[REBOL] Re: Preventing Automated Website Registrations
From: joel:neely:fedex at: 9-May-2002 9:34
Hi, Ted and Porter,
Ted Serpa wrote:
> Hi Joel,
> Thanks for the suggestion - I think it has potential. What do
> you think of Porter's comments? Perhaps, I could keep the image
> content the same and rename the files on the fly. Do you think
> copying, renaming, and deleting a file would cost more than
> dynamically generating an image?
I'm sure that embedding human-readable information in a single
graphic is one of the more secure options. See Ingo's comments
for another reason why I was looking for an alternative.
The point of having multiple images for each letter was to increase
the difficulty of setting up any "web scraping" bots. The effort
of building a bot would IMHO be much smaller than the effort of
obtaining the information (by a human being) to identify which of
many obscure image names corresponded to which letters of the
alphabet, especially if there were many images (with random names,
of course) for each letter. AFAICT, they'd have to have some human
actually LOOK at a good-sized sample of pages and the corresponding
html in order to begin compiling the dictionary that the bot would
Your point about copying to create new, previously unused image names
could work well with this scheme, and might be done without having to
make up all new images for each case. With sufficiently many images
for each letter, randomly used, it might be adequate to copy/rename
a few letters every hour.
I'm not familiar with the tools that Porter referred to (and the
Orsus web site was not very informative -- maybe I didn't find the
hidden good parts, but saw only a bunch of markety-rah-rah) but I
have done a bit of (legitimate, intra-enterprise) web scraping.
It's not that hard IMHO to throw in a few randomly formatted parts
of a web page that would make constructing a reliable scrapebot
Remember that you could use the "letter block" images for other
things than just the password -- page and section headings, bolded
text, and pure decoration (there's nothing that says that the
letter blocks have to be big and gaudy; they could just look like
ordinary text). The more you use them on the page, the harder it
would be to build a scrapebot that would be able to figure out which
ones were the ones that mattered.
> Also, what is the point of blank.gif? Am I missing something obvious?
In my original use, it allowed me to blank pad the sequence of digit
images with blanks to fill a fixed-size area on the page. In the
kind of thing we're talking about here, blanks could be used to
separate words, given that
HE IS NOW HERE
would be a distinct passphrase from
HE IS NOWHERE