living computationliving computation :: Life time :: comments
10 comments so far Add a comment (only with seekrit antispam code):
-spam message deleted from- 18 Nov 2004, 10:23:27 am
spam deleted :(
-spam message deleted from- 29 Nov 2004, 12:34:37 pm
spam deleted :(
Dave Ackley 30 Nov 2004, 10:12:07 am
The arms race
OK, so here it is. I've whipped up a wimpy antiautoblogspam 'captcha'-ish test and am now deploying it here.
So, now, to post a comment here successfully, in addition to everything else you have to read an image containing six hex digits, and write those six digits into a text box.
Note that unlike the 'real captcha tests' that the big boys like gahoo and yoogle use, here's there's no attempt at any sort of 'visual obfuscation' of the image --- no swirls or colors or foreground distractors or anything (aside from the font being a little smaller than I'd like, for stupid reasons..).
Any stupid OCR program could trivially read these images, if put to the task, and in fact the only reason I put the code into an image -- rather than just including it as text in the html -- is because I already had the on-the-fly image generation stuff working for page counter purposes.
The point here is not that a computer program couldn't read the images, but that since my web site posting system now has a unique (and thus non-standard) interface, it would take a tiny bit of CUSTOM CODE on somebody's part --- involving actual human attention --- for them to work around this hurdle.
Yeah, it could happen.
(Cryptogeek notes: The security of the coded 'captchoidkey' that you can see in the HTML source depends on the strength of MD5, which as we all know, isn't looking as robust as it used to. And the scheme IS vulnerable to a replay attack (though only over a limited time window) if you can sniff the traffic of a legitimate posting.
Once again, though, that's not my point. The image generation stuff and the encryption stuff is mostly just for my own fun, and the actual strength of the system, such as it is, is essentially in the fact of its being different, non-standard, diverse.
Security through diversity is of course different from, and better than, security through obscurity, because it reduces the value of a successful attack.
I'm thinking this will be way more than sufficient to end autogenerated spam postings to my little traffic-free blog. If actual people decide to come make a mess here (for example because I mentioned 'security through obscurity'), well of course that's another matter. We shall see.)
-spam message deleted from- 31 Jul 2012, 9:17:55 pm
spam deleted :(
-jeez just deleting the spam entirely here- 30 Apr 2018, 8:59:42 am
There's 100s gah
spam deleted :(
-spam message deleted from- 21 Mar 2021, 10:00:44 am
-spam deleted :(
Dave Ackley 25 Mar 2021, 12:58:32 am
test
Dave Ackley 25 Mar 2021, 1:17:40 am
Test3
OK screw it. Adding secret mangling so basically NOBODY can post comments.
Dave Ackley 25 Mar 2021, 1:22:18 am
Test4
Manglama
Dave Ackley 25 Mar 2021, 1:27:10 am
OK, contact me if you
really want to post a comment here, lost in the weeds!
The antispam captcha below does NOT work as advertised.
trackback
TrackBack ping me at:
https://livingcomputation.com/lc/d/ai/time.trackback