hack my script!

[Nosferatu666rules]

I don't know if this is the right place to put this, but i thought it was,

anyhow, recently i've been playing an online game and i got anoyed by all the 'type the letters you see in the image' validation kind, of course its an effective way to keep bots out but there HAS to be a better way!

Since i know some PHP, i thought i'd go and create a validation system myself, that would NOT include any images, but would still keep bots away. However, now that it is done.. i have no good way of testing the method, since i personaly don't see a way to crack my system, but that could very well be because my hacking skills are just not that great,

so, i come to you guys, i uploaded the script in a hope to find somebody that could agree with me that this is a good alternative.

http://writtentruth.net78.net/validate/

if you do it right, you see a text saying your human, if you do it wrong, it'll say your a bot,
you have endless tries since i didn't include a counter. after all, if i would implement this system in a REAL site, i would ban that IP the second he'd fail.

thanx in advance!

greetz, nosferatu

[godofcereal]

mmm Im god not a human.

[Nosferatu666rules]

humankind was made after gods image, so i don't think it should matter too much

[AtlasDark]

In that case, we'd need an "I'm an admin!" button.

[eljonto]

First off there are many ways of 'clicking' form buttons from programming languages so all the bot would have to do is loop and click the buttons in order, proceeding when it reaches the page with only one button. Secondly, why would anyone want to stick a validation system on their site that's just 100 or so buttons- it's very unsecure and looks ugly and unprofessional - atm the best validation system IMO is the type of captcha that HTS uses if you type your password in wrong- Infinelty harder than clicking a bunch of buttons.

[Nosferatu666rules]

you are very wrong in this,

the 'right' button is changed every time you come to the page, and since you can reconize whether a wrong button has been clicked, you can immidiatly block that ip address since a normal user would never press the wrong button,

yes, the html doesn't look that great, though with a bit of styling you could make it look a bit better, of course, not by much.

BUT

my problem with the standard validation is that alot of people can't read such an image because they currently don't wear their glases for instance, my father (52 of age) has been blocked several times on a site because those images are just too hard to read for him.
i myself don't have that problem, still, i find it very anoying since i am no bot, so why should i do something to proove it, the good suffers thanx to the bad.

a simple loop will not beat my script, you would need to read the css to find out which button is the right one, however, you can not read the css without FIRST reading the normal page, if you acces the css file yourself, you will not get the wanted information.

[eljonto]

When i went to the site and saw the hundred or so buttons lined up i couldn't tell by looking which was the correct button so if the user makes a simple mistake then their ip is blocked, disallowing them to access the website. ATM when i go to your site there's only one button now and that is the correct one- making it even easier still for a bot to use. If it ever came between choosing to use a captcha system or this system- guess which one the vast majority would choose. Although i admire your effort in creating this system i suggest you try again.

[Nosferatu666rules]

if you see the hundred buttons then something went wrong in the css, small bug i guess,

anyway, i found the anwser to beating my system a few days ago,

a bot would have a very hard time finding the correct button, it would need to go trough the css so its not impossible, however, if a bot would just use a pixel-click technique, then my system is just as save as no security system at all.

meaning my system is hard to crack only when bots don't go pixel clicking... i doubt that the majority of hackers out there who doesn't know how to make such a thing

still, my system is just fine for simple contact / guestbook forms, because a hacker needs to pay specific attention to this script, which with most contact / guestbook forms just isn't worth the time.

[eljonto]

yes- I didn't realise the first time i viewed it it was a bug- but yes, even a simple macro could beat this- but not a bad idea.