Jump to content

[Suggestion] Java-applet Captcha


Guest W13

Recommended Posts

An option to use a Java-based CAPTCHA will be great. I'm sure all IPB users can say they've suffered from spam attacks and/or scamming PMs/emails... and ban-evaders (people that just DHCP a new IP).

Benefits of using Java applet based CAPTCHA
- Real IP (proxies won't work)
- Machine number (aka. MAC address) banning
- Animated CAPTCHA that's very difficult (impossible) for auto-captcha-solving mechanisms to solve

... and EVERYBODY has Java... there's Java on my cell phone even! :-P

Link to comment
Share on other sites

I don't have Java. "Everybody" is an overstatement. To add, I refuse to get it, too. Java is pure evil.

Now, playing devil's advocate on your other points:
Real IP: Except in cases where the user is on a LAN (almost all), in which case you'll get only their LAN IP. Pretty useless.
Machine Number: An easily modifiable number which tells you nothing. Also note that only Java 6 can access the MAC, and I imagine people will be pretty reluctant to download that, since it was only released in June this year. Pretty useless.
Animated CAPTCHA: No more difficult than simply using animated GIFs instead of static ones. Either way will definitely alienate your membership. Pretty useless.

And to really throw the whole argument out the window, the Java environment (JRE) is Open Source which means all your spammer needs to do then is create a custom JRE with functionality to report a fake MAC, report a fake IP, and of course extract the images as GIFs or JPEGs which are easy for the spambot to decode.

Java is never the answer. (Please note, I reserve the same hatred for Flash).

Link to comment
Share on other sites

  • 4 weeks later...

Apologies for the late reply.

As a community based on a Java based game (A MMORPG, Runescape) this seems like an ideal solution for us.

How exactly would animating the captcha "alienate" our community? They only see the captcha once, at the registration.

If the person attempting to register does not have java, they are most likely a person we do not want at our community.
If they are ban evading or already in posession of an account at the community, the registration process does not continue and the applet would offer alternatives ("Appeal a ban", redirect to account recovery, etc). Habitual ban evaders, and those that simply re-register each month for forgetting their previous accounts would probably not bear an interest in changing their mac address, spoofing IPs, etc.

The real IP, we mean to obtain the true ip behind the proxy. Even the lan IP would assist as one small piece of information shaping the whole regardless if they are using a large network or not.

The primary issue this is stemming from is a person that is registering with our forums to spam a keylogger. This person has created over 200 accounts in a year and making at least 10 posts before being stopped by moderators each time. They want to do this as quickly and as repeatedly as possible, and possibly will not bear an interest in repeatedly changing the info, if they are even able to code their own jre.

The cat and mouse game can go on forever, but the point is the longer it takes them to get into the community, the less interest they are going to have in bothering to register and go after easier targets. If they are clean, they won't have a problem getting in, if they're causing problems, it'll get harder and harder to get in.

Link to comment
Share on other sites

Java is rather slow... Flash would be ideal. But for nitches like Runescape, I guess you could do that.... For Runescape. I don't see it being useful anywhere else.




flash/java/ a new coding lang from the year 3028 in this year.

dont really matter to me. its the features that it can offer that i like :) (the 3 listed on the first post)

i would really like to see this as a feature. it would be amazing imo!
Link to comment
Share on other sites

flash/java/ a new coding lang from the year 3028 in this year.



dont really matter to me. its the features that it can offer that i like :) (the 3 listed on the first post)



i would really like to see this as a feature. it would be amazing imo!



It would also, as I said, be useless. A Java applet would only be able to access the LAN IP, an easily modifiable Media Access Code (MAC) and even then only with JRE v6, and animated CAPTCHAs would be blasted irritating.

I should also add that an applet that accesses your MAC address among other (so-called) unique information will probably require a trust level people aren't going to give an applet from some no-name website (or, hell, even a well-known website).
Link to comment
Share on other sites

animated isnt like. a tv show animated.

its like.

showing one section of a letter and then fading it away and showing another section. (but keeping the sections that are fading and coming to not touching) edit: slow enough a bot cannot read the letter. but a human mind can.

something like. a curtain blind...

if i recall. someone over at ipsbeyond already has done it.. (custom... :/) (just the animated captha. it uses standard image format.)

Link to comment
Share on other sites

animated isnt like. a tv show animated.



its like.



showing one section of a letter and then fading it away and showing another section. (but keeping the sections that are fading and coming to not touching) edit: slow enough a bot cannot read the letter. but a human mind can.



something like. a curtain blind...



if i recall. someone over at ipsbeyond already has done it.. (custom... :/) (just the animated captha. it uses standard image format.)



Yeah, or animated like text written on a waving flag - or on the surface of water (with rain-drops occasionally falling on the water). <-- I've seen both of these effects done in Java like a decade ago, so I know for a fact it's possible.

Also- colorful smoke can also be billowing in front of the text... all this while the text changes colors (each letter independently).

It'll be impossible for even some of the best CAPTCHA-crackers to read text off those!

It can also show lots of text - and the java applet can say, "Enter the letters behind the blue smoke" (and there can be 3 different areas of smoke: red, blue, and green).
Link to comment
Share on other sites

Animated CAPTCHA's? Some one please kill me now. We have a ton of alternatives available to us to now to make it more difficult. I hope "we" realize that animated CAPTCHA's will get broken, and it won't take long. Adding multiple text streams behind different colored smoke and having the user pick them out? I won't even go into the color blindness issue on this, just into the its incredibly annoying already, what the hell else you want to do to our users? I use advanced GD2 version of CAPTCHA, its by no means perfect, but its effective. As an admin you have to police spam accounts from time to time. That is also why you have moderators to help you out.

Java vs No Java... Round 5 billion +1

Its sad as son as I started to read this thread I knew where it was going.I personally don't care if these are implemented with java (I have other issues). Java is not the devil and its no the savior. It does have its benefits and its drawbacks.

Now for the other issues. As Kyanar said:

I should also add that an applet that accesses your MAC address among other (so-called) unique information will probably require a trust level people aren't going to give an applet from some no-name website (or, hell, even a well-known website).



The MAC is already being faked on way to many computers. I know people who just spoof it to just do it. As for the Network IP... what the hell is this going to do as a benefit. I work for the US Marine Corp here in Oki. You have someone else (civilian, contractor, Marine, whever) come to your site and get you to ban the IP of the network (router) now I take my happy little butt and oh wait banned. This is almost like saying I have a rat in the house, nuke the city.

But even beyond that, when you start reading personaly identifiable information from my computer and transmitting it back, associating it with other personally identifiable information, I start to have a serious issue with you, especially if you do not publicly, and visibly (as in not hidden in 500 pages of crap text) whta you are doing and give the user the option to turn it off or leave the site before you collect it.
Link to comment
Share on other sites

I'm going to have to agree that JAVA is overkill for preventing spam bots. The current system (using GD2) works perfectly well, but even if it didn't, a simple solution would be to include letters of more than one color in the CAPTCHA and write in the instructions to only enter those of a certain color.

For ban evaders, you really can't fix the problem using the solutions suggested above anyway, so quite honestly, this doesn't seem like something that needs to be built-in.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...