Comments on: Heyes Captcha http://www.thespanner.co.uk/2007/05/26/heyes-captcha/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Gareth Heyes http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-161 Gareth Heyes Tue, 29 May 2007 08:31:53 +0000 http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-161 Yep good idea, I was experimenting with producing a js based captcha that would also slow down manual submissions, which was the logic behind this method. I could add some timer checks but of course they could be faked with enough variance from an average time. It is a difficult problem to solve because the attacker can see and manipulate anything you can. Yep good idea, I was experimenting with producing a js based captcha that would also slow down manual submissions, which was the logic behind this method.

I could add some timer checks but of course they could be faked with enough variance from an average time. It is a difficult problem to solve because the attacker can see and manipulate anything you can.

]]> By: DrSlump http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-160 DrSlump Mon, 28 May 2007 10:54:13 +0000 http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-160 IMHO if you require JS then implement a unobtrusive solution. Perhaps a timer in the textarea which times the seconds it took to write N chars, if that check fails (either an automated program or cut-and-paste) then route the visitor to the 'captcha'. I would certainly be interested in some clever JS checks like computing the time-per-char ratio as above or the path described by the mouse, which in most cases could separate legit visitors from spammers. IMHO if you require JS then implement a unobtrusive solution. Perhaps a timer in the textarea which times the seconds it took to write N chars, if that check fails (either an automated program or cut-and-paste) then route the visitor to the ‘captcha’.

I would certainly be interested in some clever JS checks like computing the time-per-char ratio as above or the path described by the mouse, which in most cases could separate legit visitors from spammers.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-159 Gareth Heyes Sun, 27 May 2007 00:17:43 +0000 http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-159 The reason there is a time delay at the moment is because it would prevent manual bulk submissions (for example if someone was paid to submit the captcha on a site) this could be disabled or reduced to reduce the annoyance. No way to get round the javascript issue I'm afraid but Javascript is required to use the majority of web sites anyway. The reason there is a time delay at the moment is because it would prevent manual bulk submissions (for example if someone was paid to submit the captcha on a site) this could be disabled or reduced to reduce the annoyance.

No way to get round the javascript issue I’m afraid but Javascript is required to use the majority of web sites anyway.

]]> By: Mgccl http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-158 Mgccl Sat, 26 May 2007 23:04:23 +0000 http://www.thespanner.co.uk/2007/05/26/heyes-captcha/#comment-158 I don't think a captcha like this would be good for many people. For example: 1. It is taking too long, waiting 5 seconds to post a nice comment? 2. it require JS, some people don't have them 3. the first time I use it, I go pass the time >. I don’t think a captcha like this would be good for many people.
For example:
1. It is taking too long, waiting 5 seconds to post a nice comment?
2. it require JS, some people don’t have them
3. the first time I use it, I go pass the time >.

]]>