Am 22.11.2013 15:31, schrieb Alexander Farber: > I've spent last 2 hours with Drupal CAPTCHA module - > the default image and math captchas didn't stop > any spam user at all - I could see fake users > still registering - every few seconds (scary!). > > I have uploaded a russian font then and configured > the CAPTCHA to use russian letters only > (since my site is targeting Russian users) - > this has stopped them for now. > > I'm just saying, that the whole problem isn't trivial > and obvious comments (install captcha etc.) > aren't really helping here, that's why I asked > the specific postfix question here...
that's why i did not name captcha only besdies that your "3 dots in username part" should happen on the webserver * it is using a captcha in first front * it is using a hidden session token *too* * it is using one or more spam-trap fields *too* ____________________________________________________ that is why you got also another answer with https://drupal.org/project/honeypot how such things are working? * place some hidden fields with random values * store that values in the server session * expect on the server some of them submitted with the exact value * expect on the server some of them submitted *not* with this value achieved by change them with javascript <noscript>-tags to tell the user clearly he needs to enable it in case of noscript-extensions the typical "attacker" will analyze the source code for hidden fields and send the exact values - for all of them -> game lost because it takes too much time and effort to find out what is allowed to be sumitted with what value and even if i get broken in that context my next defense would be to name these trap-fields randomly, shuffle which are allowed and which are not and store an array in the server-session with that choices - obfuscate that and a "attacker" needs to careful analyze each time the source code -> guess hwat. he goes to a different website that#s why i write my own CMS systems and avoid Wordpress, Drupal, Jommla and what not because i can react to issues in a timly and working manner ____________________________________________________ this *is not* a MTA issue and will never be
