Question for Hackers & Browser Gurus

Good Idea?

  • Forget it... Use CAPTCHA

    Votes: 1 50.0%
  • Might work, but is it worth it?

    Votes: 0 0.0%
  • Novel theory... ;o)

    Votes: 1 50.0%
  • Nice one, sounds like it could work!

    Votes: 0 0.0%
  • I want your code and I work for Facebook!

    Votes: 0 0.0%

  • Total voters
    2
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

allnodcoms

Thread Starter
Joined
Jun 30, 2007
Messages
613
Hi Guys,

Long time no post...

Have a quick question for you all, what fires the javascript events in the browser for user interaction handling?
Here's the pitch, I'm trying to write an automated CAPTCHA equivalent where I can tell whether the form is being submitted by a person or a bot, but I'd like to do it through the user's normal interaction with the form content, rather than add another field specifically for this purpose. Make it completely transparent to the end user, but retain the security against automated sign ups.

I'd do my mystical stuff in response to events such as 'onKeyDown', 'onBlur' or 'onClick' and so on, probably using AJAX to verify the user on the server prior to submission.

So, to cut to the chase - can bots click?

Thanks for reading...

Danny
 

Ent

Josiah
Retired Trusted Advisor
Joined
Apr 11, 2009
Messages
5,467
Certainly an interesting idea.
Unfortunately it would not work for widespread deployment, or on any site worth the bother of attacking. Even if bots cannot click, it would be relatively easy for them to lie to your web server about whether it was clicked (essentially just executing the code in the OnClick).
 

allnodcoms

Thread Starter
Joined
Jun 30, 2007
Messages
613
Cheers Josiah,

I supposed it's a bit like hanging the keys up next to a locked door isn't it?

Nice theory though...

Danny
 
Joined
May 20, 2010
Messages
4,040
Hi,

if you are trying to do this using client side languages, then you are STILL in a risk.
 

TechGuy

Mike
Administrator
Joined
Feb 12, 1999
Messages
14,947
Sorry to dig up this thread, but I wanted to add that you'll want to be considerate of visually impaired users who might be using the site with a screen reader, etc. They may not be clicking in fields at all, but tabbing between them. Depending on what events you watch, you may or may not pick them up.

If this is for a relatively small site that is unlikely to have code written specifically against it, then I suspect anything you can do to create a custom human-verification method would help a great deal. For the most part, bots are written to go after very common software (Wordpress, vBulletin, etc) so that it can attack thousands of sites. Of course, if you're writing code for my bank's web site, I'll change my opinion. :)
 

allnodcoms

Thread Starter
Joined
Jun 30, 2007
Messages
613
Thanks for the reply. I'd considered the other ways of "logging in" and "signing up" - The browser's "remember me" and so on (no clicking, no tabbing - just the OK button), but a good point.

The site this is intended for is a small one, and not likely to grow beyond a few hundred users any time soon, and it's complete custom build, no libraries, all hand coded PHP. If I do have a play with this idea it is highly unlikely to find it's way into any financial institutions, but just to be sure I don't wind up compromising your account access, if you could forward your account number, secret question and inside leg measurement I'll ensure you continue to enjoy trouble free banking ;)

Cheers Again...

Danny
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top