URL:
<http://gna.org/task/?func=detailitem&item_id=2876>
Summary: avoiding automatically created accounts
(suggestions welcome)
Project: Savane
Submitted by: yeupou
Submitted on: vendredi 03.02.2006 à 11:14
Should Start On: vendredi 03.02.2006 à 00:00
Should be Finished on: samedi 03.02.2007 à 00:00
Category: Web Frontend
Priority: 1 - Later
Status: Postponed
Privacy: Public
Assigned to: None
Open/Closed: Open
Planned Release:
For/By: None
_______________________________________________________
Details:
We need to be able to forbid robots to create accounts. There are already
robots that know how to spam savane anonymously. The next step for these
robots is to learn how to create an account.
The mail confirmation is apparently not enough to prevent this.
I do not like the option of printing an image with a text and asking the user
to enter the related text. It just increase the cost of spam chasing, as
generating images cost CPU time, it causes troubles to blind people, and in
the end will just lead spammer to improve their robots in regards of OCR.
I have simpler idea: for any non-logged in form submission (that includes
account creation form), we print a sentence and the user is ask to find a
string contained in it.
As such, we need a list of possible sentences and system clever enough to be
easily understable only to human.
For instance, you would have a sentence, or a list of words like
"Caricatures de Mahomet: la crise rebondit à Gaza, le Danemark ne s'excusera
pas" and the question would be "the 4th word from the left is". The form would
be valid only if "la" is found. The question could be also "the 5th word from
the right after *le*".
Indeed, if we write an algorythm able to find the proper word given the args,
robots could just grab our code.
So I guess the way it should work would be to get a string first, to encode
it via md5, to add it in the form (as hidden field), then to add randomly
others words to the left and to the right and to write the question according
to the number of words added. On form submission, we just have to compare the
md5.
Indeed, this solution is not perfect:
- the robots could simply md5 each words and find the one that is expected
- the robots could learn to understand our question
- For the first problem, we may not put the md5 in the string but put it in
the form_id table instead.
- For the second, I'm trying to think about something still easy to
understand for a human but more complex for a IA to get. The problem is the
fact that the question must simple logic, anything else would not be
user-friendly. But simple IA can understand simple logic.
Feedback welcome.
_______________________________________________________
Reply to this item at:
<http://gna.org/task/?func=detailitem&item_id=2876>
_______________________________________________
Message posté via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
