asian new zealand IT

Geekzone's captcha potential exploit?

, posted: 14-Feb-2007 11:16

I just noticed that geekzone's captcha (at least for blog comments) isn't actually using actual image (as usually captcha is). Instead it's using javascript document.write, randomly generated DIV's and SPAN's IDs, and encoded letters (e.g.: & for '&'). I thought it'd be reasonably easy to write a Firefox GreaseMonkey script to read the captcha code. GreaseMonkey reads the DOM instead of the html source, so it doesn't matter if it's encoded and using document.write.

This is the first time I see this sort of technique used for captcha.

Other related posts:
Food delivery Auckland
php phd
Pizza King (Wellington)

Comment by freitasm, on 14-Feb-2007 11:33

The idea is to create an easy system, and bots are getting even smarter and breaking images... So really it's just another factor in the overall protection. Remember that after submiting a comment the sender will still  receive an e-mail with a unique link that needs to be clicked for confirmation.

Comment by muppet, on 14-Feb-2007 12:19

I don't see why such a system is needed at the moment anyway. Most blogs only have a few comments and they're all moderated, even though I've typed in the jibber jabber. @freitasm: "Remember that after submiting a comment the sender will still receive an e-mail with a unique link that needs to be clicked for confirmation." I've never gotten this? Instead a get a message saying my comment is awaiting moderation. Am I a known troll?

Comment by muppet, on 14-Feb-2007 12:20

Oh, having posted that I see it appeared straight away. Moderation must be on a per-blog basis (I don't have a GZ blog so I don't know...)

Comment by freitasm, on 14-Feb-2007 12:37

Moderation is a per blog option, but e-mail authentication is always on, except if you are already logged in with your Geekzone account. In this case we don't send the e-mail confirmation (because we already confirmed your e-mail at registration time), but still follow the moderation rules set by the blog owner.

There's a long explanation of the process in our Geekzone Blog.

Comment by rty, on 5-Sep-2009 02:28

Being a freshman in blogging, I really appreciate such resources where people write constructive posts about useful things in a good understandable manner. I've already found quite a lot of interesting articles by rapidshare search engine. Thanks God, I've also found your blog.

Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage: