Ads Captcha

Captcha bots rose to notorious fame with the Wiseguys Tickets scam revealed in March in Newark. The four Californians who were part of the Wiseguys Tickets Company, who earned $25 millions from online tickets deals, using captcha bots, among other technologies, to gain unauthorized access to computer systems, and were charged of conspiracy to commit wire fraud (and 42 more felonies) by the Newark Federal Court.

What Wiseguys’s wise guys did was to deceitfully purchase large quantities of the priciest tickets to the biggest events in American sports, music and show business and sold them to ticket brokers, who then sold the tickets to the wide public in higher prices, while the Wiseguys had earned $25 millions mark-up. To get over the captcha barrier put by large online ticket websites (which, naturally, want to maintain their good reputation and have no interest in wholesaling their tickets to brokers), the defendants has used captcha bots that were capable coping with both visual and audio captcha, as well as opened and managed hundreds of fictional domains and email addresses for this purpose.

Fighting Captcha Bots

The lesson learned here, that there are bots that can read and hear captcha, successfully and faster than the average human being, is not new. As captcha developers and online security experts are constantly working on strengthening and improving the captcha and adding extra security features, bots and spammers are growing more and sophisticated.

What can you do then, except follow the bots, learn their behavioral patterns and adjust the captcha and anti-spamming solutions correspondingly? For example, if research shows that bots can easily get rid of all the background noises, but have hard time interpreting scribbled texts, then prefer this captha:

over this:

According to a recent study made by a group of researchers from Stanford, when comparing humans to robots – humans don’t do too well in deciphering captcha tests.

The group took more than 300,000 captchas, all are examples taken from popular web companies such as Yahoo! and Google, and gave them to humans (native English speakers) to solve.
When the same captcha was given to three different human subjects, only 71% of the time they had agreed on the right answer.

If to be more specific, Study participants succeeded in solving Google’s and Yahoo!’s CAPTCHAs only 87% of the time, while the ones used by Microsoft were solved correctly only 80% of the time. In audio captcha testing (made for the blind) the results were even worth, as recognition was found to be “as low as 39% for Microsoft and 35% in Google’s case”.

These results support the saying that Captchas – originally designed to keep bots out of all kinds of online platforms and thus prevent spam – are sometime too hard not only for robots but also for humans to decipher.

Pramana company is offering a bot-spotter service that suppose to be some kind of Captcha alternative.
When it comes to your website security, the bot spotter keeps two eyes open in aim to detect bots that are remotely controlled by spammers.

There are 2 services of bot detecting by Pramana:
1. BotAlert – A free service that can report suspected bot traffic on a site.
2. BotBlock – A paid service  that identify bots and block their actions.
The cost of using the Bot Block service ranges from $19.99 to $299 per month.

The full article can be read here, on tech world news.
Too bad that Pramana CEO didn’t say anything about how they’re going to deal with decent bots like those of search engines…

Although many users find Captcha annoying and irritating the use of Captcha test as a mean of spam prevention becomes more and more popular since there is no other absolute alternative way to stop those bots from getting hold over online blogs, forums and other social platforms.

Dal Net is just one example.
As was written on  IRC-Junkie website,  Dal Net, one of the IRC (Internet Relay Chat) networks has just added a “text Captcha” to their registration process – this text captcha present a question that has to be answered by human user (instead of deciphering alpha numeric distorted letters as requested by the original captcha we are all familiar with). The question could be something like “Mark’s name is?” and the answer should be:
NickServer/Registraion<password><email>mark.

The questions will be, of course, changed every week.

The reason they’ve added Captcha system is because they have noticed “increases in bots getting nicks and channels, holding them, and never releasing them… and it’s not fair to the average person that a bot gets a nickname before human does”.

By using Captcha they hope to ensure their services (such as nicknames, channels, chat rooms and so on) will be used by human beings first and not by bots.

Apparently Bing is doing its best to assure people will not use it for their  search, as nowdays it requires to pass a captcha test in order to get some results.

We understand Microsoft doesn’t want bots and other machines to use its search platform, but people are getting tierd of captchas.
Why should one use a search platform that requires him to make more efforts than other search platforms (such as Yahoo search and Google)?
There’s no reason and thus Bing users may abandon Bing in favor of Google, yahoo or even Ask.com.

Looking for additional information on the topic?
Go to Econsultancy

3 days ago, msnbc had published this news item, saying that new captcha is about to get in town.
The innovation of this new “no more spam bots on the web” captcha is that it requires the user to authenticate himeself as a human operator by solving figures that emerge out of chaotic patterns.
What am I talking about?

when saying “emergence” we mean “the ability to visually gather fragmentary bits and synthesize them – often without color clues or clear boundaries – into simple objects, such as a rabbit or a dog”.

Too bad there was no example of this emerging figures test as I am surely would like to test my own ability of this new image recognition test.

Jonathan Wilkins took a look at Google new Captchas and found them easy to be solved meaning also to be cracked:
“Users now find the words easier to read – but so do machines.”
According to Wilkins and the tests he did, the new captchas – with no horizontal separator – are 10 time more easy to be solved!!!
Read the full article here!

As a kid who was raised in a world of fantasies and fairy tails I believed the world is divided into two groups: good guys and bad guys. Naturally the good ones were my heroes. They were winners, never lost a battle and all the legends and fairy tails had a happy end.
As I grew older my perception has changed. I began to realize that the larger group belongs to “bad guys”.

What’s the connection between good and evil to Captcha?
Well, Captcha belongs to the “good guys”. It is based on the idea of assisting websites to filter automated bots and to enable registration to web sites for human being users. This small test of an image with distorted alphanumeric characters enables to tell apart humans and machines.

On the other hand stands a smart competitor, i.e, spammers, hackers, web sites that wish to promote ranking in S E O engines, who works hard by using bots to crack Captcha – not without success.

Abusing Captcha
Another variation of fighting Captcha is abusing it instead of cracking it.
The following information which came online a couple of monthes ago, under the headline “Paypal Fraud With Captcha” tells about a phishing URL of Paypal (Paypal allows  buyers on line to transfer money to merchant account without exposing his credit card while shopping), which asks for feedback on shopping on line, but before giving his feedback the user has to fill personal details: his name, e mail address and Paypal password. Afterwards, a Captcha test appears which users have to decipher and enter.

It’s so simple. Now the way to accumulate personal information and create faked accounts is free! No need for bots, no need for hard work, just exploiting good will of innocent users by the help of “good guys Captcha”…

By the way, the phishing URL has been blocked by “Trend micro Smart Protection Network”, so we have a happy end after all!

I’ve just read an article on online “Network World” by Brad Reed dated 10/01/09 saying that hackers have found a way to crack Facebook’s Captchas and create false accounts. Those accounts are used for spreading spy ware phishing credit cards and other valuable information from innocent users.

Those rogue accounts show a picture of a woman and the moment one clicks on her video profile – it activates the spyware.

Facebook states it’s doing its best to eliminate false accounts ‘though it’s not easy to detect them. As a matter of fact, anyone can bypass Facebook’s Captacha code simply by googling a Youtube video tutorial which shows step by step how to remove facebook’s Captcha’s code.

I guess the nice thing in this story is the fact that Facebook, the great social network, has joined Google, Yahoo and Hotmail – all targets for spammers attack.

Once again it has been proved that captcha should be improved constantly  if it’s into serving as a reliable spam blocker as well as a security system.

You can read more about Facebook Captcha Attack here

In case you haven’t heard about it – the phpBB website was running a captcha plugin competition.
New entries are not allowed anymore, meaning we can get to see some new captcha plugins very soon now.
This captcha plugin competition was held because of the upcoming release of phpBB new version (phpBB 3.0.6) which will include a completely new captcha system.
Niceeee…

About phpBB
Since phpBB is released under the GNU General Public License the bulletin board software it offers is completely free
and is used for communities creation.