Comments

Carl 'SAI' MitchellFebruary 10, 2012 3:56 PM

Or HAL 9000's voice, depending on your preference.

The whole thing is rather accurate. Especially the security questions that everyone knows the answers to.

mjkFebruary 12, 2012 3:53 PM

I once had a spam-bot problem on a site I ran, and as an interim measure, I added a static "captcha" that simply said "Foo" in plain, easy-to-read letters.

It worked for quite a while.

JonadabFebruary 14, 2012 7:47 AM

> I once had a spam-bot problem on a
> site I ran, and as an interim measure,
> I added a static "captcha" that simply
> said "Foo" in plain, easy-to-read letters.

That (or even using the text of the page to tell the user what to type) is good enough to defeat a lot of the simple generic bots that crawl the web posting spam on a lot of different sites, because they're designed to pick off the low-hanging fruit, and there are a lot of sites out there with, for whatever reason, no CAPTCHA at all. Even attempting to post the message on moderated blogs, like on Blogger, gets a decent ROI for these bots, because it's dead easy and usually gets *one* person (the blog owner) to see the message.

However, if you run a site that's going to get targeted specifically (like any really popular forum or wiki or webmail service) then you're going to have to deal with bots that can do at least basic OCR and maybe more.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..