[nycphp-talk] NEW PHundamentals Question
Adam Maccabee Trachtenberg
adam at trachtenberg.com
Tue Feb 10 10:49:53 EST 2004
On Tue, 10 Feb 2004, Dan Cech wrote:
> The porn attacks on captchas is definitely inventive and no doubt very
> effective, harnessing the power of 15 year olds everywhere....I love it.
> Jon has a good point about not actually requiring a response to do
> damage. The mechanism to generate the captchas had better be efficient
> or you're opening yourself up for a DOS attack from anyone who can flood
> the form with GET requests...
I'm not really sure why captcha generation would be the weak link that
someone would use to DOS the box. Wouldn't it be easier to write a
Windows virus to just flood the box with requests?
However, if you were really worried about the extra load, it would
trivial pre-generate 1,000,000 captchas and serve the images up
randomly upon request. If you were super concerned, you could even
offload this task to a separate server optimized for serving static
content.
-adam
--
adam at trachtenberg.com
author of o'reilly's php cookbook
avoid the holiday rush, buy your copy today!
>From hans not junk at nyphp.com Tue Feb 10 11:00:40 2004
Return-Path: <hans not junk at nyphp.com>
Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3])
by virtu.nyphp.org (Postfix) with ESMTP id 68726A87FC
for <talk at lists.nyphp.org>; Tue, 10 Feb 2004 11:00:40 -0500 (EST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 10 Feb 2004 08:00:35 -0800
Message-ID: <41EE526EC2D3C74286415780D3BA9F877725FA at ehost011-1.exch011.intermedia.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: OT: genius WAS: NEW PHundamentals Question
Thread-Index: AcPvpvsmUpkozQM1SdClfzTLUslpJwAR79Jw
From: "Hans Zaunere" <hans not junk at nyphp.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Subject: [nycphp-talk] OT: genius WAS: NEW PHundamentals Question
X-BeenThere: talk at lists.nyphp.org
X-Mailman-Version: 2.1.2
Precedence: list
Reply-To: NYPHP Talk <talk at lists.nyphp.org>
List-Id: NYPHP Talk <talk.lists.nyphp.org>
List-Unsubscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
<mailto:talk-request at lists.nyphp.org?subject=unsubscribe>
List-Archive: <http://lists.nyphp.org/pipermail/talk>
List-Post: <mailto:talk at lists.nyphp.org>
List-Help: <mailto:talk-request at lists.nyphp.org?subject=help>
List-Subscribe: <http://lists.nyphp.org/mailman/listinfo/talk>,
<mailto:talk-request at lists.nyphp.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2004 16:00:40 -0000
> > i knew SOMEONE would bring up OCR
>=20
> That wasn't OCR. It's actually a very creative technique. As far as
I'm
> aware, Yahoo was the first one that was attacked with this method.
Rasmus
> was talking about it at ApacheCon.
"The ingenious crack is to offer a free porn site which requires that
you key in the solution to a captcha -- which has been inlined from
Yahoo or Hotmail -- before you can gain access. Free porn sites attract
lots of users around the clock, and the spammers were able to generate
captcha solutions fast enough to create as many throw-away email
accounts as they wanted."
Really, that is genius. Almost kind of makes me to join force with
spammers... *duck* - it's certainly more clever than anything Norton or
McAfee have come up with :) =20
> Maybe this would make a nice NYPHP demo? :-) Complete with porn?
Sure... a PHundamentals called: "Gotchas with Captchas" :)
H
More information about the talk
mailing list