Captcha WTF



  •  

    Don't believe it? Look at the HTML Source.. 



  • Wow. 

    Though, Alex P seems to think that Captchas don't deter hackers anymore.  Is what he says true?



  • Looks like a good idea to me.  It's easier to change the format/wording of a text-based captcha than to change the output of an image-based one if the OCR is cracked.  The chances of a spammer revisiting this particular blog's captcha after cracking it once are slim.  Add to that the fact that computers are fairly terrible at following instructions given to them in English, and your spammer isn't likely to be using anything but a regex to do it.




  • Considered Harmful

    I looks like they forgot to escape the surrounding quotes to &quot;r&quot; instead of "r" ...  Or maybe to <a name="secret" rel="captcha">r</a> to help the spambots parse it a little easier.



  • @djork said:

    Looks like a good idea to me.  It's easier to change the format/wording of a text-based captcha than to change the output of an image-based one if the OCR is cracked.  The chances of a spammer revisiting this particular blog's captcha after cracking it once are slim.  Add to that the fact that computers are fairly terrible at following instructions given to them in English, and your spammer isn't likely to be using anything but a regex to do it.

    The smart spammers all use exactly the same technique to beat captchas: they forward it to a "free" porn site and use armies of porn-seeking teenagers to solve them. It defeats any possible variation on a captcha that you can dream up, and it continues to work no matter how you change it on the original site (short of redesigning the whole page). 



  • That sounds like it would work on image-based captchas, but I don't see how their spambot would know what to parse to then pass on the test to the teenagers.  You'd have to create a regex for each individual site. It has been stated above that this is not going to happen except on the most popular sites, such as YouTube.



  • @djork said:

    Looks like a good idea to me.  It's easier to change the format/wording of a text-based captcha than to change the output of an image-based one if the OCR is cracked.  The chances of a spammer revisiting this particular blog's captcha after cracking it once are slim.  Add to that the fact that computers are fairly terrible at following instructions given to them in English, and your spammer isn't likely to be using anything but a regex to do it.

     

    No excuse for requesting everyone to put in "r"



  • @Pap said:

    That sounds like it would work on image-based captchas, but I don't see how their spambot would know what to parse to then pass on the test to the teenagers. You'd have to create a regex for each individual site. It has been stated above that this is not going to happen except on the most popular sites, such as YouTube.

    Just bag the whole div, it's always in the same place in the file. 



  • So wouldn't it be obvious to the "teenager" reviewing the captcha that it's going to be used elsewhere and that they are just being made giant pawns? Or is it more like "WHO CARES? THERE'S FREE PORN!"



  • The real secret to beating spammers is to write your own captcha -- it doesn't matter how good or bad it is. As long as your captcha isn't the same as anyone else's, the economics of spam dictate that the 30 seconds it takes a spammer to customize his bot to defeat it will result in a net loss of money.



  • @Carnildo said:

    The real secret to beating spammers is to write your own captcha -- it doesn't matter how good or bad it is. As long as your captcha isn't the same as anyone else's, the economics of spam dictate that the 30 seconds it takes a spammer to customize his bot to defeat it will result in a net loss of money.

    Your theory fails to account for asshats. 



  • @asuffield said:

    @djork said:

    Looks like a good idea to me.  It's easier to change the format/wording of a text-based captcha than to change the output of an image-based one if the OCR is cracked.  The chances of a spammer revisiting this particular blog's captcha after cracking it once are slim.  Add to that the fact that computers are fairly terrible at following instructions given to them in English, and your spammer isn't likely to be using anything but a regex to do it.

    The smart spammers all use exactly the same technique to beat captchas: they forward it to a "free" porn site and use armies of porn-seeking teenagers to solve them. It defeats any possible variation on a captcha that you can dream up, and it continues to work no matter how you change it on the original site (short of redesigning the whole page). 



    Everyone says this, but has anyone seen an example?  I'd bet that a porn site with captchas would lose its audience pretty quickly.



  • @Cap'n Steve said:

    @asuffield said:

    @djork said:

    Looks like a good idea to me. It's easier to change the format/wording of a text-based captcha than to change the output of an image-based one if the OCR is cracked. The chances of a spammer revisiting this particular blog's captcha after cracking it once are slim. Add to that the fact that computers are fairly terrible at following instructions given to them in English, and your spammer isn't likely to be using anything but a regex to do it.

    The smart spammers all use exactly the same technique to beat captchas: they forward it to a "free" porn site and use armies of porn-seeking teenagers to solve them. It defeats any possible variation on a captcha that you can dream up, and it continues to work no matter how you change it on the original site (short of redesigning the whole page).



    Everyone says this, but has anyone seen an example? I'd bet that a porn site with captchas would lose its audience pretty quickly.

    On the contrary, a site offering FREE PR0N OMG AMAZING BIG B00BS HARDCORE XXX ACTION ALL FREE FREE FREE is certainly going to get an audience, captcha's or no. No-one really cares about having to enter a captcha for a download, Rapidshare and its ilk have made people accustomed to that.

    What is questionable is whether any such site could gain enough audience to even BEGIN to compare to the volume a spammer wants to put out. The concept was originally floated in an academic paper I believe. The problem is likely not that the spammers won't get a lot of people into the scheme, but that even having a lot of people still won't be enough.
     


Log in to reply