Comments on: reCAPTCHA http://www.za3tar.net/2008/04/19/recaptcha/ Comments, Observations, and Brain Dumps from Ramallah (at heart). Tue, 02 Feb 2010 03:45:16 -0800 http://wordpress.org/?v=2.9.2 hourly 1 By: Hmmm http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-44151 Hmmm Tue, 26 May 2009 19:21:15 +0000 http://www.za3tar.net/?p=216#comment-44151 Which also means that the chances to defeat any given captcha are significantly better than they appear at a glance. Which also means that the chances to defeat any given captcha are significantly better than they appear at a glance.

]]> By: Hmmm http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-44149 Hmmm Tue, 26 May 2009 19:15:28 +0000 http://www.za3tar.net/?p=216#comment-44149 hmmm, it's then relatively easy to guess which one of the words is in the database, and screw with the recaptcha guys. The last one was 'Sleigh thongs', but 'Xxxxxx thongs' works fine too... hmmm, it’s then relatively easy to guess which one of the words is in the database, and screw with the recaptcha guys. The last one was ‘Sleigh thongs’, but ‘Xxxxxx thongs’ works fine too…

]]> By: za3tar http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1848 za3tar Mon, 21 Apr 2008 09:37:17 +0000 http://www.za3tar.net/?p=216#comment-1848 <b>Qwaider:</b> Hahaha .. yislamo Qwaider: Hahaha .. yislamo

]]> By: Qwaider قويدر http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1836 Qwaider قويدر Mon, 21 Apr 2008 08:41:54 +0000 http://www.za3tar.net/?p=216#comment-1836 By the way, just to let you know. I just implemented recaptcha for my registration routines :) based on your recommendation. Yalla .. 3eesh :) By the way, just to let you know. I just implemented recaptcha for my registration routines :) based on your recommendation. Yalla .. 3eesh :)

]]> By: za3tar http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1684 za3tar Sun, 20 Apr 2008 17:23:28 +0000 http://www.za3tar.net/?p=216#comment-1684 <b>Qwaider:</b> Oh cool. I always wondered why you don't have any "visible" anti-spam stuff. But it turns out it's all "under the hood" :-) . Funny that you mention Honeypots, i almost got to work on them in undergrad. They wanted to make sure that their work footprint mimics that of machines that are actually used. Can't wait to see your list. Personally, i don't have much on this site. Just Aksimet and reCaptcha. Actually, Aksimet has not been catching any spam after reCaptcha has been installed :-) Qwaider: Oh cool. I always wondered why you don’t have any “visible” anti-spam stuff. But it turns out it’s all “under the hood” :-) .

Funny that you mention Honeypots, i almost got to work on them in undergrad. They wanted to make sure that their work footprint mimics that of machines that are actually used.

Can’t wait to see your list. Personally, i don’t have much on this site. Just Aksimet and reCaptcha. Actually, Aksimet has not been catching any spam after reCaptcha has been installed :-)

]]> By: Qwaider قويدر http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1683 Qwaider قويدر Sun, 20 Apr 2008 08:29:19 +0000 http://www.za3tar.net/?p=216#comment-1683 I have been working on this for so long that I came to this conclusion There's no single way that can combat spam on it's own. Starting with depriving spammers from their beloved zombies and proxies, then going along the nofollow lines, and combining that with contextual smartness and most importantly booby trapping them inside the HTML code. All of these help eliminate spam. (I use all these techniques on my blog and a few cute other tricks and the results have been very impressive so far) Sadly, not many people or developers are able to do this in an efficient way yet. And I'm afraid the same issues with emails are just waiting to be translated to comment spam. Couple of noteworthy projects. Project Honeypot, actually tracks, captures and provides help for people who want to look up spammers. Very noble idea. And "Stop forum spam" (I think) another very interesting endeavour to stop these spammers. One day I will share my list too :) I have been working on this for so long that I came to this conclusion
There’s no single way that can combat spam on it’s own. Starting with depriving spammers from their beloved zombies and proxies, then going along the nofollow lines, and combining that with contextual smartness and most importantly booby trapping them inside the HTML code. All of these help eliminate spam.
(I use all these techniques on my blog and a few cute other tricks and the results have been very impressive so far) Sadly, not many people or developers are able to do this in an efficient way yet. And I’m afraid the same issues with emails are just waiting to be translated to comment spam.
Couple of noteworthy projects. Project Honeypot, actually tracks, captures and provides help for people who want to look up spammers. Very noble idea. And “Stop forum spam” (I think) another very interesting endeavour to stop these spammers.
One day I will share my list too :)

]]> By: za3tar http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1682 za3tar Sun, 20 Apr 2008 04:54:16 +0000 http://www.za3tar.net/?p=216#comment-1682 <b>Qwaider:</b> Yeah you are right. I guess with reCaptchas the words are limited to those of the English dictionary, and thus with <u>lots</u> of time and effort one can enumerate all possible images and their answers. But I guess even if a well funded group of spammers does that, then their efforts would have actually helped digitize alot of books :-) . But yeah i agree with you. Captchas in general treat the symptom rather than the cause. Thus they should not be considered as THE answer for spam, but rather as a temporary solution. A true solution would fight the problem at the source. <b>Ruby:</b> Thanks :-) Qwaider: Yeah you are right. I guess with reCaptchas the words are limited to those of the English dictionary, and thus with lots of time and effort one can enumerate all possible images and their answers. But I guess even if a well funded group of spammers does that, then their efforts would have actually helped digitize alot of books :-) . But yeah i agree with you. Captchas in general treat the symptom rather than the cause. Thus they should not be considered as THE answer for spam, but rather as a temporary solution. A true solution would fight the problem at the source.

Ruby: Thanks :-)

]]> By: Ruby http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1681 Ruby Sun, 20 Apr 2008 02:43:45 +0000 http://www.za3tar.net/?p=216#comment-1681 Thanks for the heads up--interesting concept. Thanks for the heads up–interesting concept.

]]> By: Qwaider قويدر http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1680 Qwaider قويدر Sat, 19 Apr 2008 19:11:44 +0000 http://www.za3tar.net/?p=216#comment-1680 That's the extreme case that you're talking about. You can't use words like "I", "me" or "SlkjuXkuerSSFSJHFLdjh" in any captcha. Most likely the captchas are going to be like the words I have below "notes" and "mercy" Just like there are databases for, say MD5 hash strings being used by hackers all over the world. It's not really far fetched to create a database for images. Or the better choice, create more intelligent OCR. It's obvious that these people have the means, resources, and the motives. It will happen, there's no escaping it. It's just matter of time. That’s the extreme case that you’re talking about. You can’t use words like “I”, “me” or “SlkjuXkuerSSFSJHFLdjh” in any captcha. Most likely the captchas are going to be like the words I have below “notes” and “mercy”
Just like there are databases for, say MD5 hash strings being used by hackers all over the world. It’s not really far fetched to create a database for images. Or the better choice, create more intelligent OCR. It’s obvious that these people have the means, resources, and the motives. It will happen, there’s no escaping it. It’s just matter of time.

]]> By: za3tar http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1679 za3tar Sat, 19 Apr 2008 18:34:13 +0000 http://www.za3tar.net/?p=216#comment-1679 <b>alajnabiya, Dandoon:</b> Thanks. <b>Qwaider:</b> Yeah, Captchas are not the ultimate solution, but they are something. Actually Luis talked about tracking "Captchas sweat-shops" were people were payed money to sit all day and solve Captchas. And his solution was simple. Since these spammers can only type a certain number of words per minutes, for the spammers ip address, they would just send them longer and longer captchas to solve :-). In reCaptcha that just meant that the spammers are actually helping more in digitizing books. So they are using them for a humanitarian cause :-) However, i don't think that spammers are capable of solving all possible captcha images and storing them in a a database. Assume that the captchas length ranges from 3 to 7 characters over numbers, small case letters, and capitalized letters. That gives us more than 4 x 10^12 possible unique strings, and imagine that each string can be created into about a hundred unique Captchas, then that is a total of about 4 x 10^14 unique captcha images and their solutions. Spammers will have to spend a ton of time and effort to enumerate all captchas. alajnabiya, Dandoon: Thanks.

Qwaider: Yeah, Captchas are not the ultimate solution, but they are something. Actually Luis talked about tracking “Captchas sweat-shops” were people were payed money to sit all day and solve Captchas. And his solution was simple. Since these spammers can only type a certain number of words per minutes, for the spammers ip address, they would just send them longer and longer captchas to solve :-) . In reCaptcha that just meant that the spammers are actually helping more in digitizing books. So they are using them for a humanitarian cause :-)

However, i don’t think that spammers are capable of solving all possible captcha images and storing them in a a database. Assume that the captchas length ranges from 3 to 7 characters over numbers, small case letters, and capitalized letters. That gives us more than 4 x 10^12 possible unique strings, and imagine that each string can be created into about a hundred unique Captchas, then that is a total of about 4 x 10^14 unique captcha images and their solutions. Spammers will have to spend a ton of time and effort to enumerate all captchas.

]]> By: Qwaider قويدر http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1677 Qwaider قويدر Sat, 19 Apr 2008 17:21:12 +0000 http://www.za3tar.net/?p=216#comment-1677 I'm not really a big fan of Captchas, proponents have solved all the issues of accessibility ...etc But it's only a matter of time until these get broken too. There's a lot of research on computer applications breaking other computer applications. It will eventually be broken What spammers are resorting to these days is another very simple method. Grab the image from your captcha, present to to people in exchange for porn, store the results in a database and done! The whole thing is going to crumble sooner or later because it's based on a faulty premise "Computer generated image the the computer can't understand" I think everyone needs to get a little bit more intelligent, and deprive the spammers from their sources. Akesmet are doing a great job. Others have similar initiatives (I keep a database that is 6 times larger than Akesmet specifically for this problem) That's why I get so little spam even though I'm just like everyone else get targeted by hundreds of thousands of spam attempts And yeah, Captchas suck! They're ugly, they're in your face, and they annoy the hell out of people I’m not really a big fan of Captchas, proponents have solved all the issues of accessibility …etc
But it’s only a matter of time until these get broken too. There’s a lot of research on computer applications breaking other computer applications. It will eventually be broken
What spammers are resorting to these days is another very simple method. Grab the image from your captcha, present to to people in exchange for porn, store the results in a database and done! The whole thing is going to crumble sooner or later because it’s based on a faulty premise
“Computer generated image the the computer can’t understand”
I think everyone needs to get a little bit more intelligent, and deprive the spammers from their sources. Akesmet are doing a great job. Others have similar initiatives (I keep a database that is 6 times larger than Akesmet specifically for this problem) That’s why I get so little spam even though I’m just like everyone else get targeted by hundreds of thousands of spam attempts

And yeah, Captchas suck! They’re ugly, they’re in your face, and they annoy the hell out of people

]]> By: Dandoon http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1675 Dandoon Sat, 19 Apr 2008 05:41:01 +0000 http://www.za3tar.net/?p=216#comment-1675 That was educational....:) That was educational….:)

]]> By: alajnabiya http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1673 alajnabiya Sat, 19 Apr 2008 03:43:03 +0000 http://www.za3tar.net/?p=216#comment-1673 Cool idea. I hope Blogger adopts it soon. Cool idea. I hope Blogger adopts it soon.

]]> By: za3tar http://www.za3tar.net/2008/04/19/recaptcha/comment-page-1/#comment-1672 za3tar Sat, 19 Apr 2008 02:59:07 +0000 http://www.za3tar.net/?p=216#comment-1672 ... and it works :-) … and it works :-)

]]>