1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest jQuery Draggable Captcha

Discussion in 'Closed Suggestions' started by Floren, Jul 11, 2013.

  1. Floren

    Floren Well-Known Member

    Last edited: Jul 11, 2013
    Vincent likes this.
  2. Forsaken

    Forsaken Well-Known Member

    This won't stop bots for long because it's easy enough to detect the shape and trace it.

    It also brings up usability issues for people with sight disabilities; while it won't effect the majority it makes registration impossible for those that that cannot see or have issues seeing.
     
    Jeremy likes this.
  3. Arantor

    Arantor Active Member

    It's worse than that, actually. Most of them don't even require tracing.

    I won't point out the exact details but let's just quickly examine them. Remember: bots won't be using JavaScript and all the fancy rules that you can implement against 'users' suddenly become irrelevant. Bots are also quite capable of sending AJAX requests these days.

    ajax-fancy-captcha: When the CAPTCHA is loaded, an AJAX call is required. All a bot has to do is identify the CAPTCHA in use and it will trivially know how to query the server to get the answer to submit the second time.

    qaptcha: A server just has to identify which CAPTCHA it is, and identify one variable within the <form> and make an AJAX call with that to set up a session variable, then update one variable in the POST variables before sending onwards.

    motioncaptcha: The form's action variable is removed but it's buried inside the form itself for the CAPTCHA to insert it... there's no security here. There's no server side component whatsoever so you're *totally* reliant on the form variable not being found by a bot.

    dragcaptcha: Again, totally on the client side. Bots will totally ignore this.
     

Share This Page