DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th November 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,193
Thanked 182 Times in 149 Posts
Default CAPTCHA schemes still easy to bypass

From http://h-online.com/-1371934

Quote:
Security researchers at Stanford University have found that the vast majority of text-based anti-spam tests are easily bypassed. They cracked the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanisms of several popular web sites.

The researchers tested the query mechanisms of such sites as Google, eBay and Wikipedia. Only Google's CAPTCHA and the reCAPTCHA systems managed to withstand the attacks.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 5th November 2011
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Wonder how KeyCaptcha performs (https://www.keycaptcha.com/).
Reply With Quote
  #3   (View Single Post)  
Old 5th November 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,193
Thanked 182 Times in 149 Posts
Default

I don't understand that reCAPTCHA is not broken. If I enable this in the forum software for registration of new users, we get 25 to 50 spambot registrations daily.

EDIT: see vBulletin forums hit by reCAPTCHA cracking spam bot
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 5th November 2011
Virus's Avatar
Virus Virus is offline
New User
 
Join Date: Nov 2011
Posts: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by DutchDaemon View Post
Wonder how KeyCaptcha performs
Quite good if you don't mind to cut your registrations by 95% (from StopForumSpam)

I, for example, cannot register in forums or comment blogs with KeyCAPTCHA (I am on dynamic IP-address getting "We have detected spam activity, your actions are blocked")

One should also remember understand that by installing KeyCAPTCHA plugin a webmaster (owner) opens the backdoor for executing scripts in his visitors browsers loaded from KeyCAPTCHA.com backservers of professional spammers (with a long list of deceptive practices)
Read:while a webmaster cannot control or even see what is being loaded to his visitors and a visitor cannot even reproduce it (they use for it various tricks like intermittent spamming, only on first couple of min of first visit, on 1st passing, geo-targeting, etc.)

Last edited by Virus; 30th June 2013 at 11:39 AM.
Reply With Quote
  #5   (View Single Post)  
Old 6th November 2011
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Quote:
Originally Posted by J65nko View Post
I don't understand that reCAPTCHA is not broken. If I enable this in the forum software for registration of new users, we get 25 to 50 spambot registrations daily.

EDIT: see vBulletin forums hit by reCAPTCHA cracking spam bot
Same here, it is useless at the moment.
Reply With Quote
  #6   (View Single Post)  
Old 6th November 2011
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

The keyCAPTCHA anti-campaign is based on one single dedicated detractor. Can't take that seriously, really.
Reply With Quote
  #7   (View Single Post)  
Old 6th November 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,080
Thanked 198 Times in 156 Posts
Default

Best reason not to use KeyCAPTCHA:

Quote:
You may experience KeyCAPTCHA below

Please install Adobe Flash plugin (version 9.0.115 or above) into Your browser, please go to this link for install Adobe Flash plugin
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #8   (View Single Post)  
Old 7th November 2011
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Have you tried the suggestions in the last paragraph of http://www.pcpro.co.uk/blogs/2011/01...king-spam-bot/, i.e. turning on Q&A? This may be vB 4+ only.

Last edited by DutchDaemon; 7th November 2011 at 04:38 PM.
Reply With Quote
  #9   (View Single Post)  
Old 7th November 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,193
Thanked 182 Times in 149 Posts
Default

Yes, we turned on Q&A. Now we only get 3 to 4 SEO spam registrations a day.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD Testing NetBSD: Easy Does It Android1 News 0 28th June 2010 11:39 AM
3-D CAPTCHA harold Off-Topic 11 21st October 2008 03:48 AM
Simple/easy ircd Weaseal FreeBSD Ports and Packages 0 17th July 2008 12:31 PM
KDE app for easy Wireless connection coppermine FreeBSD Ports and Packages 4 17th May 2008 07:33 PM


All times are GMT. The time now is 12:36 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick