Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] CAPTCHA on keitai



On 25/03/2008, Stephen J. Turnbull <stephen@example.com> wrote:

> Why is any hacker with half a brain going to be looking for a field
>  name?  They just look for a type="text" INPUT element in a form
>  containing an IMG element.  That's probably halfway there.

So:

<img src="logo.jpg" />
<form action="login.php" name="login" method="POST">
  <input name="username" type="text" />
  <input name="password" type="password" disabled="disabled" />
  <input name="login" type="submit" value="Login" />
</form>
[...]
<form action="comment.php" name="comment" method="POST">
  <img src="c3f2h2.jpg" />
  Enter the word above and click "Post":
  <input name="vrfy" type="text" />
  <input name="post" type="submit" value="Post" />
</form>

Except that the second form is CSS positioned off the screen, or
blanked out, or overlaid, or otherwise not displayed. It be spambait.
The first form is the real CAPTCHA; the image above it (but not
adjacent in the HTML source; again, use CSS somehow to accomplish
this) contains the instructions and the CAPTCHA word.

-- 
Cheers,
Josh


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links