On Wed, Dec 15, 2010 at 3:36 PM, Carlos Macedo Gomes <powerofprimes@gmail.com> wrote:
Unfortunately, attacks against CAPTCHAs aren't limited to sw bots:
http://www.technologyreview.com/blog/mimssbits/25594/
<snip from above>
"How Spammers Use Low-cost Labor to Solve CAPTCHAS
Workers in Russia, Southeast Asia, and China are paid a pittance to solve millions of CAPTCHAS.
CHRISTOPHER MIMS 08/11/2010"
</snip>

ymmv,
C.G.

On Wed, Dec 15, 2010 at 3:27 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
>
> On most of my production Drupal sites, I CANNOT even enable comments.  It's a sad day when one cannot have a login based access that is not hit by SPAM bots?
>
<snip>


OMG, surely you realize that most of the "free" php captcha tools contain web layer write or sql injection exploits?
Many can also be broken:  http://www.puremango.co.uk/2005/11/breaking_captcha_115/

Google your script (that's what the script kiddies do)!

SEC CHECK your installation; DMZ exclude all web systems from internal networks.
--

(503) 754-4452
(623) 688-3392

http://www.it-clowns.com | http://www.obnosis.com