Timeline for Practical non-image based CAPTCHA approaches?
Current License: CC BY-SA 3.0
21 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Dec 5, 2012 at 13:06 | comment | added | Mark Price | I have filled out forms, pressed "Submit" only to find I have typed in mismatching email address or something similar, But this new page has removed my email address (and sometimes all information) from the form, I then pressed the back button to go back to just before i pressed submit with all my information in, corrected my mistake (usually missed a dot out of .co.uk) then submit, so AntiSpam would be very low and I would be marked as a bot. | |
Oct 28, 2011 at 5:46 | history | edited | Kevin Ji | CC BY-SA 3.0 |
force syntaxhighlight
|
Sep 16, 2011 at 16:10 | comment | added | Adrian McCarthy | -1: Question specifically asked for a fallback for when JavaScript is disabled. | |
Nov 6, 2010 at 18:33 | comment | added | Chris S | Take a look at Watin, you could write a C# unit test to work your way around it very easily with that | |
Jul 16, 2010 at 12:05 | comment | added | GateKiller | @user257493: Your right, but this type of Captcha is only designed to stop casual bots and not focused attacks. | |
Jul 14, 2010 at 13:53 | comment | added | Incognito | I would just like to point out that if I were to write a spambot, I wouldn't be loading the entry-form, I would be submitting to the POST submission page. | |
Apr 19, 2010 at 16:08 | history | edited | Peter Mortensen | CC BY-SA 2.5 |
Minor edit: grammar/spelling/case/punctuation/etc. Removed cruft - see http://meta.stackoverflow.com/questions/30142/how-to-correct-trivial-mistakes-in-answers/30146#30146
|
Jul 9, 2009 at 6:14 | comment | added | McPherrinM | An approach such as this is easily circumvented by a custom bot that understands how to correctly submit the mangled form. Stack Overflow receives enough traffic that this would be worthwhile for a spammer to write. | |
Jul 6, 2009 at 14:07 | comment | added | pbreitenbach | I think it's better to start with easy-to-bypass tests to see if they are adequate. | |
Mar 5, 2009 at 9:21 | comment | added | GateKiller | To all who have pointed out that bots could get past... This I know as I pointed out in the answer. It's a very simple method to stop your average bot and bored users. I am currently using it on my blog and so far, it has been 100% successful. | |
Mar 5, 2009 at 5:31 | comment | added | Jonathan Parker | @GateKiller: Iny is saying that a spam bot could delay their response. I.e. cache the page for a few seconds and then submit the postback later (meanwhile trawling other sites and caching those pages). | |
Feb 7, 2009 at 22:41 | comment | added | Tim Scott | Here's a twist on this that I use. Make the hidden value an encrypted time set to now. Upon post back, verify that between 10 seconds and 10 minutes has elapsed. This foils tricksters who would try to plug in some always-valid value. | |
Feb 7, 2009 at 16:59 | comment | added | iny | The spammer could use some very old page load too. | |
Jan 8, 2009 at 14:24 | vote | accept | Jeff Atwood | ||
Oct 1, 2008 at 1:44 | history | edited | MusiGenesis | CC BY-SA 2.5 |
grammer, clarity
|
Sep 22, 2008 at 23:56 | history | edited | GateKiller | CC BY-SA 2.5 |
added 527 characters in body
|
Sep 20, 2008 at 17:44 | comment | added | AviD | Very obviously bypassable, if a malicious user bothers to look at it. While I'm sure you're aware of this, I guess you're assuming that they won't bother... Well, if it's not a site of any value, then you're right and they wont bother - but if it is, then they will, and get around it easy enough... | |
Sep 9, 2008 at 16:48 | comment | added | Clay Nichols | VERSION THAT WORKS WITHOUT JAVASCRIPT How about if you did this with ASP, etc. and had a timestamp for when the form page was loaded and then compared that to the time when the form was submitted. If ElapsedTime<10 sec then it's likely spam. | |
Sep 2, 2008 at 15:24 | history | edited | GateKiller | CC BY-SA 2.5 |
Added my updated function
|
Aug 29, 2008 at 17:00 | history | edited | GateKiller | CC BY-SA 2.5 |
Shameless linking to more detail on my blog.
|
Aug 12, 2008 at 9:34 | history | answered | GateKiller | CC BY-SA 2.5 |