Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Linux Tracker

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 352 guest(s) and 3 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  
Linux Knowledge Base and Tutorial: Forums



Linux Tutorial :: View topic - Why the captchas required for posting?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Why the captchas required for posting?

 
Post new topic   Reply to topic    Linux Tutorial Forum Index -> Feedback and Suggestions
View previous topic :: View next topic  
Author Message
ffreeloader
Master


Joined: Aug 10, 2005
Posts: 579

PostPosted: Sat Jun 13, 2009 8:03 pm    Post subject: Why the captchas required for posting? Reply with quote

I don't get it. Why have captchas required for posting when you can't post without logging in, which requires a captcha? If the spam bots are getting past the log in requirements, meaning they can correctly read and respond to the captchas required at log in, how is a second captcha that is exactly the same as the log in captcha going to help?

This redundancy would seem to me to do nothing more than reduce the overall usability of the site, while adding nothing to the overall security of the site.
Back to top
View user's profile Send private message
jimmo
Administrator


Joined: Jul 27, 2002
Posts: 309
Location: Coburg, Germany

PostPosted: Sun Jun 14, 2009 1:09 pm    Post subject: Reply with quote

It is definitely a two-edge sword. I manage another site with less traffic and the security is not set as high. I get about 10-20 spam posts to the forum each week. Currently, the next available user ID is about 5000, although there are only about 50 real people registered. That means about 99% of every user ever registered was do so to create spam.

I only manage the site, I am not the owner and they do not want the extra hassle. So far, I can deal with the little bit of extra work, but it may come to the point where I tell them it is too much hassle.

The bottom line is that the Internet is an unsafe place. On the other hand, you have a valid point that the CAPTCHA is the exact same one. Perhaps it would make sense to have different CAPTCHAs in different places. If the baddies figure out how to scan one type, they are in. If there are different types it does increase the security.
Back to top
View user's profile Send private message
shengchieh
Beginner


Joined: Sep 03, 2005
Posts: 125

PostPosted: Sat Jun 20, 2009 2:31 am    Post subject: Reply with quote

Actually I like it. A while ago, I was on the XFCE board.
Their forums are riddled w/ spams. So much that I gave up
on that board. I've seen spams on other boards, but no
where as much - toleratable (sp?), but still annoying.

Sheng-Chieh
_________________
Visit my webpage,
[url=http://shengchieh.50webs.com/tuxslinks.html][img]http://shengchieh.fileave.com/tuxslinks_logos9.jpg[/img][/url]
Back to top
View user's profile Send private message Visit poster's website
jimmo
Administrator


Joined: Jul 27, 2002
Posts: 309
Location: Coburg, Germany

PostPosted: Sat Jun 20, 2009 10:27 am    Post subject: Reply with quote

It is definitely a two-edged sword. I can feel for ffreeloader and I don't like to have to deal with the extra security. I wish there was an easy solution. I am definitely open to suggestions.

Regards,

jimmo

PS. "tolerable"
Back to top
View user's profile Send private message
ffreeloader
Master


Joined: Aug 10, 2005
Posts: 579

PostPosted: Sat Jun 20, 2009 8:08 pm    Post subject: Reply with quote

[quote="jimmo"]It is definitely a two-edged sword. I can feel for ffreeloader and I don't like to have to deal with the extra security. I wish there was an easy solution. I am definitely open to suggestions.

Regards,

jimmo

PS. "tolerable"[/quote]

So, are you saying that spam bots were getting past one captcha, but are failing to get past 2 identical captchas? If so, that's pretty interesting, in and of itself.
Back to top
View user's profile Send private message
ffreeloader
Master


Joined: Aug 10, 2005
Posts: 579

PostPosted: Sat Jun 20, 2009 8:19 pm    Post subject: Reply with quote

One suggestion is an Apache2 module that I have used against spammers, mod defensible. It does create extra dns traffic though as it uses DNSBL's to identify known sources of spam. I haven't tried it against spam bots, but I would imagine that most IP addresses identified with spam bots are also known to send spam. It's probably worth a try as it returns 403 messages to known spammer IP's thus stopping them before they can even connect.
Back to top
View user's profile Send private message
shengchieh
Beginner


Joined: Sep 03, 2005
Posts: 125

PostPosted: Mon Jun 22, 2009 2:54 am    Post subject: Reply with quote

Another idea is to use a simple multiple choice question like
what is 2+2?
a) 3
b) 4
c) 5
d) 6

and use buttons. Then the user doesn't need to let go of the
mouse, focus at something, and type something. I.e.,
security, but easier for the users.

Sheng-Chieh
_________________
Visit my webpage,
[url=http://shengchieh.50webs.com/tuxslinks.html][img]http://shengchieh.fileave.com/tuxslinks_logos9.jpg[/img][/url]
Back to top
View user's profile Send private message Visit poster's website
ffreeloader
Master


Joined: Aug 10, 2005
Posts: 579

PostPosted: Sat Jul 18, 2009 3:54 am    Post subject: Reply with quote

Well, this double captcha just bit me. I tried to comment on one of the articles after logging in, and when trying to post my comments the captcha wouldn't accept the security code no matter how many times I tried entering it. And, yes, I entered the security code correctly. It gave me the same security code as when I logged in and it accepted then. It just wouldn't accept it the second time around.
Back to top
View user's profile Send private message
jimmo
Administrator


Joined: Jul 27, 2002
Posts: 309
Location: Coburg, Germany

PostPosted: Sat Jul 18, 2009 4:30 am    Post subject: Reply with quote

I have been thinking about something like Sheng-Chieh suggested.However, using a list of different questions or making the the math questions text-only. I have read some places where they tried it with numbers and it was quickly compromised. However, using something like

"What do you get when you add five to one less than eight"

It is harder for computers to figure it out. On the other hand, it is probably hard for some humans to figure out. Smile

I seemed to have missed something. ffreeloader you are saying that you have to put in the CAPTCHA twices? Once to log in and once to submit a new post? That's odd. It don't experience it, even if I am logged in as a normal user?
Back to top
View user's profile Send private message
ffreeloader
Master


Joined: Aug 10, 2005
Posts: 579

PostPosted: Sat Jul 18, 2009 2:55 pm    Post subject: Reply with quote

[quote="jimmo"]I have been thinking about something like Sheng-Chieh suggested.However, using a list of different questions or making the the math questions text-only. I have read some places where they tried it with numbers and it was quickly compromised. However, using something like

"What do you get when you add five to one less than eight"

It is harder for computers to figure it out. On the other hand, it is probably hard for some humans to figure out. Smile

I seemed to have missed something. ffreeloader you are saying that you have to put in the CAPTCHA twices? Once to log in and once to submit a new post? That's odd. It don't experience it, even if I am logged in as a normal user?[/quote]

Yes. That's what I'm saying. It doesn't happen too frequently when posting to the forum, but happens almost all the time when posting comments to articles. I will be logged into the site, and then when attempting to post a comment on an article a second captcha will show up. This is the second or third time the second captcha has failed to validate when given the correct security code.

When I started this thread I wasn't complaining about the use of captchas per se. I see them as a good thing, being a part of a layered defense. I was complaining about being required to use a captcha [b]after[/b] having logged in. That's why I said I couldn't see the value in the [b]second[/b] captcha.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Linux Tutorial Forum Index -> Feedback and Suggestions All times are GMT
Page 1 of 1

 

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001-2007 phpBB Group
  
Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.08 Seconds