1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Question for Hackers & Browser Gurus

Discussion in 'Web Design & Development' started by allnodcoms, Nov 2, 2011.

?

Good Idea?

  1. Forget it... Use CAPTCHA

    1 vote(s)
    50.0%
  2. Might work, but is it worth it?

    0 vote(s)
    0.0%
  3. Novel theory... ;o)

    1 vote(s)
    50.0%
  4. Nice one, sounds like it could work!

    0 vote(s)
    0.0%
  5. I want your code and I work for Facebook!

    0 vote(s)
    0.0%
Thread Status:
Not open for further replies.
Advertisement
  1. allnodcoms

    allnodcoms Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    613
    Hi Guys,

    Long time no post...

    Have a quick question for you all, what fires the javascript events in the browser for user interaction handling?
    Here's the pitch, I'm trying to write an automated CAPTCHA equivalent where I can tell whether the form is being submitted by a person or a bot, but I'd like to do it through the user's normal interaction with the form content, rather than add another field specifically for this purpose. Make it completely transparent to the end user, but retain the security against automated sign ups.

    I'd do my mystical stuff in response to events such as 'onKeyDown', 'onBlur' or 'onClick' and so on, probably using AJAX to verify the user on the server prior to submission.

    So, to cut to the chase - can bots click?

    Thanks for reading...

    Danny
     
  2. Ent

    Ent Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,467
    First Name:
    Josiah
    Certainly an interesting idea.
    Unfortunately it would not work for widespread deployment, or on any site worth the bother of attacking. Even if bots cannot click, it would be relatively easy for them to lie to your web server about whether it was clicked (essentially just executing the code in the OnClick).
     
  3. allnodcoms

    allnodcoms Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    613
    Cheers Josiah,

    I supposed it's a bit like hanging the keys up next to a locked door isn't it?

    Nice theory though...

    Danny
     
  4. sepala

    sepala

    Joined:
    May 20, 2010
    Messages:
    4,038
    Hi,

    if you are trying to do this using client side languages, then you are STILL in a risk.
     
  5. TechGuy

    TechGuy Administrator

    Joined:
    Feb 12, 1999
    Messages:
    14,322
    First Name:
    Mike
    Sorry to dig up this thread, but I wanted to add that you'll want to be considerate of visually impaired users who might be using the site with a screen reader, etc. They may not be clicking in fields at all, but tabbing between them. Depending on what events you watch, you may or may not pick them up.

    If this is for a relatively small site that is unlikely to have code written specifically against it, then I suspect anything you can do to create a custom human-verification method would help a great deal. For the most part, bots are written to go after very common software (Wordpress, vBulletin, etc) so that it can attack thousands of sites. Of course, if you're writing code for my bank's web site, I'll change my opinion. :)
     
  6. allnodcoms

    allnodcoms Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    613
    Thanks for the reply. I'd considered the other ways of "logging in" and "signing up" - The browser's "remember me" and so on (no clicking, no tabbing - just the OK button), but a good point.

    The site this is intended for is a small one, and not likely to grow beyond a few hundred users any time soon, and it's complete custom build, no libraries, all hand coded PHP. If I do have a play with this idea it is highly unlikely to find it's way into any financial institutions, but just to be sure I don't wind up compromising your account access, if you could forward your account number, secret question and inside leg measurement I'll ensure you continue to enjoy trouble free banking ;)

    Cheers Again...

    Danny
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025099

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice