[PLUG] "Enter email address" CGI code for web page

Keith Lofstrom keithl at kl-ic.com
Tue Feb 21 03:52:27 UTC 2006 

> On 2/20/06, Keith Lofstrom <keithl at kl-ic.com> wrote:
> > I would like to set up an "enter your email, and interpret the
> > screwy looking text in this box" authenticator form to my web
> > pages, so a human being whose mailer gets trapped by the graylisting
> > can whitelist themselves.  This would also be an easy way for me
> > to whitelist somebody from an insecure remote site.
> >
> > I could pungle something up, but this seems like such a common task
> > that somebody somewhere has already written some code for it.  Does
> > anyone know of such code (Perl preferred)?  Suggestions for the proper
> > google search words?   Any sites that elegantly use such a feature
> > that I might at least mimic?  I could probably extract something
> > from slashcode ...
> >
> > I will also need a Perl snippet that verifies a correctly formed
> > email address;  if that is not attached to the code above, I can
> > probably find that somewhere on CPAN.

On Mon, Feb 20, 2006 at 10:18:27PM -0500, drew wymore wrote:
> Hi Keith-
> I think this should do the trick.
> 
> http://en.wikipedia.org/wiki/Captcha

Great pointer - the magic word is "CAPTCHA", (an acronym for "Completely
Automated Public Turing test to tell Computers and Humans Apart").  The
Wikipedia article goes into it at great length, points at coding examples,
and points out that there are some laboratory demonstrations of cracking
techniques, as well as problems for blind folks. 

One of the cool pointers is to http://captchas.net/ , a free site that
provides both visual and audio captchas (for the blind) that I can link
a Perl program to.  That seems like the easiest way to provide an 
accessable page, reduce dependencies, and let somebody else keep the
technology updated.  If they go away, there are other options.

It is not like this must be absolutely great - if a spammer decides to
burn valuable compute resources cracking my captchas, they have earned
the right to get through greylisting and talk to spamassassin.  Further,
since I expect this to be used rather rarely, a burst of usage probably
indicates abuse, and I can simply throw those addresses away, or perhaps
use them to Detect Crimes.  It is unlikely that I will have to worry 
about it - spammers have higher value victims.

Keith

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs

More information about the PLUG mailing list