[nfbcs] Captcha

John Heim jheim at math.wisc.edu
Wed Feb 29 14:25:02 UTC 2012 

Well, if I'm right that cold fusion uses the heuristics of a typical web bot 
to distinguish it from a human, it would probably always sort of work. I 
talked about the concept of greylisting to prevent spam email. All it does 
is ask the email client to wait a period of time and resend its message. But 
spammers don't want to do that. It would be an easy thing to make their spam 
bots do that but they just move on to mail servers that don't do greylisting 
instead.
But if everybody used greylisting, spammers would be forced to adjust their 
bots. Even so, it would take them longer to find vulnerable servers.

Relying on heuristics can work. We were having a problem on the web site of 
the Math Department at the University of Wisconsin. There is a free calculus 
textbook available for download on our web site. And occasionally, we'd get 
thousands of requests per minute for downloading it. Usually, these were all 
from a single IP in east Africa, Nigeria, Somalia, etc. If it was a denial 
of service attack, it was the lamest denial of service attack ever. All I 
had to do to stop it was to block that one IP address. So I don't really 
know exactly what was going on but my boss really wanted to put a captcha on 
the download page. I had to really work hard to sell her on the idea that I 
could write a php script to keep track of downloads by IP address. If you do 
more than like a hundred downloads in a minute, you get cut off.  And it 
worked. This is an example of successfully using heuristics to stop a bot 
problem.

Someday, just putting a captcha on your page won't work any more. But I 
believe that a combination of using heuristics and something like a simple 
math problem would always be very effect in blocking web bots.   You could 
put a simple math problem on a page and if they answer too quickly, you 
figure its a bot.

----- Original Message ----- 
From: "Mike Freeman" <k7uij at panix.com>
To: "'NFB in Computer Science Mailing List'" <nfbcs at nfbnet.org>
Sent: Tuesday, February 28, 2012 5:56 PM
Subject: Re: [nfbcs] Captcha


> Agreed. Moreover, although I am not familiar with Cold Fusion, I venture 
> to
> opine that if web developers thought it a significant advance over
> spam-blocking strategies now available, they'd have beaten a path to the
> door of the developers of Cold Fusion. It's possible that its technology 
> is
> a significant advance over present anti-spam-bot solutions but it will 
> only
> be a matter of time before it, too, is circumvented.
>
> To my way of thinking, the only solution is political, not technical: the
> United States should deny foreign aid to any country whose ISPs are used 
> for
> spam dissemination. <grin>
>
> Mike
>
>
> -----Original Message-----
> From: nfbcs-bounces at nfbnet.org [mailto:nfbcs-bounces at nfbnet.org] On Behalf
> Of Gary Wunder
> Sent: Tuesday, February 28, 2012 1:17 PM
> To: 'NFB in Computer Science Mailing List'
> Subject: Re: [nfbcs] Captcha
>
> To understand the problem of detecting whether or not you have a human or 
> a
> machine on the other end of the connection, consider SIRI. I can ask it to
> add two numbers and it will. I can say "What day is it" or "What day of 
> the
> week is it" or "what day will it be tomorrow" If I come up with syntax it
> does not understand, I am confident someone on the development team is
> looking at this as well. We are fighting the problem of defining the
> difference between artificial intelligence and human intelligence, and I
> fear the only real difference is experience and there's lots of effort to
> give machines that experience--language syntax, geographical information,
> historical information, current news. What is it that makes us unique? If 
> we
> can't find that, then we will fail at coming up with a way to 
> differentiate
> between man and machine. Like John and Mike, I am not optimistic that we
> will find a good captcha, so we have to continue to make our needs known 
> and
> not be left out.
>
> Gary
>
>
>
> _______________________________________________
> nfbcs mailing list
> nfbcs at nfbnet.org
> http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
> To unsubscribe, change your list options or get your account info for 
> nfbcs:
> http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/k7uij%40panix.com
>
>
> _______________________________________________
> nfbcs mailing list
> nfbcs at nfbnet.org
> http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
> To unsubscribe, change your list options or get your account info for 
> nfbcs:
> http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/jheim%40math.wisc.edu
>
>

More information about the NFBCS mailing list