Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 9 May 2002 15:33
 Next: 9 May 2002 8:11

Other threads:
 Prev: View beta changes - sliders
 Next: CORE 2.5.2 Bugs

Same author:
 Prev: 8 May 2002 17:17
 Next: 9 May 2002 16:30

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
2-Oct 3:45 UTC
[0.056] 10.813k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: Preventing Automated Website Registrations

From: joel:neely:fedex at: 9-May-2002 9:34


Hi, Ted and Porter,

Ted Serpa wrote:

> Hi Joel,
>
> Thanks for the suggestion - I think it has potential.  What do
> you think of Porter's comments?  Perhaps, I could keep the image
> content the same and rename the files on the fly.  Do you think
> copying,  renaming, and deleting a file would cost more than
> dynamically generating an image?
>


I'm sure that embedding human-readable information in a single
graphic is one of the more secure options.  See Ingo's comments
for another reason why I was looking for an alternative.

The point of having multiple images for each letter was to increase
the difficulty of setting up any "web scraping" bots.  The effort
of building a bot would IMHO be much smaller than the effort of
obtaining the information (by a human being) to identify which of
many obscure image names corresponded to which letters of the
alphabet, especially if there were many images (with random names,
of course) for each letter.  AFAICT, they'd have to have some human
actually LOOK at a good-sized sample of pages and the corresponding
html in order to begin compiling the dictionary that the bot would
use.

Your point about copying to create new, previously unused image names
could work well with this scheme, and might be done without having to
make up all new images for each case.  With sufficiently many images
for each letter, randomly used, it might be adequate to copy/rename
a few letters every hour.

I'm not familiar with the tools that Porter referred to (and the
Orsus web site was not very informative -- maybe I didn't find the
hidden good parts, but saw only a bunch of markety-rah-rah) but I
have done a bit of (legitimate, intra-enterprise) web scraping.
It's not that hard IMHO to throw in a few randomly formatted parts
of a web page that would make constructing a reliable scrapebot
quite difficult.

Remember that you could use the "letter block" images for other
things than just the password -- page and section headings, bolded
text, and pure decoration (there's nothing that says that the
letter blocks have to be big and gaudy; they could just look like
ordinary text).  The more you use them on the page, the harder it
would be to build a scrapebot that would be able to figure out which
ones were the ones that mattered.


> Also, what is the point of blank.gif?  Am I missing something obvious?
>


In my original use, it allowed me to blank pad the sequence of digit
images with blanks to fill a fixed-size area on the page.  In the
kind of thing we're talking about here, blanks could be used to
separate words, given that

    HE IS NOW HERE

would be a distinct passphrase from

    HE IS NOWHERE
;-)

-jn-

1 · 2 · 3 · 4 · 5 · 6 · 7 · 8 · [9] · 10 · 11 · See whole thread