How Spammers Get Around Captchas

[Ghost]

It may seem like a long stretch, but it's not at all and if you look around you can actually find people and/or websites that offer these services. If you pay cash you can get people to fill in captcha forms for hours upon end. This allows hundreds if not thousands of registrations from spammers around the web. The spammers pay hardly anything for thousands of captchas filled out.

I just thought I would share because it is interesting to see how the market for spamming is developing as anti spam measures do as well. Furthermore, it is intriguing to see how there is people willing to fill out captchas for barely anything. These people usually are from foreign and poverty-filled countries.

 

[BlackHatClass]

Well at DeathByCaptcha, it costs just $1.39 to break 1000 captchas. And one of the best black hat forum marketing tool, Xrumer, has built in support for OCR breakers.. That means, you don't need to pay at all, no matter how many sites you spam.

 

[Ghost]

Yeah exactly, so it's really annoying for us forum makers.

 

[juststeven]

But the security question gets em every time.

 

[Aki-P]

But the security question gets em every time.

They slipped into mine a few times, even with Security Question.

I think it's very important to not rely solely on 1 anti-spam solution. Rely on dozens.
There's no 100% full-proof method, but what we can do is use every possible anti-spam solution out there to make it really difficult for them.

 

[Ghost]

My sec questions are a little crazy now.
What year is it? Subtract 4. Multiply by 2.

Or crap like.
Type America backwards.
Remove the first two letters and last two. Now remove the vowels. What letter do you have? The answer is what letter comes after that.

lololol

 

[CyberFreak]

Human spammers can get around "Security Questions" as can some bots if the question is simple (2+2=? for example). If you Google 2+2= for example it will give you the answer. The more complex and unique the question is, the more successful it will be.

 

[Ghost]

Human spammers can get around "Security Questions" as can some bots if the question is simple (2+2=? for example). If you Google 2+2= for example it will give you the answer. The more complex and unique the question is, the more successful it will be.

Yes, definitely. Also, if you are getting hit with spam you can do the following:
Try changing your password requirements.
Many bots will have random password generators or password lists to go off. Forcing them to have a number, one letter in caps, and a symbol is only so good. Eventually they will just adjust the way they set passwords for their bots and you have a problem again. Go ahead and change up the password requirements if you are getting hit with bots. It may just delay the problem, but at least you'll have some time to figure out better methods.

 

[sapper]

But the security question gets em every time.

They can google the answers, some can do it automatically by word recognition

 

[Luke]

If you made the question an image it would be harder for the computers to read and get past? Dunno 😛

 

[Ghost]

Yes well if it was a question in an image it would require them to actually go ahead and read it as a bot can't highlight it or anything. That's a really good idea actually!

 

[Deleted member 4320]

My sec questions are a little crazy now.
What year is it? Subtract 4. Multiply by 2.

Or crap like.
Type America backwards.
Remove the first two letters and last two. Now remove the vowels. What letter do you have? The answer is what letter comes after that.

lololol

Even though it's secure and may keep out most spam accounts, if I had to answer that I wouldn't bother registering. It's a good idea but would take far to long to complete. People want to sign up and get posting quickly.

 

[XcapeX]

That's why email verification seems to work like a charm. 🙂

 

[wwwkingwww]

i don't like Captcha, it make me confusion sometimes, but it's really useful nowadays. The best way to stop spamming is to ban their IPs, and have random questions in your register form, however, it’s hard to stop a human spam.

 

[Ghost]

That's why email verification seems to work like a charm. 🙂

For some people I guess. Certainly not for me.

 

[GarryRicketson]

I use security questions, they do seem to work better, but if and when one gets pased, this means it figured out the answer,
So I change the questions,
I saw another post recently on another forum, about a site that, "collects" login usernames, and passwods, and shares them with the public, anyone.
is a good place to learn about controlling spam.
from Garry

 

[Ghost]

Yeah altering them every now and them is always a good idea.
If you are going to use captcha, maybe changing it up every now and then because some spammers may not have automated systems to detect what captcha plugin you are using on your forum.

drag and drops seem to be working pretty well too.

 

[Krymzn]

drag and drops??

 

[mothered]

i don't like Captcha, it make me confusion sometimes, but it's really useful nowadays. The best way to stop spamming is to ban their IPs, and have random questions in your register form, however, it’s hard to stop a human spam.

Well said, I totally agree, particularly with the human spam side of things..

 

[Nuke]

I plan on implementing a system at my company that will ask a question related to the company and in addition rotate them.

Like a boss.