On Wed, Dec 15, 2010 at 3:36 PM, Carlos Macedo Gomes <
powerofprimes@gmail.com> wrote:

> Unfortunately, attacks against CAPTCHAs aren't limited to sw bots:
> http://www.technologyreview.com/blog/mimssbits/25594/
> <snip from above>
> "How Spammers Use Low-cost Labor to Solve CAPTCHAS
> Workers in Russia, Southeast Asia, and China are paid a pittance to solve
> millions of CAPTCHAS.
> CHRISTOPHER MIMS 08/11/2010"
> </snip>
>
> ymmv,
> C.G.
>
> On Wed, Dec 15, 2010 at 3:27 PM, Lisa Kachold <lisakachold@obnosis.com>
> wrote:
> >
> > On most of my production Drupal sites, I CANNOT even enable comments.
> It's a sad day when one cannot have a login based access that is not hit by
> SPAM bots?
> >
> <snip>
>


OMG, surely you realize that most of the "free" php captcha tools contain
web layer write or sql injection exploits?
Many can also be broken:
http://www.puremango.co.uk/2005/11/breaking_captcha_115/

Google your script (that's what the script kiddies do)!

SEC CHECK your installation; DMZ exclude all web systems from internal
networks.
-- 

(503) 754-4452
(623) 688-3392

http://www.it-clowns.com | http://www.obnosis.com