Bypassing CAPTCHA
Yesterday I had a lot of comment spam on Typepad, offering the readers of this blog various places to find entertainment. I had to deny my readers this pleasure. In reality, I should have no comment spam, because to put a comment on this blog you have to go through a CAPTCHA (which is what's in the picture on the left). But apparently, they found a way through.
This reminded me a story I heard a while ago form a friend as to how spammers go about bypassing captchas. The spammer has software that goes to a site that offers free email, in order to signs up and send millions of emails. But there is a captcha stage that the computer can't go through. The solution is to get regular people to unknowingly decipher the captcha. The same spammer runs an adult page offering free pictures for anybody who goes through by signing through a captcha. On the adult page they show the same captcha the email site was showing at that instant. When the users deciphers it to get to his adult material, the computer takes the results, feeds it back to the free email site and goes through. An account is created, the spammer sends a ton of emails and never touches that account again.
Great use of social media and the wisdom of crowds.
Anybody heard of even better ways?
Mechanical Turk of Amazon.com:
http://www.mturk.com/mturk/welcome
Posted by: Emre Sokullu | July 06, 2007 at 05:25 PM
http://tinyurl.com/33tc56
It's possible that they do it with no human intervention, with an OCR system dedicated to Six Apart only - this is quite feasible actually since each of Yahoo, Hotmail and others has linear CAPTCHA generators; the only thing you need is focus.
Posted by: Emre Sokullu | July 09, 2007 at 01:47 AM