May 27th, 2008, 08:34 PM
Your CAPTCHAs, They Do Nothing!
CAPTCHAs help to stem the flow of spam on online forms, forums and regristration pages. But hackers are working on ways around them.
CAPTCHA Hacks For Gmail, Blogspot, Craigslist Causing Problems - Search Engine Watch Blog
Here's that TechDirt item...
Seems the hackers have found a way to work around CAPTCHA - the once great hope of stopping bots from spamming. SEW Forum member, Sitetruth
, notes that there are now programs being offered that work around the filter.
So if you notice a lot of spam coming from Gmail accounts and hacks of Blogspot you will know why. Even the spam fight over at Craigslist is getting to be a major problem according to TechDirt
Inside Craigslist's Increasingly Complicated Battle Against Spammers - TechDirt
Granted, this seems Craigslist specific, but on our sites, CAPTCHAs seem to be doing a decent job. What's been your experience? Have you noticed more spam sneaking past?
Several commercial products are now available to overcome those little obstacles to bulk posting. A tool called CL Auto Posting Tool is one such product. It not only posts to Craigslist automatically, it has built-in strategies to overcome each Craigslist anti-spam mechanism.
Random text is added to each spam message to fool Craigslist's duplicate message detector. IP proxy sites are used to post from a wide range of IP addresses. E-mail addresses for reply are Gmail accounts conveniently created by Jiffy Gmail Creator ("Who Else Wants to Create Unlimited Gmail Accounts in Seconds Flat Without Breaking a Sweat?") An OCR system reads the obscured text in the CAPTCHA. Automatic monitoring detects when a posting has been flagged as spam and reposts it.
May 27th, 2008, 08:44 PM
I've noticed a bot, and read a thread about it lol, that will ask a question in a forum about the spam message. works in a little social engineering and makes users reply with what the program is, and ups their google link count (or whatever that's called).
May 28th, 2008, 01:39 AM
I remember reading a while back, that spammers were working on image recognition and automation to get around the
"Completely Automated Public Turing Test to Tell Computers and Humans Apart"
I believe the first such bypass was released in January, and then a second in february. Can't say that I use myspace a lot though, so all i know is that hits spiked at those times.
May 28th, 2008, 01:53 AM
May 28th, 2008, 03:17 AM
I wouldn't say upgraded... rather- changed methods...
I would rather see them break into forums than spam perfectly good craiglist postings.
Just my two cents.
May 28th, 2008, 04:26 AM
There's a disection of PHPBB3 capture breaking here as well as previous blog entries explaining the whole "floodfill" thing to break CAPTCHAs ->
Another interesting one I saw recently explained how to break the Audio CAPTCHA - they say it's much easier to analyse than the graphic one!
May 28th, 2008, 07:30 PM
They stop the older run-of-the-mill bots, they're absolutely useless against the newer breed of bot. So useless fact that there's no point in having a CAPTCHA system any longer for the forums.
June 27th, 2008, 04:25 PM
No way. Opening yourself back up to old attacks because a new attack is bypassing the system is not very logical. The spammers have got smarter. So what? Are you suggesting that they are smarter than those that don't want their solicitation? Somehow I doubt that... If anything, that just means that more steps need to be taken in order to prevent bots from automating processes. I'm certainly up for the challenge.
So useless fact that there's no point in having a CAPTCHA system any longer for the forums.
June 27th, 2008, 04:47 PM
absolutely not. I screen out about 98% of the new breed of bot, but I'm not doing it with a CAPTCHA system. They get past that like it's not even there. The only thing CAPTCHA seems to slow down is spam via the contact us form
June 27th, 2008, 06:02 PM
Even with the CAPTCHA being "broken" I still very rarely get spam on any of my forums/blogs. I used to be zero for the most part, but even now its very rare.
However in terms of spam my company is getting slammed recently by a mountain of backscattering. Apparently it spiked in April/May of this year. My boss was getting hammered by it until I filtered out all NDRs and the like.
It's not a war on drugs it's a war against personal freedoms!
By nihil in forum Security News
Last Post: August 11th, 2007, 05:04 PM