CAPTCHA’s cracked

CAPTCHA is the nickname of the venerable (ok only a few years of veneration) technique of verifying if the person on the other side of the screen is actually a person not a computer. We’ve all seen them a million times: a very hard to read bit of text in a small box, with a request that you decipher it and type in the text into another box.

Well it seems that spammers have figured out a way to defeat them: yes, you guessed it, “Captcha Farms.” I first thought they were some exaggerated fear mongering but I suppose their commonplace enough that it’s being reported even in, the, g-u-l-p, New York Times:

“Sophisticated spammers are paying people in India, Bangladesh, China and other developing countries to tackle the simple tests known as captchas, which ask Web users to type in a string of semiobscured characters to prove they are human beings and not spam-generating robots.” (from Spammers Paying Others to Solve Captchas, from the NYT.)

Except I’ve heard of an even more subversive variation, where spammers put up what appear to be run of the mill porn sites, that, instead of asking you to pay with cash for access, ask you to solve a captcha for each image or video or whatever. (whatever?) Poor guy is not only solving it to gain access, they are also solving it, in real time, to help a spammer gain access to some site they are attacking. Creative.

0 thoughts on “CAPTCHA’s cracked

  1. This is old news; I guess the NYT is just catching on. I remember seeing this as long as 3 years ago if not more.What I’ve noticed an uptick on lately is poorly-paid (presumably) people with not much command of the English language posting customized spam comments to blogs. They usually include a slightly rephrased part of the body text and then try to connect it (badly) to the item being spammed (usually sex pills or shoes).The spam problem for blogs is no longer a technical problem; it purely reflects the cost of labor. Spam email is still a technical problem because of the smaller audience per message.


  2. I forgot to add: the solution to me seems to be a bulk anti-spam service that uses the same inexpensive employees to screen for spam comments real-time. It’d be under $1/day for most blogs.Also, you have a spurious apostrophe in your title….


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s