.txt again what is that going to tell you about that visitor?

Those are two very insanely simple solutions that your visitors will never notice. Heck there are tons of other ways to approach this problem but if you're good at something never give it all away for free. :wink:
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Re: any ideas why a captcha image will not work

Post by Bill H »

I have no idea what you said. You have convinced me to ditch what I've been doing for the last fifteen years and to take up mowing lawns for a living.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: any ideas why a captcha image will not work

Post by JAB Creations »

Bill, you've worked with web server access and web statistics before haven't you? You've seen absurd URL's such as insanely long URL's that don't exist that were requested by spam bots? Have you've looked at an access log looking at how a spam bot's IP address behaves on any of the sites you work on that are live?

1.) What does an email scrapper want?

2.) Then what is an email scrapper going to request?

3.) What is an email scrapper not going to request?

An email scrapper isn't going to render a web page. It's not going to download anything unless it's programmed to which means it's only going to request pages that the author considers where email addresses are going to be present.

If it's a spam bot then it's going to fill out every possible field. Go ahead and test it out...put an invisible link at the top of whatever website you have to a page that is forbidden to be crawled by robots.txt. Then add a form and don't bother with any validation. Add a ton of fields and create a basic guest book without any sort of validation or anything and just have it store the $_POST data to wherever it's easiest for you to view. Depending on how much spam and scrapper traffic you get on that given domain name you should start seeing something being posted as quickly as a few moments to a few hours. You also have to keep in mind that spammers also tend to work in waves...they may be inactive for a few days and then start back up on their campaigns. Have you ever read any stories about these kinds of people? They don't seem to really keep to any schedule but there are enough of them out there with enough resources that you'll be able to see what I'm talking about.

Remember that part about bots being greedy? They want to take but they don't want to give. All they are going to do on a request is suck up HTML code. What in example can you not do with PHP once you use echo? Do you think a spam bot is going to care? If a spam bot is a guy who breaks in and enters your house and keeps stealing your milk you put a lock on the door right? Well now he needs a key. Imagine spam bots as burglars who will never show up with a lock pick. 'Nuff said.
Post Reply