How about reCAPTCHA?
It’s a centralized solution where the images come from unOCRable words of old books’ scanned pages.
With this CAPTCHA solving farms are turned into volunteer old book digitizing farms.
I gave it a try, you can see it in action at www.e4ec.org when posting a new notice. Spammers started to abuse the pages, now I’ll see what they can do with recaptcha.
The problem is that all these puzzle and roadblocks are killers to the website traffic.
htt://www.mediaplanetaria.com
CAPTCHA Turing farms do exist. They have been spotted in the wild:
http://www.getafreelancer.com/projects/142555.html
$3 per 1000 captchas, with 10,000 expected per person per day. 14 people offered to do the job.
There are literally hundreds more of these:
http://www.google.com/search?q=captcha+data+entry+site%3Agetafreelancer.com
They’re typically for account creation on sites that will be used to send other spam. (Google and Yahoo Mail, MySpace.) They’re not going to do a one-off solution just for your little blog, but the major sites are a big target and they will keep getting hit.
And yet Yahoo’s chat forums (captcha-protected) are full of bots.
Check how Ticketmaster was defeated and sued…
‘But RMG’s software, according to Mr. Kovach, can also “figure out the randomly generated characters and retype them automatically.”’
I have translated the captcha plugin for dotclear into English. If anyone is interested, I’m using it now on my site and I have posted a link to the translated files in the first comment of this post where I describe what I did: http://www.matthewhelmke.net/index.php/2007/10/30/14-i-have-installed-an-accessible-turing-test
Now social engineering and sex are being used to beat CAPTCHAs:
http://www.theregister.co.uk/2007/10/31/captcha-busting_trojan/
The trojan offers to show progressively more naked pix of a stripper as the user solves CAPTCHAs.
Im all very new to this kind of thing?
could anyone help me find something that could easily break simple captcha’s like this?
In most cases no need to use cheap work force or OCR, more effective to use vulnerabilities in captchas. In my new project I’m describing vulnerable captchas and there are a lot of them in Interent.
No need to use troyans when there is my Month of Bugs in Captchas: http://websecurity.com.ua/category/moseb/
Besides, captcha at codinghorror.com is vulnerable for constant values bypass method (I wrote about this method at my site). You need more reliable captcha.
Whats wrong with you commenters?! You completely missed the point of this post. Captcha is not effective because it is unbreakable, it is effective because breaking it requires knowledge and/or computing power. Breaking captcha will increase costs of spamming, thus making spamming unprofitable.
You have a fairly negative bias towards captcha-farms.
I’m not saying they are effective, but:
You don’t pay 5$ hour for braking captchas. You get people from the poorest countries in the world.
Keeping up a porn site costs money? You know what, you can even make extra money with that porn site! In addition to breaking captchas.
I agree computers can not solve captchas until they really can reason - AI is not here yet.
No idea what OCR software you used, but Abbyy FineReader doesn’t have any problem with most of them (especially the low noise one). However, your “combined” image was indeed unbreakable for it.
i was wondering if i cant see the image of the captcha instead i see in the place of the image a red X as in the image seems to be broken what can i do
On my blog, I tried an “accessible captcha” who ask very simple questions instead of words. For exemple, “in 656486473, what number come before 3 ?” or “what’s the result of twenty two plus nineteen ?” (it also use sometimes a visual captcha). It’s available for dotclear (but it’s in a href="http://nurmagomedov.blogspot.com"dagestan/a ) at http://www.atelierphp5.com/un-captcha-accessible.html
good way …
no
Well I guess most everyone has already told you this, but I’ll say it again. Captcha recognition using visual methods is MUCH more effective than you give credit. I can easily write algorithms to break any of your posted examples. And what’s more, I can do it in a language as simple as AutoHotKey.
Just be aware that there ARE many real-world, working bots that can read captchas without brute-forcing or web hacking of any kind.
Thanks for the article.
Truely speaking eailier i really dont know about CAPTCHA, i encounterd with it some time on the portal’s but through this topic i came to know what the actually CAPTCHA is about, its very informative an di am really thankful of you for that information.
Shawn
Here is an idea for a captcha that’s actually unbreakable, and if limited to a specific language, even difficult to break by outsourcing to China/Russia/etc.
What I don’t understand about it, is why you need captchas to protect forms. You only make your website unfriendly to your customers, human visitors in general.
Also using some javascripts to hide form elements not only is bypassed by bots but at the same time you cannot service humans who do not want to have active content enabled.
Spam is typically submitted by bots or other automated scripts. There’re far superior solutions by using just plain HTML to protect the forms against automated scripts and bots and without visible overhead to the forms.
