captcha or another method

[mdshare]

Earlier today A_Bertrand and I had a chat (see the interview) and we sudenly where talking about captchas and how easy they get passed by bots.

So here is a thought/concept of a replacement towards games.

Concept example layout

* You need eg 24 images, 2 types

Type 1: 12 armour images

Type 2: 12 weapons images

The anti macro/bot/human verification would fetch from the DB 8 images, eg 7 of type 1 and 1 of type 2 and place them randomly on a grid.

 

+----------+----------+----------+---------+
|          |          |          |         |
|          |          |          |         |
|  type 1  | type 1   | type 1   |type 1   |
|          |          |          |         |
|          |          |          |         |
+----------+----------+----------+---------+
|          |          |          |         |
|          |          |          |         |
|  type 1  | type 1   | type 2   | type 1  |
|          |          |          |         |
|          |          |          |         |
+----------+----------+----------+---------+

 

Player would have to click the weapon image , rest of images would be armours or vice versa.

What do you think of the idea to replace captcha in games as players hate them, and using images would or could fit in the game theme

[Sim]

Re: captcha or another method

seen it done. it is less of a hassle ;]

[POG1]

Re: captcha or another method

I have seen this done. Instead of weapons it had random images; fish, tree, car for example.

How could this be done?

[Sim]

Re: captcha or another method

would probally require sessions or store the data with user in sql table.

[Lithium]

Re: captcha or another method

 

I have seen this done. Instead of weapons it had random images; fish, tree, car for example.

How could this be done?

That can be done basicly as the numbers validation, let's say that you have 30 images to be able to use on validation, pick random 9 to show up and from those one is valid to proceed.

Interesting concept actually and quite different from the regular captcha's/verification

[POG1]

Re: captcha or another method

What i meant was, how would you display the images..

You cant just use an because then that would be pointless.

[CtrlFreq]

Re: captcha or another method

 

What i meant was, how would you display the images..

The script creating the capcha should generate a dictionary of images and a randomly generated hash, and pack the session with it. Then the img tags would all refer to a script (ie. image.php) with the hashes being passed as query string parameters. Since the dictionary is stored in session, it would only need to look up the hash to find the image on disk, and set it's own content type to that of the image before streaming the image contents to the player.

[Vali]

Re: captcha or another method

those are the easiest one to break... all you have to do is classify the images used, and since you only have a few, all it takes is a few min.

if you want a better way of doing it, make a simpel math question, ex: "5 + 6 = ?"

You use "+","-","/","*" and low numbers (so retarded kids can get it right...)

Then, you use a few random fonts to render it, change it size, angle, color, opacity at random, and put it on some random background image, and render on it some semi transparent shapes / distort it with some watter ripple effect.

That one will be harder to break with "out of the box" tools, and doesn't take long to do (GD/ImageMagic, PHP)

[Haunted Dawg]

Re: captcha or another method

You class people as retarded? Wow.

You do know, people have already created programs to easily bypass that. Best is to generate an image with the math equation.

[Rainbow]

Re: captcha or another method

I hate letter captchas myself, due to when generated I find it too difficult in some cases... blurry letters, grainy background, sometimes you have to end up guessing the letter. Then again when generated too easy, some bots will be able to read it.

I have not tried this but in theory it would be an effective and more usable alternative if you would be to ask simple questions that anyone can answer, except for bots/refreshers. Instead of captchas use saptchas Simply compile some arithmetic questions or something that is common sense. For example using some multiplication questions, or giving a question when you boil water does it get hot or cold.

Also referring to some posts above I think there are a bundle of existing methods of character recognition... so letter captcha is a fail... as a computer won't have any problem at all filtering out colored background, but it can confuse human and I think it has become pretty easy to defeat captchas, knowing the algorithm it uses.

 

SAPTCHA.

SAPTCHA stands for Semi Automatic Public Turing Test to Tell Computers and Humans Apart.

The key concept is same as with CAPTCHA: user is presented with test question or instructions and must give correct answer to use resource. Main difference is that computer does not try to automatically generate "unique" test questions on each query; only verification of answer is automatic. Instead, unique test question and answer is set by moderator or owner when SAPTCHA is installed, and should be easy to change if needed.

"Advantages of SAPTCHA over CAPTCHA:

 

[*]SAPTCHA software is much easier to implement than CAPTCHA

[*]Textual SAPTCHA does not discriminate against disabled who can use internet. [Audio CAPTCHA plus visual CAPTCHA would double effort and is thus very uncommon in practice]

There is methods for breaking image based CAPTCHAs. If you use popular CAPTCHA, you may still get spammed by entirely automatic bot. SAPTCHAs can be much more varied and there won't be common method of breaking until it becomes possible for computers to interpret human instructions in normal human language.

[*]

 

Advantages of CAPTCHA over SAPTCHA (disadvantages of SAPTCHA):

 

[*]If SAPTCHA is used to protect registration, it is easier to register many accounts at once than with CAPTCHA; may matter with popular email services.

[*]Verbal SAPTCHA is problematic when it is multi-language resource that needs frequent changes.

When it is something like photo gallery, visual CAPTCHA is allright as it doesn't contribute to inaccessability."

[*]

 

I done some research on this awhile ago and found a script. It is a security field, and it is based on the perception that bots post data to forms in very short or very long regular intervals of time, where it takes reasonable time to fill in a form and to submit it for human beings.

http://www.djangosnippets.org/snippets/1092/

Instead of captcha images or Ajax-based security interaction, the SecurityField checks the time of rendering the form, and the time when it was submitted. If the interval is within the specific range (for example, from 5 seconds till 1 hour), then the submitter is considered as a human being. Otherwise the form doesn't validate. So if you modify the script long enough surely it will be capeable of dealing with bots?

 

import time
import datetime
import base64

from django import forms
from django.utils.translation import ugettext
from django.conf import settings

MIN_TIME = getattr(settings, "MIN_TIME", 5) # 5 seconds
MAX_TIME = getattr(settings, "MAX_TIME", 3600) # 1 hour

def cryptString(plain):
   # Your implementation for encrypting a string.
   # For example:
   return base64.encodestring(plain)    

def decryptString(cipher):
   # Your implementation for decrypting a string
   # For example:
   return base64.decodestring(cipher)

class SecurityField(forms.CharField):
   """
   A field which checks whether the form was filled in within the 
   given range of time

   The concept works only for Unbounded forms.
   """
   time_elapsed = 0

   def generate_value(self):
       started = cryptString(str(int(time.mktime(datetime.datetime.now().timetuple()))))
       return started
   def _pass_test(self, value):
       started = int(decryptString(value))
       current = int(time.mktime(datetime.datetime.now().timetuple()))
       self.time_elapsed = current - started
       return self.MIN_TIME < current - started < self.MAX_TIME
   def __init__(self, *args, **kwargs):
       super(type(self), self).__init__(*args, **kwargs)
       self.widget = forms.HiddenInput()
       self.initial = self.generate_value()
       self.required = True
       self.MIN_TIME = MIN_TIME
       self.MAX_TIME = MAX_TIME
   def clean(self, value):
       value = super(type(self), self).clean(value)
       if not self._pass_test(value):
           raise forms.ValidationError(ugettext(u"The data transfer didn't pass the security test. You are considered as a spambot."))
       return value

 

You class people as retarded? Wow.

I think he generally and pretty much literally ment retarded people, or ones with disabilities, or maybe dislexia. Because simple queries such as 6 x 5 may be difficult for them.

 

You do know, people have already created programs to easily bypass that. Best is to generate an image with the math equation.

But if you come up with the algorithm then people will get the hang of it just as quickly... it will only take a few weeks if not days. And also I dont understand how a program can bypass a saptcha - if the question for example is - I have the amount of oranges as much as there are letters in 'orange' - How many oranges do I have. That question would confuse the bot as you would use numerical fields in the form yet text values in the question. And you can ask common sense questions such as who is the president of the US etc... I dont see how a bot would be able to bypass that, so feel free to clarify. :s