Jayson Smith writes: > Thanks for this information. However, I'm not sure this type of > CAPTCHA is very effective any more.
All CAPTCHAs are effective to some degree. Whether a "dumb" text captcha would be effective depends on the sophistication of the attacker. I don't know about the subscription flooders. I have recently seen captchas that produce audio. Perhaps services like Recaptcha can do that. > What seems to be getting more popular is proof of > work based CAPTCHAs where your computer has to solve some type of > mathematical problem which takes a certain amount of time, then > prove to the web server that it found the correct solution, or > CAPTCHAs based on heuristics that try to determine if someone is > more likely to be a real human or a bot. Hashcash is rude to your legit users, and wasteful if Team Malice is not attacking. The heuristic approach is also annoying to real users because it does make mistakes and they typically persist. If they work you can use them, of course, > I also don't quite understand the motivation for subscribe form > flooding. What does the bad actor gain from sending out tons of > subscribe requests to seemingly random people? I don't think we know. -- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
