[Coco] Smart subscription bots

[Andrew]

> Message: 4
> Date: Sun, 21 Jun 2009 23:54:29 -0500
> From: Dave Kelly <daveekelly1 at embarqmail.com>
> Subject: Re: [Coco] Smart subscription bots
> To: CoCoList for Color Computer Enthusiasts <coco at maltedmedia.com>
> Message-ID: <4A3F0E85.8090608 at embarqmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Yes they would if they know what to look for. That information has to 
> stay in memory until it is compared.

I'm not sure what you mean by that; if the server is set up properly, a 
client should have no access to the server's memory. The server should 
generate the captcha as an image, store the real value of the captcha 
into a session variable (maybe one that expires in 5 minutes), and show 
the image to the user (client). When the server gets the POST response 
with the form variable containing the user-submitted captcha 
information, compare it with the session variable and if it matches, good.

The trick is in coming up with a captcha message (image) that will fool 
a bot but not be impossible to decipher by a human. There are numerous 
site plugins and such available for this purpose that allow the 
regeneration of the captcha by the user if they can read it. Some make 
you enter two words instead of one (separated by a space). I haven't 
seen a system like this, but perhaps you could have them answer a 
question (coco related), but generate the questions and answers (simple 
one or two word answers) as "captcha-style" images (ie, warped 
letters/colors/fonts/spacing/etc), and have the user type their answer? 
Or make them answer a question about another page on the site (on this 
page at this link, what is the fourth word from the right ten lines down 
that is the color purple?).

Eventually you get to a point where you might tick off actual people 
trying to join, unfortunately.

-- Andrew L. Ayers, Glendale, Arizona