Page 1 of 1

OT and FYI: Article on security logons

PostPosted: Wed Jun 20, 2012 10:46 am
by RoryOF

Re: OT and FYI: Article on security logons

PostPosted: Wed Jun 20, 2012 9:34 pm
by Hagar Delest
Another recent solution (perhaps more accessible): http://blog.nothingbutsoftware.com/2012 ... ut-captcha and http://areyouahuman.com/demo

Re: OT and FYI: Article on security logons

PostPosted: Thu Jun 21, 2012 2:36 am
by kingfisher
There are some captchas that require many attempts to get right. I found a novel approach on the Chakra registration page. Unfortunately I forgot to copy the url of that page after logging out but you should be able to see a link to it by loading the bbs page.

I am attaching a snapshot. I was fooled and I'm not a bot. :(

captcha.jpeg

Re: OT and FYI: Article on security logons

PostPosted: Tue Jul 10, 2012 5:41 pm
by TerryE
Once we require the users to enter their OpenOffice version and check that the response contains "office" and "2." or "3." we have eliminated all generic phpBB registration attack bots. Yes, it is easily susceptible to specific-to-this-forum coded attack, but I very much doubt that any attacker will go to this effort for a single forum with our usage patterns and volumetrics.

So most of our successful registration attacks employ cheap sweat-shop labour. This type of human attach will easily defeat this type of security measure.