[Nfb-web] Captias, perhaps a blind-friendly approach?

Peter Donahue pdonahue1 at sbcglobal.net
Mon Apr 16 13:19:56 CDT 2007 

Good afternoon everyone,

    From time-to-time the topic of captias comes up on our e-mail lists. I
wanted to share the following correspondence with you concerning a post on
the Coldfusion-Talk List between a gentleman wanting to install a captia on
one of his Web sites to secure his forms. He appears to be taking an
approach similar to that of one discussed last week. The captia generates a
random question that is simple in nature and gives the visitor a choice of
possible answers to fill in. The application then checks to ensure that the
answer is correct before granting access to the protected areas of his Web
site.  The original post and my reply to it appear below.

    Less's statements would indicate that this captia approach to stopping
bots from gaining access to these site secure areas is far more effective
than the traditional approach of asking one to copy a string of letters or
numbers in an image in to an edit field before granting access to the site's
protected content. It's great to know that others are beginning to reinvent
this technology for better Web site and application security, and possibly
solving the problems we as screen reader users have faced with these things
over the years. This is definitely a development to follow.

Peter Donahue

----- Original Message ----- 
From: "Les Mizzell" <lesmizz at bellsouth.net>
To: "CF-Talk" <cf-talk at houseoffusion.com>
Sent: Monday, April 16, 2007 9:30 AM
Subject: Re: CF CAPTCHA - need help!


Though I'm using captcha solutions for most of my main clients (and
server side too, thank you), I've been toying around with ideas on a
smaller site or two owned by myself just to see what would happen.

A very simple "Does a cow "moo", "bark", "howl", "mew" or "whistle"?"
question with a blank to write in the correct answer with a simple cfif
after submission to check for the correct response has, for over a
month, stopped 100% of the form spams I was getting. I have an email
alert sent to myself just so I can see what's hitting the form, and it's
10 to 20 bots a day...

For a second test, I've placed a "fake" form in front of the real one
and hidden it with CSS. The form bots fill this one out, and never get
to the real form on the page. It's been 100% effective as well against
10 to 20 bots a day...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Create robust enterprise, web RIAs.
Upgrade & integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275366
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=28041.19949.4


----- Original Message ----- 
From: "Peter Donahue" <pdonahue1 at sbcglobal.net>
To: <cf-talk at houseoffusion.com>
Sent: Monday, April 16, 2007 1:04 PM
Subject: Re: CF CAPTCHA - need help!


Hello Less and listers,

I applaud your approach with this captia solution. As one who uses a screen
reader to access applications and Web sites these captias are a real problem
for those who must use this technology to gain access to secured areas of a
Web site. The traditional, "Copy the letters/numbers you see in to the field
below" captia effectively locks blind people out of areas of Web sites and
computer applications where this type of captia is used. Having a captia
that displays a text string that can be read by screen readers that asks a
question and provides one with an edit field to write their answer would
allow you to secure your forms and still make it possible for blind persons
using screen reading software to gain full access to protected areas of your
Web site. Since traditional captia information is presented as an OCR image
these cannot be read by screen readers, but text strings can.

    If you're able to create a CF Captia I'd love to see the code myself and
would consider using it on my Web sites as well. I'll be following this
thread with interest.

Peter Donahue

----- Original Message ----- 
From: "Les Mizzell" <lesmizz at bellsouth.net>
To: "CF-Talk" <cf-talk at houseoffusion.com>
Sent: Monday, April 16, 2007 9:30 AM
Subject: Re: CF CAPTCHA - need help!


Though I'm using captcha solutions for most of my main clients (and
server side too, thank you), I've been toying around with ideas on a
smaller site or two owned by myself just to see what would happen.

A very simple "Does a cow "moo", "bark", "howl", "mew" or "whistle"?"
question with a blank to write in the correct answer with a simple cfif
after submission to check for the correct response has, for over a
month, stopped 100% of the form spams I was getting. I have an email
alert sent to myself just so I can see what's hitting the form, and it's
10 to 20 bots a day...

For a second test, I've placed a "fake" form in front of the real one
and hidden it with CSS. The form bots fill this one out, and never get
to the real form on the page. It's been 100% effective as well against
10 to 20 bots a day...



----- Original Message ----- 
From: "Peter Donahue" <pdonahue1 at sbcglobal.net>
To: <cf-talk at houseoffusion.com>
Sent: Monday, April 16, 2007 1:04 PM
Subject: Re: CF CAPTCHA - need help!


Hello Less and listers,

I applaud your approach with this captia solution. As one who uses a screen
reader to access applications and Web sites these captias are a real problem
for those who must use this technology to gain access to secured areas of a
Web site. The traditional, "Copy the letters/numbers you see in to the field
below" captia effectively locks blind people out of areas of Web sites and
computer applications where this type of captia is used. Having a captia
that displays a text string that can be read by screen readers that asks a
question and provides one with an edit field to write their answer would
allow you to secure your forms and still make it possible for blind persons
using screen reading software to gain full access to protected areas of your
Web site. Since traditional captia information is presented as an OCR image
these cannot be read by screen readers, but text strings can.

    If you're able to create a CF Captia I'd love to see the code myself and
would consider using it on my Web sites as well. I'll be following this
thread with interest.

Peter Donahue

More information about the Nfb-web mailing list