Deutsch English Français Italiano |
<usvu8g$1slrq$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y <blockedofcourse@foo.invalid> Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Thu, 14 Mar 2024 15:38:00 -0700 Organization: A noiseless patient Spider Lines: 55 Message-ID: <usvu8g$1slrq$2@dont-email.me> References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> <usec35$130bu$1@solani.org> <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org> <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org> <gabuui56k0fn9iovps09um30lhiqhvc61t@4ax.com> <usqjih$h74g$1@dont-email.me> <afq1viha37gjs37sprgfb30dfm0m1ok5jh@4ax.com> <ustdn0$176f7$1@dont-email.me> <usv8fu$1nhtm$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Thu, 14 Mar 2024 22:38:09 -0000 (UTC) Injection-Info: dont-email.me; posting-host="11f1a6c097d5e8318048522ef22246c2"; logging-data="1988474"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18SaGEYbqTj++MF3ANnJ8cj" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:Lx0cYziHG2Wr2AoyuC7/wCm/jxY= Content-Language: en-US In-Reply-To: <usv8fu$1nhtm$1@dont-email.me> Bytes: 3705 On 3/14/2024 9:26 AM, Peter wrote: > > Don Y <blockedofcourse@foo.invalid> wrote: > >> (Without having seen them...) Can you create a PNG of a group >> of them arranged in a matrix. Then, a map that allows clicking >> on any *part* of the composite image to provide a more detailed >> "popup" to inspect? >> >> I.e., each individual image is a trip back to the server to >> fetch that image. A single composite could reduce that to >> one fetch with other actions conditional on whether or not >> the user wants "more/finer detail" > > All of this "graphical captcha" stuff is easy to hack if somebody is > out to trash *your* site. If you are *targeted*, then all bets are off. At the end of the day, your adversary could put a REAL HUMAN to the task of hammering away at it. > For example I run some sites and paid someone 1k or so to develop a > graphical captcha. It displayed two numbers as graphic images and you > had to enter their product e.g. 12 x 3 = 36. > > A friend who is an expert at unix spent just a few mins on a script > which used standard unix utilities to do OCR on the page, and you can > guess the rest. But a *bot* wouldn't know that this was an effective attack. It would move on to the next site in its "list" to scrape. If you use a canned/standard(ized) captcha, then a bot can reap rewards learning how to defeat it -- because those efforts will apply to other sites, as well. [Some university did a study of the effectiveness of captchas on human vs. automated clients and found the machines could solve them better/faster than humans] If you want to make something publicly accessible, then you have to assume it will be publicly accessed! I operate a server in stealth mode; it won't show up on network probes so robots/adversaries just skip over the IP and move on to others. Folks who *should* be able to access it know how to "get its attention". Prior to this "enhancement", I delivered content via email request -- ask for something, verify YOU were the entity that issued the request, then I would email it to you. This was replaced with "then I would email a unique LINK to it to you".