|
14 Jun 2004, 17:21
|
#1
|
Dawsons Creek r0x
Join Date: May 2004
Location: Trondheim
Posts: 83
|
Anti-bot questions to login page
Any chance we could move the security check (anti-bot question, or whatever you call that page that I get after I put my user/pass) to the same page as the login please. Annoys the hell out of me that there is 2 different pages. Shouldnt be so hard to just have 1!
In advance, thank you
YUPPY - Dedicated gamer since.. hmm.. a long time !
__________________
Proud Dawsons Creek fan
[1up]
Round5 - 16:23
Round11 - 21:1
Round12 - 22:5
|
|
|
14 Jun 2004, 17:59
|
#2
|
Emperor
Join Date: Jul 2001
Location: in front of a computer
Posts: 490
|
Re: Anti-bot questions to login page
Im not sure if i understood you right - you want the entry field for username, password and anti-bot question on the same page? So you can fill out all three fields at once?
In that case, here is a pseudo-code script of the dumbest bot in the world:
10 load pa login page
20 check if question is "a printer is something which prints text or objects onto paper, or grass?" and GOTO 10 if it isnt
30 fillout bot-answer "paper" and login fields
mmmh
|
|
|
14 Jun 2004, 18:00
|
#3
|
Evil has returned
Join Date: Aug 2003
Location: eta 4 from you
Posts: 384
|
Re: Anti-bot questions to login page
'i agree'
__________________
[ 1u p] WoW Player
Quote:
Originally Posted by BloodyButcher
LCH is too far away, now they are the same roid amout as 1up
|
|
|
|
14 Jun 2004, 18:01
|
#4
|
TringTring
Join Date: Mar 2001
Location: Amsterdam, The Netherlands
Posts: 63
|
Re: Anti-bot questions to login page
Would be handy indeed.
I know planeti/\ does it on the same page.
__________________
All we seek is justice, without justice there can be no peace.
Rnd 3 : 39:23:13 CpV
Rnd 4 : ?:?:? Bluetuba
Rnd 5 : 30:25 VtS
Rnd 6 : 28:9:? VtS
Rnd 7 : 17:6:3 VtS
Rnd 8 : 31:2 Adelante / Fury
Rnd 9 : ?:? Eclipse
Rnd 10 : ?
|
|
|
14 Jun 2004, 18:20
|
#5
|
Dawsons Creek r0x
Join Date: May 2004
Location: Trondheim
Posts: 83
|
Re: Anti-bot questions to login page
Quote:
Originally Posted by Ramihyn
Im not sure if i understood you right - you want the entry field for username, password and anti-bot question on the same page? So you can fill out all three fields at once?
In that case, here is a pseudo-code script of the dumbest bot in the world:
10 load pa login page
20 check if question is "a printer is something which prints text or objects onto paper, or grass?" and GOTO 10 if it isnt
30 fillout bot-answer "paper" and login fields
mmmh
|
If a bot actually was able to read the picture, wouldnt it just calc out all the stupid math questions?
I think the entire point of having a picture instead of plain txt is that a bot cant read it..
__________________
Proud Dawsons Creek fan
[1up]
Round5 - 16:23
Round11 - 21:1
Round12 - 22:5
|
|
|
14 Jun 2004, 18:35
|
#6
|
¯¯¯¯¯¯¯¯¯
Join Date: May 2001
Location: Sept 2057
Posts: 1,813
|
Re: Anti-bot questions to login page
The admins are seriously naive if they think no bot could answer these questions with a reasonable success rate. It's just another half-assed attempt at fixing a problem which ends up annoying the users.
__________________
in my sig i write down all my previous co-ords and alliance positions as if they matter because I'm not important enough to be remembered by nickname alone.
|
|
|
14 Jun 2004, 18:38
|
#7
|
Dawsons Creek r0x
Join Date: May 2004
Location: Trondheim
Posts: 83
|
Re: Anti-bot questions to login page
Thats my point. It annoys me. Wouldnt annoy me as much if it was on the same page as login... It takes time, and its incredibly annoying
__________________
Proud Dawsons Creek fan
[1up]
Round5 - 16:23
Round11 - 21:1
Round12 - 22:5
|
|
|
14 Jun 2004, 18:41
|
#8
|
Emperor
Join Date: Jul 2001
Location: in front of a computer
Posts: 490
|
Re: Anti-bot questions to login page
Quote:
Originally Posted by yupster
If a bot actually was able to read the picture, wouldnt it just calc out all the stupid math questions?
|
It could do that. Thats why AFAIK the ppl who do the questions, prefer the common knowledge questions a lot. As they "assume" that a bot would need to use a maintained database with answers to login.
However, my basic point is that if the page is combined, a bot could load the login page hundreds of times without penalty while it looks for the one question it can answer. Ofc. you could argue that this would be the best bot-detection ever - just look for those which do hundreds of reloads before loging in without error
Quote:
Originally Posted by yupster
I think the entire point of having a picture instead of plain txt is that a bot cant read it..
|
The thing is that it is very very simple to detect a single previously known question. If somebody really has no clue about detecting characters in a gfx, they could simply take a long question like the one i mentioned, manually remove all the disturbing lines and then keep loading the login page till they find a question where all dot's of their known question are set in the anti-bot gfx. That would be dead-simple and unless there is a longer question which contains the same text in the beginning, it should have a 0% error rate.
Basically with the current way how the questions are rendered, your suggestion would rip a huge hole into the whole anti-bot security. I guess i have to look if planeti/\ are n00bish enough to do that
ps : if you arent able to program, you can use small free/shareware tools to compare the login gfx question and your stored manually edited one. Tools which tell you how "equal" a gfx is. So it would boil down to 10 minutes of scripting.
|
|
|
14 Jun 2004, 18:55
|
#9
|
Dawsons Creek r0x
Join Date: May 2004
Location: Trondheim
Posts: 83
|
Re: Anti-bot questions to login page
What the other game does or doesnt do, have nothing to do with this.
If it actually would make security worse, the current way might be the best.. However, I dont like it
__________________
Proud Dawsons Creek fan
[1up]
Round5 - 16:23
Round11 - 21:1
Round12 - 22:5
|
|
|
14 Jun 2004, 20:58
|
#10
|
[WP]
Join Date: Apr 2004
Location: England
Posts: 44
|
Re: Anti-bot questions to login page
Quote:
Originally Posted by Ramihyn
you could argue that this would be the best bot-detection ever - just look for those which do hundreds of reloads before loging in without error
|
Isn't that why the system blocks the account after a couple of incorrect answers?
__________________
Spaced ~ PA n00b R2 - R11
Ex [WP] Peon
Ex [NoS] Officer
Ex [Coven] Officer
Ex [=V=] Whore
Ex [Ely] Peon
Nom de Dieu de putain de bordel de merde de saloperie de connard d'enculé de ta mère! You see, it's like wiping your arse with silk, I love it.
|
|
|
14 Jun 2004, 23:18
|
#11
|
Emperor
Join Date: Jul 2001
Location: in front of a computer
Posts: 490
|
Re: Anti-bot questions to login page
Quote:
Originally Posted by Spaced
Isn't that why the system blocks the account after a couple of incorrect answers?
|
That is the whole problem with this suggestion. If you put the login/password and anti-bot question on the same page, a bot/script can see if he likes the question before having to give the username/pwd. So it simply reloads the page to get a different question and how is PA supposed to apply a penalty like "only 10 tries" to a user account if the bot never gives a user/pwd before he knows the answer?
By connection/session/IP tracking?
|
|
|
15 Jun 2004, 04:37
|
#12
|
I dunno...
Join Date: Jun 2003
Location: manchester
Posts: 1,502
|
Re: Anti-bot questions to login page
You know, perhaps it would be handy to have the questions on the login page itself, but I must admit, I'm not sure I get as annoyed as some of you about the questions themselves.
__________________
He shall drink naught but brine, for I'll not show him / Where the quick freshes are.
|
|
|
15 Jun 2004, 06:50
|
#13
|
Got my villain necktie
Join Date: Jun 2004
Posts: 21
|
Re: Anti-bot questions to login page
it takes all of ****ing 3 seconds to log in, now unless you have mutiple accounts this shouldnt really bother you.
|
|
|
15 Jun 2004, 10:33
|
#14
|
#planetarion
Join Date: Feb 2002
Location: Birmingham, UK
Posts: 1,538
|
Re: Anti-bot questions to login page
The questions are on a different page to the user-name and password, because it allows us to verify them first. When a question is subsequently got wrong we can then add it to the right count. If they were all on the same page then anyone who got a question they couldn't answer would just not fill in their details, meaning that the "10 strikes and you're locked for a tick or two" rule would be pointless. I'm sure that it probably could be done on the same page in some way, but I don't see any particular reason to change it.
__________________
- A2
|
|
|
15 Jun 2004, 11:17
|
#15
|
Dawsons Creek r0x
Join Date: May 2004
Location: Trondheim
Posts: 83
|
Re: Anti-bot questions to login page
Cause its annoying
__________________
Proud Dawsons Creek fan
[1up]
Round5 - 16:23
Round11 - 21:1
Round12 - 22:5
|
|
|
15 Jun 2004, 11:24
|
#16
|
PA Team
Join Date: Oct 2003
Posts: 7,449
|
Re: Anti-bot questions to login page
5-10 seconds of your time, or making it 100 times easier to make a bot. difficult decision
|
|
|
15 Jun 2004, 14:33
|
#17
|
Emperor
Join Date: Jul 2001
Location: in front of a computer
Posts: 490
|
Re: Anti-bot questions to login page
Quote:
Originally Posted by yupster
What the other game does or doesnt do, have nothing to do with this.
|
Indeed - however i now looked at the login page of that other game and couldnt believe it. I made some screenshots for my "Completely pointless implementations" collection and highly recommend that "protection" for any cracker/botcoder who needs a quick and easy success.
Hi la ri ous
|
|
|
15 Jun 2004, 15:28
|
#18
|
Jolt's best friend
Join Date: Feb 2003
Posts: 2,101
|
Re: Anti-bot questions to login page
you're all ranting as thought the bot questions achieve something anyway...
-mist
|
|
|
15 Jun 2004, 17:37
|
#19
|
l337 Beyond Repair
Join Date: Apr 2004
Posts: 16
|
Re: Anti-bot questions to login page
Have the picture on the same page... BUT, have the text be harder for the computer to read. ATM it seems like all we have is two random lines. You should be able to change the font, where it actually is written in the image, the color, make the words twist around, distort the words, etc.
ATM it would be so easy just to count the pixels vertically to see what letters you have, any idiot can see that. But if you have *real* images with words w/ different fonts that twist, that would be really had to figure out how to get a bot through.
Writing the code to generate these images is easy....
|
|
|
|
All times are GMT +1. The time now is 14:20.
| |