[sr-dev] Wiki site registration updates - OFF-TOPIC

Daniel-Constantin Mierla miconda at gmail.com
Mon Apr 1 21:53:37 CEST 2013 

On 4/1/13 7:55 PM, Edson - Lists wrote:
> Just as a side note, I've seem anti-spambots 'captcha systems' (just 
> see, not implemented, nor know about a library that implement it) that 
> use a dual factor approach: one that you see and one that you know.
>
> Indeed very simple: show an image and ask something about it.
> Questions can be: type just the letters, type just the numbers, type 
> numbers and letters in pre-defined order (left-to-right,up-down,etc), 
> number of colors, of groups, color on the booton right, etc... The 
> combination are limited on the imagination. And the best: it increment 
> in exponential the way bots have to work.
>
> Does anybody knows a library/system that implement such approach not 
> all of them, but at least part of it?
I haven't seen so far by myself, but indeed should be much more secure 
than classic captcha, at least for spambots. I coded the requiz plugin 
(as I named the one asking questions) for dokuwiki by looking at the 
captcha module. I had the idea and the rest was just stripping captcha 
and adding few bits to it. I am not real php developer to go more into 
image processing or what so ever. Anyhow, being open source is the main 
benefit here, one can take it to the next level independently of the 
initial developer.

On the other hand, I am aware of services offered by people/companies in 
countries with low wages. So practically there are humans creating the 
accounts and they the pass forward usernames/passwords to spamming 
companies. For your idea, just knowing basic English should be 
sufficient to break it, for requiz on project's wiki they have to learn 
a bit about kamailio. I do have already several ideas to improve its 
protection, I just want to see how long it takes for spammers to break 
it in current version... If anyone is interested, we can discuss about 
it, I give the ideas, you code! :-)

Btw, the plugin is available on dokuwiki site (well, April 1 seems to be 
applied there, too):
- https://www.dokuwiki.org/plugin:requiz

Cheers,
Daniel

>
> Edson.
>
> Em 01/04/2013 06:27, Daniel-Constantin Mierla escreveu:
>> Hello,
>>
>> as of yesterday, creation of new accounts for Kamailio's wiki site
>> requires to answer a project related question. Captcha was useless as
>> spam bots were lately going through it easily, creating accounts in a
>> rate of approx 50 new registrations per day.
>>
>> The extra question is asked just after CAPTCHA, see it at:
>> - https://www.kamailio.org/wiki/start?do=register
>>
>> Hopefully the questions are simple enough to allow good people to
>> register and difficult enough for spambots to give up. It is not a very
>> sophisticated system, let's see if there will be any efforts in reverse
>> engineering to break in with bots. So far no new spammer account. If
>> they will succeed, at least they learn something useful.
>>
>> If anyone has difficulties creating wiki accounts, write an email to
>> sr-dev mailing list and it will be investigated.
>>
>> Cheers,
>> Daniel
>>
>> PS. This registration system will last, is not for April 1.
>>

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, April 16-17, 2013, Berlin
  - http://conference.kamailio.com -

More information about the sr-dev mailing list