lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]



On Oct 02, 2007, at 12:57, Philippe Lhoste wrote:

On 25/09/2007 19:30, PA wrote:
"Stopping spambots with hashes and honeypots"
-- Ned Batchelder, 21 January 2007
http://www.nedbatchelder.com/text/stopbots.html

Very interesting method! Thanks for sharing.

FWIW, here is a first shot at implementing the randomized hashing part of the technic...

local Token = require( 'Token' )
local aToken = Token( 'http://localhost:1080/sputnik-program' )

print( aToken[ 'title' ] )
print( aToken[ 'content' ] )

> eH
> AIAF

The argument to the Token constructor is something like the URL of the page you are editing (e.g. 'http://localhost:1080/sputnik-program'). This will be used as a seed for the token generator. You then request a token for a given field identifier (e.g. field name 'title' is mapped to 'eH'). You use that token to identify your input field both when generating the response as well as when processing the request. In other words, the token is a translation map between external identifiers (random) and internal ones (fix).

For a given prefix, the tokens generated change every 12 hours. It internally uses LHF's lrandom and lmd5 [1][2].

This is rather experimental at the moment, so let me know what you think.

http://dev.alt.textdrive.com/browser/HTTP/Token.lua

Cheers,

PA.

[1] http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/#lrandom
[2] http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/#lmd5