Verification Methods

sniko · March 4, 2011

Hey,

I need your input (professional or novice) on using different verification methods.

What's a verification method?

A system in which websites use to 'secure' their websites from bots to help prevent some kind of attack. For example. Mccodes varification method - Capatcha.

Alternative Methods

* Capatcha

A challenge response system to verify the response is not computer driven

* Mathematical Response

A simple, yet affective system, in which a random generated mathematical sum is given to the user, if answered correctly, they are validated.

* Image Response

An simple image is presented to the user, they have a few options and they need to select what the image is.

* Character Selection

A little like Lloyds TSB method, in which a string is presented to the user, which consists of x amount of characters, and they need to enter, for arguments sake, the 3rd, 5th and 10th character.

* I made some on MS Paint, I hope you get the idea

If all were programmed with sensible security precautions such as images weren't named as what they actually are, which do you think will be most effective and why?

Thanks for reading

-sniko

Djkanna · March 4, 2011

This really isn't my field of expertise.

I know bots cannot perform tasks such as dragging and dropping something, so maybe that's a good way to go?

Sliders to unlock a submit button.

The one I use and I've no idea how good it is, nor if it works I just have an input box with a value and tell them to remove the text.

EDIT:

Just thinking about it and looking at a bot, I'm pretty sure my idea isn't that effective.

I seem to have this thought, if they want to spam real bad, no matter what you do they will still find a way around it.

Captcha's I find somewhat unusable, distorted text just ends up being a big mess, so unless you have another way of producing that text to the user (for example listen to the words) then captchas just suck.

Maths calculation seems to be a very popular one.

I do honestly find to be the most effective are drag and drop ones, unfortunately users with Javascript disabled then cannot actually do anything, so I'm guessing you've got to account for your target audience, without disrespecting anyone take this for example, you do a website for the partially blind or perhaps completely blind, your going no where with a captcha.

sniko · March 4, 2011

I've never thought of those methods. Anyway, thanks for your input Djk.

-sniko

Djkanna · March 4, 2011

Edited thought some more. :P

I suppose there is so many ways of achieving these anti-spam measures, it's just somewhat difficult to determine which one suits your needs best, unless your the one doing the bot-ing you've got no idea what will stop that specific bot.

sniko · March 4, 2011

Hmm yea, the target audience is somewhat a 'stakeholder' in deciding on what method to adopt. I think before proceeding with any method, ill do some research and wait for more replies, but maybe implement a few together, im not so sure.

Anyway, thanks for the reply Djk

-sniko

rulerofzu · March 4, 2011

The Lloyds TSB old method but from the users password rather than a generated set of letters , numbers.

The annoying end user experience for any type is that it slows down what they are doing. If its directed personally at them then it should be quicker for them to remember and input.

sniko · March 4, 2011

Ah yea, thanks for that Zu.

Dayo · March 4, 2011

I'm not sure ion this but a bot works by adding a value to an input box what if after each page load you were to give the name of the input a different name and save it via session ... Not reli sure how bots work but don't see why this wouldn't work

Paul Evans · March 5, 2011

personally i did a mathimcatical captcha many years back but now i thought of ways past it, i suggested simple plain old captcha but with mathermatical content IE(1+5=) and a input box below similar to the example shown by you sniko but with the added security of it being a image not text so that the box couldn't actually copy the inputs then do the sums.

Not the best person to ask about bots but i would think it would be rather impossible for a bot to read a image and input the outcome (although if you had someone like the nsa trying to do it with image reckognition software im sure it would be quite simple, lol but don't think many newbs who use bots work for the nsa and really care about flooding games).

Although if you were any good with programming i wonder if it would be possible to reckognise the font numbers and symbols (keeping in mind 1-9, + and - would only be used (to keep it simple)) then im sure it's highly possible (switching font styles could although cease this).

^lol think i've went a little far with my brainstorming there :)

I'm gunna use the mathimatical equation (inside image) method in future so... hope MC do also.

Dabomstew · March 5, 2011

There are definitely automated methods of breaking most image captchas out there - text recognition has come pretty far. It's unlikely that anyone would go to the bother of implementing one of these to cheat on a MCCodes/ other similar game, though you never know I guess.

Paul Evans · March 5, 2011

wow that is rather spooky to think people spent that much time doing text reckognition, although like you said i dought if you were to use it for something like a mcc game they would use that, although it is possible.

Dayo · March 5, 2011

here is an example of what i ment

<?php
session_start();
function random() {return str_shuffle("bgpi7yzdtg06wr8nq34yn01378676765cxvbslpo475vv");}
$post=explode('-', $_SESSION['post']);
if ($_POST[$post[0]] && $_POST[$post[1]] && $_POST[$post[2]] && $_POST[$post[3]] && $_POST[$post[4]]) {
echo $_POST[$post[0]] .'
'. $_POST[$post[1]] .'
'. $_POST[$post[2]] .'
'. $_POST[$post[3]] .'
'. $_POST[$post[4]];
unset($_SESSION['post']);
$random1=random();
$random2=random();
$random3=random();
$random4=random();
$random5=random();
$_SESSION['post']=$random1.'-'.$random2.'-'.$random3.'-'.$random4.'-'.$random5;
} else {
$random1=random();
$random2=random();
$random3=random();
$random4=random();
$random5=random();
$_SESSION['post']=$random1.'-'.$random2.'-'.$random3.'-'.$random4.'-'.$random5;
}

?>

<form action="" method="post">
<input name="<?php echo $random1; ?>" type="text">

<input name="<?php echo $random2; ?>" type="text">

<input name="<?php echo $random3; ?>" type="text">

<input name="<?php echo $random4; ?>" type="text">

<input name="<?php echo $random5; ?>" type="submit">

</form>

not sure if it works as i only have limited knoladge of bots :D

rulerofzu · March 5, 2011

There was a jquery slider that DJK showed me awhile back. Looked pretty useful for this. You need to slide the bar across to reveal the form submit button.

Can bots slide things across?

Djkanna · March 5, 2011

This really isn't my field of expertise.
I know bots cannot perform tasks such as dragging and dropping something, so maybe that's a good way to go?

Sliders to unlock a submit button.

There was a jquery slider that DJK showed me awhile back. Looked pretty useful for this. You need to slide the bar across to reveal the form submit button.

Can bots slide things across?

Essentially the sliding of the bar is 'drag and drop'

http://www.myjqueryplugins.com/QapTcha/demo

http://sandbox.smullinstudios.com/slideLock_demo.php

http://identipic.com/

http://www.serie3.info/s3capcha/index.php

http://www.webdesignbeach.com/beachbar/ajax-fancy-captcha-jquery-plugin

http://clickcha.com/

http://fragged.org/dev/hOOmanTest_captcha_for_mootools.php

http://marss.co.ua/ImageBasedCAPTCHA.aspx

http://www.icaptcha.com/

Quite a few available different methods of captchas.

Danny696 · March 5, 2011

Hmm, i think i may use that slider ^.^

But them image and selectly things. If you enterted each one of the image names individually, then the bot would be able to figure it out and bypass it :/ Unless you used a php system :/

sniko · March 6, 2011

When i try and install the QapTcha the slider isn't their, neither when I download the source and view the index file. Please could I possibly have some pointers?

Thanks

-sniko

Djkanna · March 6, 2011

When i try and install the QapTcha the slider isn't their, neither when I download the source and view the index file. Please could I possibly have some pointers?
Thanks

-sniko

You'll need jQuery UI aswell.

Sim · March 6, 2011

Most professional bots if can't break captcha's WILL display the "AREA" where you need to perform whatever the captcha or action to break it wihin a few seconds =)

Spudinski · March 6, 2011

Bots are quite smart, and can definitely pass a jQuery slider.

Best practice still is a captcha, but I use changing sessions and a mixture of cookies.

rulerofzu · March 6, 2011

Damn bots!

Thanks for all the links DJK it is why you wear the red cape of SUUUUUUUPER MODERATOR!!

Dayo · March 6, 2011

also set a session when the user is created and then check if it is set when they try to register again

Sim · March 6, 2011

also set a session when the user is created and then check if it is set when they try to register again

How is that going to help?

Paul Evans · March 6, 2011

To be honest we are getting a little ahead of ourselves captcha is quite secure IMO to a degree i don't expect spammers to have software to get past that specially for little projects.

Dayo · March 6, 2011

also set a session when the user is created and then check if it is set when they try to register again

How is that going to help?

Well it would only allow one user to sign up ...

@Paul some people including my self hate filling in captcha's and would prefer something simpler

Dave · March 6, 2011

Limiting accounts per IP also works relatively well. Obviously on top of a Captcha. Because as I found out recently it is hell to obtain a decent working list of proxies.

Sign In

Verification Methods

Recommended Posts

sniko

Djkanna

sniko

Djkanna

sniko

rulerofzu

sniko

Dayo

Paul Evans

Dabomstew

Paul Evans

Dayo

rulerofzu

Djkanna

Danny696

sniko

Djkanna

Sim

Spudinski

rulerofzu

Dayo

Sim

Paul Evans

Dayo

Dave

Join the conversation

Browse

Activity

Hosting