Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: Preventing Automated Website Registrations

From: joel:neely:fedex at: 9-May-2002 9:34

Hi, Ted and Porter, Ted Serpa wrote:
> Hi Joel, > > Thanks for the suggestion - I think it has potential. What do > you think of Porter's comments? Perhaps, I could keep the image > content the same and rename the files on the fly. Do you think > copying, renaming, and deleting a file would cost more than > dynamically generating an image? >
I'm sure that embedding human-readable information in a single graphic is one of the more secure options. See Ingo's comments for another reason why I was looking for an alternative. The point of having multiple images for each letter was to increase the difficulty of setting up any "web scraping" bots. The effort of building a bot would IMHO be much smaller than the effort of obtaining the information (by a human being) to identify which of many obscure image names corresponded to which letters of the alphabet, especially if there were many images (with random names, of course) for each letter. AFAICT, they'd have to have some human actually LOOK at a good-sized sample of pages and the corresponding html in order to begin compiling the dictionary that the bot would use. Your point about copying to create new, previously unused image names could work well with this scheme, and might be done without having to make up all new images for each case. With sufficiently many images for each letter, randomly used, it might be adequate to copy/rename a few letters every hour. I'm not familiar with the tools that Porter referred to (and the Orsus web site was not very informative -- maybe I didn't find the hidden good parts, but saw only a bunch of markety-rah-rah) but I have done a bit of (legitimate, intra-enterprise) web scraping. It's not that hard IMHO to throw in a few randomly formatted parts of a web page that would make constructing a reliable scrapebot quite difficult. Remember that you could use the "letter block" images for other things than just the password -- page and section headings, bolded text, and pure decoration (there's nothing that says that the letter blocks have to be big and gaudy; they could just look like ordinary text). The more you use them on the page, the harder it would be to build a scrapebot that would be able to figure out which ones were the ones that mattered.
> Also, what is the point of blank.gif? Am I missing something obvious? >
In my original use, it allowed me to blank pad the sequence of digit images with blanks to fill a fixed-size area on the page. In the kind of thing we're talking about here, blanks could be used to separate words, given that HE IS NOW HERE would be a distinct passphrase from HE IS NOWHERE ;-) -jn-