Comments on: Unobtrusive Antispam: Using JavaScript and Cookies Efficiently To Thwart Spammers and Hackers http://thecoffeedesk.com/news/index.php/2009/06/09/unobtrusive-antispam/ The Leader In Technical News and Commentary Sun, 11 Dec 2011 15:02:32 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: nomalab http://thecoffeedesk.com/news/index.php/2009/06/09/unobtrusive-antispam/comment-page-1/#comment-619 nomalab Wed, 08 Jul 2009 04:00:59 +0000 http://thecoffeedesk.com/news/?p=594#comment-619 Hi again, had to come back to this. Found something interesting: Honeypot CAPTCHA based on empty form field. Will need to test it but the concept is brilliantly simple. http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx Hi again, had to come back to this. Found something interesting: Honeypot CAPTCHA based on empty form field. Will need to test it but the concept is brilliantly simple.

http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx

]]> By: Anthony http://thecoffeedesk.com/news/index.php/2009/06/09/unobtrusive-antispam/comment-page-1/#comment-597 Anthony Thu, 18 Jun 2009 15:21:30 +0000 http://thecoffeedesk.com/news/?p=594#comment-597 @nomalab that's very true. One simplistic way of circumventing this is to discreetly block the default cURL useragent (which is modifiable via the command line) and/or establishing a set amount of time between the request of the form and the processing on the server, to catch and thwart automation in general. But nice catch, although the form randomization would thwart this unless a wget/parser combination is used in addition with the cURL method. Thanks for the comment! @nomalab that’s very true. One simplistic way of circumventing this is to discreetly block the default cURL useragent (which is modifiable via the command line) and/or establishing a set amount of time between the request of the form and the processing on the server, to catch and thwart automation in general.

But nice catch, although the form randomization would thwart this unless a wget/parser combination is used in addition with the cURL method.

Thanks for the comment!

]]> By: nomalab http://thecoffeedesk.com/news/index.php/2009/06/09/unobtrusive-antispam/comment-page-1/#comment-596 nomalab Thu, 18 Jun 2009 15:09:52 +0000 http://thecoffeedesk.com/news/?p=594#comment-596 About the cookie method: it's a no brainer to use cURL to get around this: first make a request to the form page to get the session ID in the cookie (CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR), then post past the form directly to the form handler using that cookie. So, requiring cookies will keep the script kiddies away, but won't stop people who know what they are doing. About the cookie method: it’s a no brainer to use cURL to get around this: first make a request to the form page to get the session ID in the cookie (CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR), then post past the form directly to the form handler using that cookie. So, requiring cookies will keep the script kiddies away, but won’t stop people who know what they are doing.

]]>