On Wed, Dec 15, 2010 at 3:36 PM, Carlos Macedo Gomes <
powerofprimes@gmail.com> wrote:
> Unfortunately, attacks against CAPTCHAs aren't limited to sw bots:
> http://www.technologyreview.com/blog/mimssbits/25594/
> <snip from above>
> "How Spammers Use Low-cost Labor to Solve CAPTCHAS
> Workers in Russia, Southeast Asia, and China are paid a pittance to solve
> millions of CAPTCHAS.
> CHRISTOPHER MIMS 08/11/2010"
> </snip>
>
> ymmv,
> C.G.
>
> On Wed, Dec 15, 2010 at 3:27 PM, Lisa Kachold <lisakachold@obnosis.com>
> wrote:
> >
> > On most of my production Drupal sites, I CANNOT even enable comments.
> It's a sad day when one cannot have a login based access that is not hit by
> SPAM bots?
> >
> <snip>
>
OMG, surely you realize that most of the "free" php captcha tools contain
web layer write or sql injection exploits?
Many can also be broken:
http://www.puremango.co.uk/2005/11/breaking_captcha_115/
Google your script (that's what the script kiddies do)!
SEC CHECK your installation; DMZ exclude all web systems from internal
networks.
--
(503) 754-4452
(623) 688-3392
http://www.it-clowns.com |
http://www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)