Zephni Posted November 21, 2011 Share Posted November 21, 2011 Hi guys, I just decided to add an addition question in my site for submitting a form, not gonna say where coz one of you will most proberly try to prove it doesnt work! I have a feeling its easy enough for someone to send my form by getting the two variables and evaluating them. But how would they do that? and how would they know the names of the variables to send...? Is there a way of doing a math captcha that cannot be hacked? Quote Link to comment Share on other sites More sharing options...
Psycho Posted November 21, 2011 Share Posted November 21, 2011 Is there a way of doing a math captcha that cannot be hacked? I would say it is impossible to build any type of captcha - or any spam prevention method - that is foolproof. Anything hurdle could be overcome with the right tools and enough time. A math captcha could be pretty easy to overcome. The code would just need to be able to identify the values and the operation to be performed (add, subtract, divide, etc.). "How do they know what variables to send?" Easy, they just look at your HTML source code for the form and they can see exactly what fields will be sent in the POST/GET data. But, unless you have a site where someone wants to take the time to build the logic to overcome your prevention method you will be fine. Most spammers are going to want to find solutions to overcome the ready-made captchas that are implemented across many sites that they can reuse rather than build a solution specific to one site. SO, even a simple match captcha "should" suffice. Well, unless your site will become the next Facebook, but in that case you would have the resources to pay people to do it. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 21, 2011 Share Posted November 21, 2011 One thing to remember is that no captcha is safe from real, live (sub)human spammers, and there are plenty of them out there. As far as not posting where you'll be using this so someone doesn't "prove it doesn't work", if I were building it, I'd want to know how easily someone managed to code around it. Just sayin'. Quote Link to comment Share on other sites More sharing options...
xyph Posted November 22, 2011 Share Posted November 22, 2011 I'd use reCAPTCHA. It's free, and Facebook/Twitter/Ticketmaster/etc. use it. Quote Link to comment Share on other sites More sharing options...
thaiwolf Posted November 22, 2011 Share Posted November 22, 2011 maybe a look at my recent post will help you? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.