09-04-2011, 03:28 AM
I took a critical look at the registration/captcha mechanism today. The key problem that I can see is that it allows the potential hacker to get multiple tries at solving the same captcha image. I looked in the logs, and saw multiple failures on a few suspicious user names before success if they succeeded. Some would-be hackers (or possible newbies, I suppose) gave up. My guess is as you make the captcha image harder it takes more attempts to get it right.
Ideally, if you have a failure, then that Captcha image should be retired and a new one generated so that multiple attempts cannot be made on a single image. Well, I have the software and it is open source, perhaps I could submit a Patch... First, I need to get it working on my computer.
Ideally, if you have a failure, then that Captcha image should be retired and a new one generated so that multiple attempts cannot be made on a single image. Well, I have the software and it is open source, perhaps I could submit a Patch... First, I need to get it working on my computer.