×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Walden H. Leverich wrote:
Um, but if they're on the page then can't the bot "see" them too and
render your captcha useless? I guess you could do stuff like "What's the
third word of the fourth paragraph on this page".
I don't want to spend a ton of time on this because it rapidly becomes a
matter of diminishing returns. But it seems to me the issue is to make
it relatively easy for a user, but not easy for a bot. The latter
includes making it hard for a bot to send the correct HTML to a human
being to execute the test sequence.
So, I propose this:
1. Generate all the components that make up the test widget at run
time. Use a minimally obfuscated JavaScript routine to build the
widgets in response to some simple table of values (e.g., don't send
HTML strings to the page and have the JS build the widgets from those).
This means the bot must at least run JavaScript - no simple HTTP processing.
2. Use the "honeypot" technique (a bad name, but good concept) to have
some fields that are auto-poison fields. Any entry in this fields
invalidates the input but doesn't tell the "user" - it in fact acts as
if it processed it correctly. Use CSS to hide the widgets, set the CSS
values dynamically in the JS.
3. Put the components of the test widget in different physical places in
the document but use absolute positioning to get them together on the
screen. Make sure the code moves the auto-poison variables. This makes
it harder to figure out which fields are part of the test and which are
not, and thus eliminate the auto-poison variables.
This isn't 100%, but it sure would make it hard to decipher and send to
an Turnig bank. You'd have to write a bot that intercepts the entire
page, executes the JS to draw the page in an HTML canvas, then goes
through and identifies the invisible values, sending only the visible
ones to an end user. Not impossible, of course, but a lot of work.
Joe
As an Amazon Associate we earn from qualifying purchases.