July 5th, 2008, 08:01 PM
A CAPTCHA is only going to be broken if:
1. It's a common kind of CAPTCHA which is installed on so many sites that someone will put the effort into breaking it
2. It's a very high-value target site, such as gmail or yahoo
In practice for most sites, where neither of the above two applies, nobody will bother breaking it.
If your site looks 99% identical to a zillion others, then your CAPTCHA probably will too (unless you make some custom mods) - so it will be able to get broken.
When I've had bot problems I've typically put in some very lame bot-finding stuff such as adding bot-fodder fields (sometimes hidden ones) to a form - with excellent results.
Truly automated attacks (i.e. ones with NO human input at all) don't get past anything that's at all different from what they've been trained on.
July 5th, 2008, 11:24 PM
January 24th, 2009, 11:44 PM
I guess this is the right place for it.
Last edited by Linen0ise; January 25th, 2009 at 12:01 AM.
January 29th, 2009, 04:04 AM
Right now the only effective attack against RECaptcha (that I know about, at least) is captcha farming. AFAIK you won't see farming attacks against anything less than a major site.
January 29th, 2009, 09:14 AM
I saw the JS OCR code not too long ago as well. From what I have seen most of the ones that have been defeated lately are attacked by flaws in the code behind them letting a user bypass them and not so much an OCR attack like they used to be. Oh the evolution of spam, people need something better to do :-P
By nihil in forum Security News
Last Post: August 11th, 2007, 05:04 PM