G
gabriele renzi
Markus ha scritto:
you don't need the best everything would be ok
you don't need the best everything would be ok
C
Charles Hixson
gabriele said:Markus ha scritto:
imho they could be even simpler, just have an array of
question/answer things like
"enter 2 plus 2" "4"
"the color of a white horse" "white"
"4 letters, Read The Fricking Manual" "RTFM"
"the thing after 1 and 2 " "3"
no standard way for a bot to guess, and totally dumb for a user
I recall a t-shirt over thinkgeek that was "if you're with an halfing
and a dragon, remember, you don't have to outrun the dragon, you have
to outrun the halfling"
C
Charles Hixson
...
Sorry, that was supposed to be:
The color of a white horse is grey!
But I slipped and not only replied too soon, but even to the wrong parent.
Sorry, that was supposed to be:
The color of a white horse is grey!
But I slipped and not only replied too soon, but even to the wrong parent.
D
David Ross
Solution, check RBL lists..Richard said:
http://rbls.org/?q=200.98.136.108
implement to check these I use as well..
opm.blitzed.org, /* Remeber this is a hijacked-IP
range domain, so its your choice to use. Questions, ask me. */
list.dsbl.org,
bl.spamcop.net,
sbl-xbl.spamhaus.org,
dnsbl.njabl.org,
http.dnsbl.sorbs.net,
socks.dnsbl.sorbs.net,
misc.dnsbl.sorbs.net,
smtp.dnsbl.sorbs.net,
web.dnsbl.sorbs.net,
spam.dnsbl.sorbs.net,
block.dnsbl.sorbs.net,
zombie.dnsbl.sorbs.net,
rhsbl.sorbs.net,
dnsbl.ahbl.org
You were attacked, yes. Solution is to implement RBLs. This is what to
do if you are going to be under attack. Some people don't care like big
sites. I know Rubyforge isn't HUGE and has 100000 Terrabytes of
transfer a month, so its best to implement RBL
Thanks have a nice day, for the solution.
David Ross
B
Brian Candler
Think creatively. You could fairly easily come up with a text
I disagree; I'd be surprised if more than 10% of the general population
could get past that barrier (although maybe if you gave them two or three
tries you'd get more).
I was listening to a (UK) breakfast radio show this morning, and they
decided to give some questions from a pub quiz. The question "what is two
cubed divided by two squared?" had the *presenters* stumped, let alone the
audience.
Perhaps that duck example is not typical of what you were proposing, but in
any case I find it highly ambiguous. Are we supposed to assume that ducks
don't eat shoes? (=> Answer 14). Or to assume that all the shoes would be
eaten? (=> Answer 0). Since we are clearly in a nonsense world here, with
such things as "early shoes" which don't exist in the real world, we can
apply whatever rules we like to come up with an answer.
Or, given that there were 14 shoes, perhaps 7 were right and 7 were left.
(Argh!!)
Regards,
Brian.
I disagree; I'd be surprised if more than 10% of the general population
could get past that barrier (although maybe if you gave them two or three
tries you'd get more).
I was listening to a (UK) breakfast radio show this morning, and they
decided to give some questions from a pub quiz. The question "what is two
cubed divided by two squared?" had the *presenters* stumped, let alone the
audience.
Perhaps that duck example is not typical of what you were proposing, but in
any case I find it highly ambiguous. Are we supposed to assume that ducks
don't eat shoes? (=> Answer 14). Or to assume that all the shoes would be
eaten? (=> Answer 0). Since we are clearly in a nonsense world here, with
such things as "early shoes" which don't exist in the real world, we can
apply whatever rules we like to come up with an answer.
Or, given that there were 14 shoes, perhaps 7 were right and 7 were left.
(Argh!!)
Regards,
Brian.
M
Matt Mower
I agree with Brian -- I couldn't make head nor tail of it.
M
M
B
Brian Schröder
I have to admit that I don't get it. It reminds me of the old joke:
Six men get into the bus,
three leave,
how old is the driver?
Regards,
Brian
T
trans. (T. Onoma)
| >
| > Three things that go "quack" landed in a circular pond
| > that was 10 meters across. They found fourteen early shoes
| > and each of them ate as many as he wanted. How many shoes
| > were left?
|
| I have to admit that I don't get it. It reminds me of the old joke:
|
| Six men get into the bus,
| three leave,
| how old is the driver?
I think it was just demo of potential. And I think we sort of narrowed it
to simple word scrambles. But you are right, I don't think any of it is a
great idea.
But I wonder how effective a simple javascript combination lock would be, For
examplem imagine three button labelled 1..3 .
Click on buttons in labelled order to save:
[ 2 ] [ 3 ] [ 1 ]
It might seem silly, but I wonder how well spammers would be able to adapt to
having to interact with a javascript like this?
T.
| > Three things that go "quack" landed in a circular pond
| > that was 10 meters across. They found fourteen early shoes
| > and each of them ate as many as he wanted. How many shoes
| > were left?
|
| I have to admit that I don't get it. It reminds me of the old joke:
|
| Six men get into the bus,
| three leave,
| how old is the driver?
I think it was just demo of potential. And I think we sort of narrowed itto simple word scrambles. But you are right, I don't think any of it is a
great idea.
But I wonder how effective a simple javascript combination lock would be, For
examplem imagine three button labelled 1..3 .
Click on buttons in labelled order to save:
[ 2 ] [ 3 ] [ 1 ]
It might seem silly, but I wonder how well spammers would be able to adapt to
having to interact with a javascript like this?
T.
P
Phlip
Brian said:
If a chicken and a half can lay an egg and a half in a day and a half, how
long does it take a grasshopper to kick the seeds out of a watermelon?
R
Ruby Noob
Phlip said:
Five pounds of flax.
M
Markus
*smile* Less than that, because the majority of the general
population does not know english. I someone else noted, this was a
contrived example (and, I gather, not a very good one). But note also
that I suggested having a quiz/contest to come up with better ideas--the
important point here being the general structure, not the particulars.
I tried to cram all of the proposed mechanisms into one example
(all except the spelling errors, which I hadn't thought of yet); I see
now that this was a very bad way to present them. Imagine instead of my
duck problem a whole collection of questions that require different
sorts of answers but look structurally similar to some of the other
questions in the collection. In other words:
* If I have seven pairs of shoes how many shoes do I have?
* What goes "quack"?
* In "The tired man gave algebraic his wife a kiss" what word
doesn't belong?
* In "Bananas are generally yellow or greed?" what word is
misspelled?
* If you could have all the shoes you wanted, how many would you
eat?
* ...and so forth
If these questions were "randomly" generated be a heterogeneous
collection of simple plug-ins, it would be easy for us and hard for
them.
Yes, putting all the obfuscation techniques in one example was
definitely dumb on my part. Sorry.
-- Markus
D
dross
I don't know if anyone read the [SOLUTION] RubyGarden thread from all the
other emails. The best solution is to implement checks to the RBL servers,
then have cleanup. over 85%(maybe more) would be blocked, and the rest
could be implemented to have a way to reverse any changes made by certain
ips which were not in the RBLs(which is unlikely but possible).
David Ross
B
Brian Candler
I tried to cram all of the proposed mechanisms into one example
I can only think of a few different ways to generate the pool of questions
to show to the user and the expected answers:
1. Someone writes a database of questions and answers and distributes it
to whoever wants it (but then the spammers get it as well)
2. Someone writes a knowledgebase which can be used to generate the
questions algorithmically (but that means it will be easy to reverse
the process, given the same knowledgebase and the program which generates
the questions)
So you would also need some obfuscation: enough to be hard to reverse for a
computer program, but not enough to confuse a human.
Alternatively:
3. Each wiki author writes their own questions and answers (too much work)
4. Each visitor to the site can contribute a new question and answer
(risks pollution with questions that don't work; probably needs
moderating)
Others?
Regards,
Brian.
...etc
I can only think of a few different ways to generate the pool of questions
to show to the user and the expected answers:
1. Someone writes a database of questions and answers and distributes it
to whoever wants it (but then the spammers get it as well)
2. Someone writes a knowledgebase which can be used to generate the
questions algorithmically (but that means it will be easy to reverse
the process, given the same knowledgebase and the program which generates
the questions)
So you would also need some obfuscation: enough to be hard to reverse for a
computer program, but not enough to confuse a human.
Alternatively:
3. Each wiki author writes their own questions and answers (too much work)
4. Each visitor to the site can contribute a new question and answer
(risks pollution with questions that don't work; probably needs
moderating)
Others?
Regards,
Brian.
E
Eivind Eklund
[ ... on using question based "captchas" with questions a human can
recognize, but a computer cannot ...]
[ ... ways to get questions deleted ... ]
The idea here is really using the ability of humans to recognize
patterns and the set of facts that humans know to distinguish a human
from a computer.
An example of such a question is "Is the following page data from a
legitimate page in this Wiki or from a spoof?", then showing a random
page (or part of one) either from the legitimate Wiki pages in that
Wiki, or from another Wiki.
Unfortunate issue: This is possibly possible to overcome by mirroring
the entire site and doing matching. I initially thought that that
could be defended against by linking in the "fake data" and showing
that as part of the real wiki (not much bother for visitors, noticable
bother for bots), but unfortunately it may be possible to look at the
interconnectedness of the two sets of pages (one from the real
on-topic Wiki, the other from the "shadow" Wiki) and thus do a good
guess on whether the page is real or fake. It DOES add significant
hurdles, though.
Eivind.
recognize, but a computer cannot ...]
[ ... ways to get questions deleted ... ]
The idea here is really using the ability of humans to recognize
patterns and the set of facts that humans know to distinguish a human
from a computer.
An example of such a question is "Is the following page data from a
legitimate page in this Wiki or from a spoof?", then showing a random
page (or part of one) either from the legitimate Wiki pages in that
Wiki, or from another Wiki.
Unfortunate issue: This is possibly possible to overcome by mirroring
the entire site and doing matching. I initially thought that that
could be defended against by linking in the "fake data" and showing
that as part of the real wiki (not much bother for visitors, noticable
bother for bots), but unfortunately it may be possible to look at the
interconnectedness of the two sets of pages (one from the real
on-topic Wiki, the other from the "shadow" Wiki) and thus do a good
guess on whether the page is real or fake. It DOES add significant
hurdles, though.
Eivind.