Login   Register  
PHP Classes
elePHPant
Icontem

Very interesting idea

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      dm.KittenAuth  >  All threads  >  Very interesting idea  >  (Un) Subscribe thread alerts  
Subject:Very interesting idea
Summary:Package rating comment
Messages:2
Author:Thiago Ferreira
Date:2007-12-07 16:53:17
Update:2007-12-07 20:31:39
 

Thiago Ferreira rated this package as follows:

Utility: Good
Consistency: Sufficient
Examples: Sufficient

  1. Very interesting idea   Reply  
Picture of Thiago Ferreira
Thiago Ferreira
2007-12-07 16:53:17
Very interesting idea

  2. Re: Very interesting idea   Reply  
Picture of Richard Munroe
Richard Munroe
2007-12-07 20:30:43 - In reply to message 1 from Thiago Ferreira
Wish I could take credit for it. The original implementation was subject to exhaustive enumeration attacks which is what drove me to do this implementation. While scripts can get lucky with this interface, the interface changes each time so it's unlikely that hackers will get through easily. Further, the set of images can be tailored at each site, thus avoiding the biggest problem with CAPTCHA, breaking via image analysis. I also hide the success/file structure of the hosting website by keeping dispatch information in session variables so folks can't even bypass the authentication and get directly to the underlying web site.

I installed a 10 line PHP hack to my phpBB2 installation and have not had a successful spam since. I was spending about 1 hour a day dealing with spammers so this is a major win for me (and my clients).