Human validation with an image

[DrPike]

Hi guys,

I'm a new python user so I haven't a deep experience in.

The problem: I need to manage thousands of registration form for an
incoming congress, and I need to avoid spambots.

The idea should be to send a light image containig an alphanumeric
string, with a bit of manipulation (eg. bkground noise, distortions
and so on) in order to make a possible interpretation by humans but
programs.

I saw something of similar in the phpnuke User's Login block (Security
Code),
(http://www.phpnuke.org ).

May someone help me?

Tnx in advance,
-- DrPike --

 

[Paul Rubin]

The idea should be to send a light image containig an alphanumeric
string, with a bit of manipulation (eg. bkground noise, distortions
and so on) in order to make a possible interpretation by humans but
programs.

See www.captcha.net.

 

[Aahz]

The problem: I need to manage thousands of registration form for an
incoming congress, and I need to avoid spambots.

The idea should be to send a light image containig an alphanumeric
string, with a bit of manipulation (eg. bkground noise, distortions
and so on) in order to make a possible interpretation by humans but
programs.

With thousands of registrations, you're going to have at least a few
blind or visually-impaired users. Bad move. Instead, ask a question
that requires intelligence to answer. (E.g. "What color is the sky?" or
"What is the third word of the second paragraph?" or "Give me the first
letter of each word of the following phrase: spam and eggs")

 

[Peter Hansen]

With thousands of registrations, you're going to have at least a few
blind or visually-impaired users. Bad move. Instead, ask a question
that requires intelligence to answer. (E.g. "What color is the sky?" or
"What is the third word of the second paragraph?" or "Give me the first
letter of each word of the following phrase: spam and eggs")

I was thinking this problem shouldn't be very hard, given how
far computers are from passing the Turing Test... on the other hand,
one difficulty with any of the above is that if the test is fairly
static, anyone could quickly write a program that would respond
appropriately and get past this.

One advantage of the image approach is that it is at least more difficult
to get past, both initially for the programmer, and each time from
a computational point of view. Unfortunately, it really doesn't
require intelligence per se.

Has no one yet written a nice "engine" which can with relatively
little inconvenience to the user, establish that user's intelligence
(and, most likely, command of one particular spoken language), in
a way that would stand up to programmatic attacks in a more robust
fashion? What would it take?

It wouldn't be enough just to vary the "third word" part, since once
the pattern is apparent, parsing the text becomes pretty easy. A
fixed database of generic questions, such as "what color is the sky"
quickly becomes amenable to what is effectively a dictionary attack.

Other options? Or pointers to the right keywords to let someone
investigate the state of the art/literature more closely?

-Peter

 

[Peter Hansen]

Other options? Or pointers to the right keywords to let someone
investigate the state of the art/literature more closely?

Dang time machine: http://www.captcha.net/ . Thanks Paul.

-Peter

 

[Dennis Reinhardt]

With thousands of registrations, you're going to have at least a few

blind or visually-impaired users. Bad move. Instead, ask a question
that requires intelligence to answer.

Arguably, there are more intelligence-impaired people than visually
impaired. This whole challenge-response approach may be a bad move.

(E.g. "What color is the sky?"

black - night time
white - cloudy day
red - http://www.sunherald.com/mld/sunherald/news/nation/7495641.htm
blue - clear day

The "intelligence" in such questions is often a matter of correctly modeling
what assumptions the questioner was making.

 

[DrPike]

Thanks for your answer!

DrP
---

Dang time machine: http://www.captcha.net/ . Thanks Paul.

-Peter

 

[Gary Bishop]

Dang time machine: http://www.captcha.net/ . Thanks Paul.

For a brilliant scheme for defeating these things check out this
posting at slashdot.

http://yro.slashdot.org/article.pl?sid=04/01/28/1344207&mode=thread

I'm not saying I approve of it, but wow, if these people would put
their minds to doing something to make the world better...

gb

 

[Peter Hansen]

Dang time machine: http://www.captcha.net/ . Thanks Paul.

For a brilliant scheme for defeating these things check out this
posting at slashdot.

http://yro.slashdot.org/article.pl?sid=04/01/28/1344207&mode=thread

I'm not saying I approve of it, [snip]

You're right! Darned spammers. They should leave the porn sites
alone, I say.

-Peter

 

[Anton Vredegoor]

Other options? Or pointers to the right keywords to let someone
investigate the state of the art/literature more closely?

One idea might be to ask the user to answer a specific computing
intensive question, for example solving a randomly generated traveling
salesman problem of a suitable size. The idea behind this is that a
spammer wants to send thousands of messages and can't afford to
compute the answer to these questions thousands of times, while a
single user can afford to let his computer chew on a problem for a few
seconds.

I would be interested in a Python implementation of this mail
validation scheme.

Anton