No subject


Wed Jun 27 05:48:46 CEST 2012


"
kamailio.org uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.

(Error code: sec_error_unknown_issuer)
"

Marius


On Mon, Apr 1, 2013 at 6:55 PM, Edson - Lists <4lists at gmail.com> wrote:

> Just as a side note, I've seem anti-spambots 'captcha systems' (just see,
> not implemented, nor know about a library that implement it) that use a
> dual factor approach: one that you see and one that you know.
>
> Indeed very simple: show an image and ask something about it.
> Questions can be: type just the letters, type just the numbers, type
> numbers and letters in pre-defined order (left-to-right,up-down,etc),
> number of colors, of groups, color on the booton right, etc... The
> combination are limited on the imagination. And the best: it increment in
> exponential the way bots have to work.
>
> Does anybody knows a library/system that implement such approach not all
> of them, but at least part of it?
>
> Edson.
>
> Em 01/04/2013 06:27, Daniel-Constantin Mierla escreveu:
>
>> Hello,
>>
>> as of yesterday, creation of new accounts for Kamailio's wiki site
>> requires to answer a project related question. Captcha was useless as
>> spam bots were lately going through it easily, creating accounts in a
>> rate of approx 50 new registrations per day.
>>
>> The extra question is asked just after CAPTCHA, see it at:
>> - https://www.kamailio.org/wiki/**start?do=register<https://www.kamailio.org/wiki/start?do=register>
>>
>> Hopefully the questions are simple enough to allow good people to
>> register and difficult enough for spambots to give up. It is not a very
>> sophisticated system, let's see if there will be any efforts in reverse
>> engineering to break in with bots. So far no new spammer account. If
>> they will succeed, at least they learn something useful.
>>
>> If anyone has difficulties creating wiki accounts, write an email to
>> sr-dev mailing list and it will be investigated.
>>
>> Cheers,
>> Daniel
>>
>> PS. This registration system will last, is not for April 1.
>>
>>
> ______________________________**_________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**dev<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev>
>

--e89a8f5025480c4ad904d9516940
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Some ideas about improving the security of the site:<div><=
br></div><div style>1. Drop http connections for authentication pages=A0</d=
iv><div style>2. Fix the =A0<a href=3D"http://kamailio.org">kamailio.org</a=
> certificate. At the moment the identity of the domain can&#39;t be establ=
ished as there is no issuer chain provided with it.</div>
<div style><br></div><div style>From Firefox information page:</div><div st=
yle>&quot;</div><div style><div><a href=3D"http://kamailio.org">kamailio.or=
g</a> uses an invalid security certificate.</div><div><br></div><div>The ce=
rtificate is not trusted because no issuer chain was provided.</div>
<div><br></div><div>(Error code: sec_error_unknown_issuer)</div><div>&quot;=
</div><div><br></div><div style>Marius</div></div></div><div class=3D"gmail=
_extra"><br><br><div class=3D"gmail_quote">On Mon, Apr 1, 2013 at 6:55 PM, =
Edson - Lists <span dir=3D"ltr">&lt;<a href=3D"mailto:4lists at gmail.com" tar=
get=3D"_blank">4lists at gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Just as a side note, I&#39;ve seem anti-spam=
bots &#39;captcha systems&#39; (just see, not implemented, nor know about a=
 library that implement it) that use a dual factor approach: one that you s=
ee and one that you know.<br>

<br>
Indeed very simple: show an image and ask something about it.<br>
Questions can be: type just the letters, type just the numbers, type number=
s and letters in pre-defined order (left-to-right,up-down,etc), number of c=
olors, of groups, color on the booton right, etc... The combination are lim=
ited on the imagination. And the best: it increment in exponential the way =
bots have to work.<br>

<br>
Does anybody knows a library/system that implement such approach not all of=
 them, but at least part of it?<br>
<br>
Edson.<br>
<br>
Em 01/04/2013 06:27, Daniel-Constantin Mierla escreveu:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Hello,<br>
<br>
as of yesterday, creation of new accounts for Kamailio&#39;s wiki site<br>
requires to answer a project related question. Captcha was useless as<br>
spam bots were lately going through it easily, creating accounts in a<br>
rate of approx 50 new registrations per day.<br>
<br>
The extra question is asked just after CAPTCHA, see it at:<br>
- <a href=3D"https://www.kamailio.org/wiki/start?do=3Dregister" target=3D"_=
blank">https://www.kamailio.org/wiki/<u></u>start?do=3Dregister</a><br>
<br>
Hopefully the questions are simple enough to allow good people to<br>
register and difficult enough for spambots to give up. It is not a very<br>
sophisticated system, let&#39;s see if there will be any efforts in reverse=
<br>
engineering to break in with bots. So far no new spammer account. If<br>
they will succeed, at least they learn something useful.<br>
<br>
If anyone has difficulties creating wiki accounts, write an email to<br>
sr-dev mailing list and it will be investigated.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
PS. This registration system will last, is not for April 1.<br>
<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
sr-dev mailing list<br>
<a href=3D"mailto:sr-dev at lists.sip-router.org" target=3D"_blank">sr-dev at lis=
ts.sip-router.org</a><br>
<a href=3D"http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" tar=
get=3D"_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/=
sr-<u></u>dev</a><br>
</blockquote></div><br></div>

--e89a8f5025480c4ad904d9516940--



More information about the sr-dev mailing list