Jayson Smith writes:

 > Thanks for this information. However, I'm not sure this type of
 > CAPTCHA is very effective any more.

All CAPTCHAs are effective to some degree.  Whether a "dumb" text
captcha would be effective depends on the sophistication of the
attacker.  I don't know about the subscription flooders.

I have recently seen captchas that produce audio.  Perhaps services
like Recaptcha can do that.

 > What seems to be getting more popular is proof of
 > work based CAPTCHAs where your computer has to solve some type of
 > mathematical problem which takes a certain amount of time, then
 > prove to the web server that it found the correct solution, or
 > CAPTCHAs based on heuristics that try to determine if someone is
 > more likely to be a real human or a bot.

Hashcash is rude to your legit users, and wasteful if Team Malice is
not attacking.  The heuristic approach is also annoying to real users
because it does make mistakes and they typically persist.  If they
work you can use them, of course, 

 > I also don't quite understand the motivation for subscribe form 
 > flooding. What does the bad actor gain from sending out tons of 
 > subscribe requests to seemingly random people?

I don't think we know.


-- 
GNU Mailman consultant (installation, migration, customization)
Sirius Open Source    https://www.siriusopensource.com/
Software systems consulting in Europe, North America, and Japan
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
    https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@jab.org

Reply via email to