Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Your CAPTCHAs, They Do Nothing!

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Your CAPTCHAs, They Do Nothing!

    CAPTCHAs help to stem the flow of spam on online forms, forums and regristration pages. But hackers are working on ways around them.

    CAPTCHA Hacks For Gmail, Blogspot, Craigslist Causing Problems - Search Engine Watch Blog

    Seems the hackers have found a way to work around CAPTCHA - the once great hope of stopping bots from spamming. SEW Forum member, Sitetruth, notes that there are now programs being offered that work around the filter.

    So if you notice a lot of spam coming from Gmail accounts and hacks of Blogspot you will know why. Even the spam fight over at Craigslist is getting to be a major problem according to TechDirt.
    Here's that TechDirt item...

    Inside Craigslist's Increasingly Complicated Battle Against Spammers - TechDirt

    Several commercial products are now available to overcome those little obstacles to bulk posting. A tool called CL Auto Posting Tool is one such product. It not only posts to Craigslist automatically, it has built-in strategies to overcome each Craigslist anti-spam mechanism.

    Random text is added to each spam message to fool Craigslist's duplicate message detector. IP proxy sites are used to post from a wide range of IP addresses. E-mail addresses for reply are Gmail accounts conveniently created by Jiffy Gmail Creator ("Who Else Wants to Create Unlimited Gmail Accounts in Seconds Flat Without Breaking a Sweat?") An OCR system reads the obscured text in the CAPTCHA. Automatic monitoring detects when a posting has been flagged as spam and reposts it.
    Granted, this seems Craigslist specific, but on our sites, CAPTCHAs seem to be doing a decent job. What's been your experience? Have you noticed more spam sneaking past?

  2. #2
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    I've noticed a bot, and read a thread about it lol, that will ask a question in a forum about the spam message. works in a little social engineering and makes users reply with what the program is, and ups their google link count (or whatever that's called).
    ...:::Pure Kn0wledge:::...

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Location
    Mobile, Alabama
    Posts
    11

    Captchas

    I remember reading a while back, that spammers were working on image recognition and automation to get around the
    "Completely Automated Public Turing Test to Tell Computers and Humans Apart"

    I believe the first such bypass was released in January, and then a second in february. Can't say that I use myspace a lot though, so all i know is that hits spiked at those times.
    Editor of www.backdoor-hunters.dnsdojo.org
    --------------------------------------------
    Your Source For IT Security And Hacker Alerts
    Gillis Jones

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Wink

    Well at least we know that craiglists doesn't update anything, as there freely admitting that there vuln to spam bot that is old and doesn't get updated well hasn't been for well over a year now.

    i guess those Turkish Hackers have stopped using old phpBB2.0.12 bots and have upgraded to spaming craiglists lol

    And as for forums, well most admins these days setup the Registration page so that new users have to use a non free email addresse. Usually an email addresse from all the major ISP's does the trick.

    as i doubt spammers are going to be able to register up a crap load of paid ISP email accounts and use those to spam..

  5. #5
    Junior Member
    Join Date
    Nov 2007
    Location
    Mobile, Alabama
    Posts
    11
    I wouldn't say upgraded... rather- changed methods...

    I would rather see them break into forums than spam perfectly good craiglist postings.

    Just my two cents.
    Gillis
    Editor of www.backdoor-hunters.dnsdojo.org
    --------------------------------------------
    Your Source For IT Security And Hacker Alerts
    Gillis Jones

  6. #6
    There's a disection of PHPBB3 capture breaking here as well as previous blog entries explaining the whole "floodfill" thing to break CAPTCHAs ->

    http://www.darkseoprogramming.com/category/captcha/

    Another interesting one I saw recently explained how to break the Audio CAPTCHA - they say it's much easier to analyse than the graphic one!

    Cheers,
    Niggles

  7. #7
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    They stop the older run-of-the-mill bots, they're absolutely useless against the newer breed of bot. So useless fact that there's no point in having a CAPTCHA system any longer for the forums.

  8. #8
    Member
    Join Date
    May 2008
    Posts
    34

    Cool

    So useless fact that there's no point in having a CAPTCHA system any longer for the forums.
    No way. Opening yourself back up to old attacks because a new attack is bypassing the system is not very logical. The spammers have got smarter. So what? Are you suggesting that they are smarter than those that don't want their solicitation? Somehow I doubt that... If anything, that just means that more steps need to be taken in order to prevent bots from automating processes. I'm certainly up for the challenge.

  9. #9
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    absolutely not. I screen out about 98% of the new breed of bot, but I'm not doing it with a CAPTCHA system. They get past that like it's not even there. The only thing CAPTCHA seems to slow down is spam via the contact us form

  10. #10
    Senior Member Blunted One's Avatar
    Join Date
    Dec 2005
    Posts
    183
    Even with the CAPTCHA being "broken" I still very rarely get spam on any of my forums/blogs. I used to be zero for the most part, but even now its very rare.

    However in terms of spam my company is getting slammed recently by a mountain of backscattering. Apparently it spiked in April/May of this year. My boss was getting hammered by it until I filtered out all NDRs and the like.
    It's not a war on drugs it's a war against personal freedoms!

Similar Threads

  1. Kittens kill Spammers?
    By nihil in forum Security News
    Replies: 4
    Last Post: August 11th, 2007, 04:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •