How do spam bots make it past CAPTCHA to post their wares?

rcook12

I know there is software out there that is intended to defeat CAPTCHAs, but it doesn't work well on a lot of CAPTCHA systems and we still get automated account creation and spam. Is it really worth their time to solve all those CAPTCHAs just to post an offer for knock-off jewelry or fake brand name shoes?  

Topic: Internet
Answer this Question

Answers

3 total
jimlynch
Vote Up (24)

It depends on the software in question. For example, some message board software such as VBulletin get tons and tons of spammers. Why? VBulletin is widely used so there are scripts that make it easy for spammers to continually register and automatically post in those kinds of forums.

This works for blogs, CMS software, etc. too.

One way I've found around it is to use more niche software. For my own discussion forums I use Beehive. It's free and open source. Very few forums use it (it's frames based forum software) so there really is nobody making scripts to register and post spam messages. I think we've gotten about two spammers the whole time we've been running it. We actually welcome them since clearly they took the time to register and spam us. We're spam worthy! Woohoo! ;)

At one point I tried VBulletin and it was a spam nightmare. I fled back to Beehive.

So anyway, the more popular a software package is the better the chances are of it being constantly spammed via script spammers. If you need software it's sometimes better to go off the beaten path.

You can snag Beehive here: http://sourceforge.net/projects/beehiveforum/ You can get support at the developers forum: http://www.tehforum.co.uk/forum/index.php?

becker
Vote Up (21)

 

There are companies out there that have PEOPLE solving all those CAPTCHAs for basically nothing.  For example, KolotiBablo is one company that exists for just for spammers, and offers CAPTCHA solving at low, low prices.  For ~$0.75 per thousand CAPTCHAs solved, they will have some poor sod in Pakistan, China, Vietnam, etc. sit around all day typing in solutions for a couple of dollars per day.  Having actual people doing the work makes the solution rate higher than programs that read CAPTCHAs, and the cost is low enough to keep CAPTCHAs from really discouraging spammers.  

 

I ran across an interesting article on this subject recently.  I had never thought about digital sweatshops before, but that's a pretty apt description of how all those CAPTCHAs get solved.

https://krebsonsecurity.com/2012/01/virtual-sweatshops-defeat-bot-or-not...

 

becker

Ask a question

Join Now or Sign In to ask a question.
Amazon.com has asked the U.S. Federal Aviation Administration permission to test drones outdoors for use in its Prime Air package delivery service.
MonkeyParking, an app that lets people bid on public parking spaces, said Thursday it will suspend its service in San Francisco to avoid a potential lawsuit from the city attorney.
IBM, Microsoft, Red Hat and other IT vendors are lending a hand to Google to help build software that enterprises could use to manage their computerized workloads in the cloud.
Microsoft's price cuts for some Office 365 plans was an attempt to keep momentum on its software-by-subscription push, an analyst said.
In wake of psychological experiment, group challenges users to take a Facebook break and find out if it makes them happier.
Oracle's massive annual OpenWorld conference isn't happening until late September, but the vendor recently unveiled details of nearly 1,800 sessions planned for the event that on balance paint a comprehensive picture of what its customers, partners and competitors can expect.
Microsoft is coming out with new hardware and cloud management features for its StorSimple hybrid storage offering that promises lower costs and better data protection.
Amazon Web Services is offering a new document sharing service with management and security features designed to appeal to businesses.
LinkedIn is trying again to build a service on mobile that helps keep people in touch, even when they're not actively job hunting.
A new GitHub repo is collecting the life lessons that one can learn from programming