[thelist] Captcha??

Bill Moseley moseley at hank.org
Wed Nov 8 20:54:44 CST 2006

On Wed, Nov 08, 2006 at 06:49:38AM -0500, Flavia Tarzwell (FayeC) wrote:
> I have been asked to install captchas on 5 forms that are getting tons 
> of injections daily.....

Do you have sessions?  On one site that requires sessions I create a
unique id that is only valid for a specific amount of time and can
only be used once.

On another site that didn't want to depend on sessions I encoded the
time of day down to the minute along with a secret key into a hash.
Then on form submission I would just re-generate all the keys for the
last 10 minutes or so and look for a match.  It was crude, but it
basically stopped a reasonably bad problem.

Some robots were just sending posts to the form.  For some reason
requiring them to fetch the form first (withing the time period) was
enough to fix it.  You might not be so lucky with this method if the
programmer is smart enough to fetch the form first.

But, it might be enough to reduce the problem to something you can

> The issue is.......one of the sites is hosted in an IIS machine without 
> PHP support and the captchas I found for ASP require files to be copied 
> to the server's root folders.
> Some hosts charge for installation and then monthly afterwards to have 
> the files copied to the root folders.

Hardly seems worth your business.

Bill Moseley
moseley at hank.org

More information about the thelist mailing list