Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the CAPTCHA Approach Is Doomed

Posted by timothy on from the how-do-you-feel-about-are-you-a-human dept.

TechnoBabble Pro writes "The CAPTCHA idea sounds simple: prevent bots from massively abusing a website (e.g. to get many email or social network accounts, and send spam), by giving users a test which is easy for humans, but impossible for computers. Is there really such a thing as a well-balanced CAPTCHA, easy on human eyes, but tough on bots? TechnoBabble Pro has a piece on 3 CAPTCHA gotchas which show why any puzzle which isn't a nuisance to legitimate users, won't be much hindrance to abusers, either. It looks like we need a different approach to stop the bots."

8 of 522 comments (clear)

  1. Re:My solution is simple & elegant: by Dynedain · · Score: 4, Informative

    The author was arguing that one of the primary reasons to do captcha breaking is to get freebee email accounts on GMail/Yahoo to send spam from.

    Limit the email the account can send, and you reduce the desire for the account. Reduce the usefullness of the account, and you reduce the desire to crack the captcha on new account signups, or at least the profitability in doing so.

    It's one approach that would make a difference, but it's clearly not the only solution.

    --
    I'm out of my mind right now, but feel free to leave a message.....
  2. Wrong implementation by js3 · · Score: 3, Informative

    Most CAPTCHAs are hacked because their implementation is amatuerish. They are hacked by resusing session ids or dictionary attacks and nothing to do with actual image itself. Long story short CAPTCHAs reduce the amount of spam by more than 50% simply because it's not worth the effort for a spambot to break it, after all they have the entire internet to spam.

    Some are good some are bad and most are downright horrible, but you wouldn't want your favorite forum to be trolled by spambots would ya? Might as well live with it. Nothing works 100% you should know that by now

    --
    did you forget to take your meds?
  3. Re:8==C=A=P=T=C=H=A==D by clone53421 · · Score: 3, Informative

    Already been done.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  4. Re:So what next? by uhoreg · · Score: 5, Informative

    This is known as hashcash. One big reason that it doesn't work on the web is that, currently, users will be stuck with some slow JavaScript version of the algorithm, while a sufficiently determined spammer can use a fast C version, and end up with much less work required to post. So it's nearly impossible to set a cost that is cheap enough for valid visitors, that will be a sufficient deterrent against spammers.

    --

    To get something done, a committee should consist of no more than three persons, two of them absent.

  5. Not really by willy_me · · Score: 4, Informative

    SPAM is sent from compromised computers. If you make people pay for posts then the owners of compromised computers will be billed - not the real senders of SPAM. Billing would help minimize the problem, but we would still receive a pile of SPAM. And a pile of people who only use their computer once a week would have to foot the bill.

  6. Re:That wooshing sound.... by kwerle · · Score: 4, Informative

    Yup. I used PHPBB2 and changed the CAPTCHA code.

    "Type the following text in the CAPTCHA box . Ignore the image below."

    All spamming stopped. Regular users were fine.

  7. Re:Stuck in the old ways by Eternauta3k · · Score: 4, Informative

    If your site gained any popularity, they would make bots specifically to register in your website.

    --
    Yeah. Would you choose a neurosurgeon who pokes around people's brains in his spare time? I wouldn't.
  8. Re:That wooshing sound.... by bigbird · · Score: 3, Informative

    Yes, me too. I simply ask "How do you spell spam?" for my question. Stopped the spambots in their tracks :)

    --
    Great Windows SFTP Server!