Porn Rewards Users To Get Past Anti-Spam Captchas

Stalke writes "Spammers are now usings a new technique to circumvent the 'captchas,' the distorted text in graphics, that users must input to receive the free email account. The spammers have cracked the system by displaying the 'captchas' on free porn sites in real time. Since there are always a large number of people signing up for free porn, they do the work of decripting the 'captchas' which is then replayed back into the spammers program to create a new email account. Who thought that porn could be a hacking technique!" Sure sounds plausible, though the link here says only "someone told me."

Easily countered

[Yggdrasil42]

This can be easily countered if the free e-mail sites configure their servers, so that the 'captchas' can only be loaded into pages that they've served themselves.

I'm not sure how that works, but I've seen it in action on some sites.

Maybe someone else knows how it's done?

Re:Sounds like rubbish

[superwiz]

Catchups are constantly designed to be undecodable by OCR. But the porn solution doesn't sound like rubbish at all. It actually sounds quite clever. Here's how it might work: 1.An automated script tries to sign up for public emails (yahoo, hotmail, etc.). 2.At some stage during sign up a page with a catchup is "presented" to the script. 3.The script gets the catchup out of the page and adds it to a pool of catchups to be associated with their perspective words. 4. At some point, shortly after, a visitor to a porn site is presented with a catchup and enters the correct word. THIS IS, BY THE WAY, A PERFECT WAY TO FOIL SPAMMERS AND TO STILL GET YOUR PORN -- since the porn site doesn't, in fact, know what the catchup is supposed to be and is only using you, enter a wrong one. 5. The word entered by the user on the porn site is used to submit a reply to the public email system.

Computer Program

[UPAAntilles]

The computer science department at Berkeley has already broken the Yahoo-like Captcha. They use an algorithm to break it. They recommend "Gimpy" as a replacement, which their software has yet to crack. The blog is full of crap, the captcha is generated every session, so you can't make a link to the image like they would like because the session would end.

Re:Nifty

[acidtripp101]

I thought this exact same thing. Every time I see a simple 'sollution' to a 'problem' like this, I always have to give the creator credit due to them... I don't care whether it's for the linux kernel or to send me pills for a larger penis, it's still ingenious.

just added captcha

[jqh1]

We *just* added captcha functionality at spamgourmet but we're using a random number at the end of each quizword, and we use a random filename for each image. The code just went up on sourceforge if you want to take a look.

Re:Sounds like rubbish

[Tim+Macinta]

I have been letting people set up free email accounts at kmfms.com for awhile, and there has been an abnormally large surge in new accounts recently (and the sign-up process does use the distorted letters). These have been junk accounts too. I had a huge number of sign-ups just last night and only 1 person actually came through my site first (the email service is provided by everyone.net, so somebody was evidently going straight there without hitting my site first). Once these junk accounts are created, spammers then send email from their own servers, but with the return address of the junk account. I don't know why they are doing this - I seriously doubt they are checking the accounts, and they aren't actually sending anything from the accounts, but they are doing it nonetheless and I have been getting a lot of complaints recently about spam even though all of the headers inidicate that my network and everyone.net's network wasn't involved.

I have given up that this point and as of today I am switching the email system so that all new users must be paid users. These spammers are like a swarm of locust consuming everything in their path, and now they have destroyed the free service I had been offering for years. I wish they were in the US so I could pursue legal action.

Re:Nifty

[kramer2718]

Sure, give credit, but not to spammers. Manuel Blum, who invented CAPTCHA, came to speak at my school. First, he explained CAPTCHA. Then he explained how to beat it. The idea is called 'stealing cycles'. In his version, the CAPTCHA tests would be part of games rather than porn sites, but the concept is the same.