Dealing with signup bots with a Perl CGI script

J

Joe

Hello,

These days, there seems to be more and more sites relying on showing the
user weird images of characters which they then have to type in a text box
to submit a form.

I'm in the process of developing a GPL'ed website system. The system itself
works fine, so I'm looking at ways to reduce the ability for
scripts/bots/whatnot to sign up on the site or use anything that's
accessible to anonymous users (which, granted, isn't much at the moment).

But "show 'em an image" seems to be the only solution I run into.

I'm not sure if I consider that a solution, because... well, what if it's a
blind or visually impaired person trying to sign up? I want the system to
be accessible to everyone, not just people with good eyesight. (And even
with my perfect vision, I have trouble reading some of the more "unique"
graphic texts used on some sites.)

Is anyone aware of an alternative solution? The system already requires
e-mail verification, but I've seen bots that automatically read and verify
the e-mail (particularly for phpBB verification ... a bot signs up on a
phpBB board, verifies the e-mail, then proceeds to make a post on the
forum!).

So basically, I'm looking for ideas on ways to avoid issues like this,
before anyone uses my code (besides myself).

As it is, I've got a "hidden security code" system that reduces that can
reduce some such nastiness, and even auto-ban/report to admin if there's
something funny going on. But I already know it's flawed and easily
bypassable.

The limitations:
1) It's a Perl system, so anything that can be done backend-wise in Perl is
good.
2) It needs to be accessible. (Even to the blind.)
3) It cannot involve changes to the actual web server itself. (The code
needs to be useable on web hotels and such where Perl is allowed, but
there's no control over the server itself. If a Perl Module is needed but
the host doesn't have it installed, the system has a way to deal with
that.)


Has anyone seen any unique or "working" ways of handling such an issue, or
at least severely reducing the potential for it, that could be implemented
in Perl scripts?


Thanks,
Joe
 
B

Brian Wakem

Joe said:
Hello,

These days, there seems to be more and more sites relying on showing the
user weird images of characters which they then have to type in a text box
to submit a form.

I'm in the process of developing a GPL'ed website system. The system
itself works fine, so I'm looking at ways to reduce the ability for
scripts/bots/whatnot to sign up on the site or use anything that's
accessible to anonymous users (which, granted, isn't much at the moment).

But "show 'em an image" seems to be the only solution I run into.

I'm not sure if I consider that a solution, because... well, what if it's
a blind or visually impaired person trying to sign up? I want the system
to be accessible to everyone, not just people with good eyesight. (And
even with my perfect vision, I have trouble reading some of the more
"unique" graphic texts used on some sites.)

Is anyone aware of an alternative solution? The system already requires
e-mail verification, but I've seen bots that automatically read and verify
the e-mail (particularly for phpBB verification ... a bot signs up on a
phpBB board, verifies the e-mail, then proceeds to make a post on the
forum!).

So basically, I'm looking for ideas on ways to avoid issues like this,
before anyone uses my code (besides myself).

As it is, I've got a "hidden security code" system that reduces that can
reduce some such nastiness, and even auto-ban/report to admin if there's
something funny going on. But I already know it's flawed and easily
bypassable.

The limitations:
1) It's a Perl system, so anything that can be done backend-wise in Perl
is good.
2) It needs to be accessible. (Even to the blind.)
3) It cannot involve changes to the actual web server itself. (The code
needs to be useable on web hotels and such where Perl is allowed, but
there's no control over the server itself. If a Perl Module is needed but
the host doesn't have it installed, the system has a way to deal with
that.)


Has anyone seen any unique or "working" ways of handling such an issue, or
at least severely reducing the potential for it, that could be implemented
in Perl scripts?


Thanks,
Joe


You could ask a question that a bot could not answer. If John has 4 apples
and eats 2 of them, how many apples does he have left? Make up a load of
questions like this with different sentence structure and with different
themes. Unless someone was hell-bent on writing an auto-registering-bot I
think that would suffice.
 
R

Ron Savage

On Mon, 29 Aug 2005 17:30:29 +1000, Joe wrote:

Hi Joe

Besides Brian's good answer, search the mail archives of theCGI::Application
mailing list. This topic has been discussed over the last couple of weeks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,900
Latest member
Nell636132

Latest Threads

Top