Your CAPTCHAs, They Do Nothing! - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Your CAPTCHAs, They Do Nothing!

  1. #11
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    A CAPTCHA is only going to be broken if:

    1. It's a common kind of CAPTCHA which is installed on so many sites that someone will put the effort into breaking it
    2. It's a very high-value target site, such as gmail or yahoo

    In practice for most sites, where neither of the above two applies, nobody will bother breaking it.

    If your site looks 99% identical to a zillion others, then your CAPTCHA probably will too (unless you make some custom mods) - so it will be able to get broken.

    When I've had bot problems I've typically put in some very lame bot-finding stuff such as adding bot-fodder fields (sometimes hidden ones) to a form - with excellent results.

    Truly automated attacks (i.e. ones with NO human input at all) don't get past anything that's at all different from what they've been trained on.

    Slarty

  2. #12
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Are you running a forum?

  3. #13
    Banned
    Join Date
    Nov 2002
    Posts
    677
    An author just released a new script to defeat this web defense. He programmed OCR features in under 440 lines of javascript.

    I guess this is the right place for it.

    http://ejohn.org/blog/ocr-and-neural...in-javascript/
    and
    http://userscripts.org/scripts/show/38736
    Last edited by Linen0ise; January 24th, 2009 at 11:01 PM.

  4. #14
    http://recaptcha.net

    Right now the only effective attack against RECaptcha (that I know about, at least) is captcha farming. AFAIK you won't see farming attacks against anything less than a major site.

  5. #15
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    I saw the JS OCR code not too long ago as well. From what I have seen most of the ones that have been defeated lately are attacked by flaws in the code behind them letting a user bypass them and not so much an OCR attack like they used to be. Oh the evolution of spam, people need something better to do :-P

Similar Threads

  1. Kittens kill Spammers?
    By nihil in forum Security News
    Replies: 4
    Last Post: August 11th, 2007, 04:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides