Anti-bot questions to login page

[yupster]

Any chance we could move the security check (anti-bot question, or whatever you call that page that I get after I put my user/pass) to the same page as the login please. Annoys the hell out of me that there is 2 different pages. Shouldnt be so hard to just have 1!

In advance, thank you

YUPPY - Dedicated gamer since.. hmm.. a long time !

[Ramihyn]

Im not sure if i understood you right - you want the entry field for username, password and anti-bot question on the same page? So you can fill out all three fields at once?

In that case, here is a pseudo-code script of the dumbest bot in the world:

10 load pa login page
20 check if question is "a printer is something which prints text or objects onto paper, or grass?" and GOTO 10 if it isnt
30 fillout bot-answer "paper" and login fields

mmmh

[AzureWrath]

'i agree'

[Damon]

Would be handy indeed.
I know planeti/\ does it on the same page.

[yupster]

Quote:

Originally Posted by Ramihyn

Im not sure if i understood you right - you want the entry field for username, password and anti-bot question on the same page? So you can fill out all three fields at once?

In that case, here is a pseudo-code script of the dumbest bot in the world:

10 load pa login page
20 check if question is "a printer is something which prints text or objects onto paper, or grass?" and GOTO 10 if it isnt
30 fillout bot-answer "paper" and login fields

mmmh

If a bot actually was able to read the picture, wouldnt it just calc out all the stupid math questions?

I think the entire point of having a picture instead of plain txt is that a bot cant read it..

[xtothez]

The admins are seriously naive if they think no bot could answer these questions with a reasonable success rate. It's just another half-assed attempt at fixing a problem which ends up annoying the users.

[yupster]

Thats my point. It annoys me. Wouldnt annoy me as much if it was on the same page as login... It takes time, and its incredibly annoying

[Ramihyn]

Quote:

Originally Posted by yupster

If a bot actually was able to read the picture, wouldnt it just calc out all the stupid math questions?

It could do that. Thats why AFAIK the ppl who do the questions, prefer the common knowledge questions a lot. As they "assume" that a bot would need to use a maintained database with answers to login.

However, my basic point is that if the page is combined, a bot could load the login page hundreds of times without penalty while it looks for the one question it can answer. Ofc. you could argue that this would be the best bot-detection ever - just look for those which do hundreds of reloads before loging in without error

Quote:

Originally Posted by yupster

I think the entire point of having a picture instead of plain txt is that a bot cant read it..

The thing is that it is very very simple to detect a single previously known question. If somebody really has no clue about detecting characters in a gfx, they could simply take a long question like the one i mentioned, manually remove all the disturbing lines and then keep loading the login page till they find a question where all dot's of their known question are set in the anti-bot gfx. That would be dead-simple and unless there is a longer question which contains the same text in the beginning, it should have a 0% error rate.

Basically with the current way how the questions are rendered, your suggestion would rip a huge hole into the whole anti-bot security. I guess i have to look if planeti/\ are n00bish enough to do that

ps : if you arent able to program, you can use small free/shareware tools to compare the login gfx question and your stored manually edited one. Tools which tell you how "equal" a gfx is. So it would boil down to 10 minutes of scripting.

[yupster]

What the other game does or doesnt do, have nothing to do with this.

If it actually would make security worse, the current way might be the best.. However, I dont like it

[Spaced]

Quote:

Originally Posted by Ramihyn

you could argue that this would be the best bot-detection ever - just look for those which do hundreds of reloads before loging in without error

Isn't that why the system blocks the account after a couple of incorrect answers?

[Ramihyn]

Quote:

Originally Posted by Spaced

Isn't that why the system blocks the account after a couple of incorrect answers?

That is the whole problem with this suggestion. If you put the login/password and anti-bot question on the same page, a bot/script can see if he likes the question before having to give the username/pwd. So it simply reloads the page to get a different question and how is PA supposed to apply a penalty like "only 10 tries" to a user account if the bot never gives a user/pwd before he knows the answer?

By connection/session/IP tracking?

[Boogster]

You know, perhaps it would be handy to have the questions on the login page itself, but I must admit, I'm not sure I get as annoyed as some of you about the questions themselves.

[thaeter]

it takes all of ****ing 3 seconds to log in, now unless you have mutiple accounts this shouldnt really bother you.

[A2]

The questions are on a different page to the user-name and password, because it allows us to verify them first. When a question is subsequently got wrong we can then add it to the right count. If they were all on the same page then anyone who got a question they couldn't answer would just not fill in their details, meaning that the "10 strikes and you're locked for a tick or two" rule would be pointless. I'm sure that it probably could be done on the same page in some way, but I don't see any particular reason to change it.

[yupster]

Cause its annoying

[Appocomaster]

5-10 seconds of your time, or making it 100 times easier to make a bot. difficult decision

[Ramihyn]

Quote:

Originally Posted by yupster

What the other game does or doesnt do, have nothing to do with this.

Indeed - however i now looked at the login page of that other game and couldnt believe it. I made some screenshots for my "Completely pointless implementations" collection and highly recommend that "protection" for any cracker/botcoder who needs a quick and easy success.

Hi la ri ous

[mist]

you're all ranting as thought the bot questions achieve something anyway...

-mist

[Quanticles]

Have the picture on the same page... BUT, have the text be harder for the computer to read. ATM it seems like all we have is two random lines. You should be able to change the font, where it actually is written in the image, the color, make the words twist around, distort the words, etc.

ATM it would be so easy just to count the pixels vertically to see what letters you have, any idiot can see that. But if you have *real* images with words w/ different fonts that twist, that would be really had to figure out how to get a bot through.

Writing the code to generate these images is easy....