PHP Classes

Very interesting idea

Recommend this page to a friend!

      dm.KittenAuth  >  All threads  >  Very interesting idea  >  (Un) Subscribe thread alerts  
Subject:Very interesting idea
Summary:Package rating comment
Author:Thiago Ferreira
Date:2007-12-07 16:53:17
Update:2007-12-07 20:31:39

Thiago Ferreira rated this package as follows:

Utility: Good
Consistency: Sufficient
Examples: Sufficient

  1. Very interesting idea   Reply   Report abuse  
Picture of Thiago Ferreira Thiago Ferreira - 2007-12-07 16:53:17
Very interesting idea

  2. Re: Very interesting idea   Reply   Report abuse  
Picture of Richard Munroe Richard Munroe - 2007-12-07 20:30:43 - In reply to message 1 from Thiago Ferreira
Wish I could take credit for it. The original implementation was subject to exhaustive enumeration attacks which is what drove me to do this implementation. While scripts can get lucky with this interface, the interface changes each time so it's unlikely that hackers will get through easily. Further, the set of images can be tailored at each site, thus avoiding the biggest problem with CAPTCHA, breaking via image analysis. I also hide the success/file structure of the hosting website by keeping dispatch information in session variables so folks can't even bypass the authentication and get directly to the underlying web site.

I installed a 10 line PHP hack to my phpBB2 installation and have not had a successful spam since. I was spending about 1 hour a day dealing with spammers so this is a major win for me (and my clients).