Top 10 Worst CAPTCHAs (humor)

MtnVision · 2011-08-11 2:03 am

Top 10 Worst CAPTCHAs

CAPTCHA: Completely Automated Public Turing Test To Tell Computers and Humans Apart
CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the ones shown below, but current computer programs can't:

The bad CAPTCHAs - from bad to worst:

# 10
2268237751_cb28e72329.jpg?v=0

# 9
2269029094_8d22cfa2a3.jpg?v=0

#8
2268237607_99ff9edc5d.jpg?v=0

#7
2268237679_4bef97f9b0.jpg?v=0

#6
2268237733_cda4a1dbb3.jpg?v=0

#5
2268237703_6c1e503b3a.jpg?v=0

#4
2269029074_290d7ea48a.jpg?v=0

#3
2269029028_acb1c52622.jpg?v=0

#2
2268237663_f7b8775f4a.jpg?v=0

And the #1 Worst CAPTCHA is:
2269029198_e0ccaa7824.jpg?v=0

I think it is interesting that the worst CAPTCHA is the one that just "doesn't work"!

Last edited by MtnVision (2017-03-31 3:51 am)

Katana · 2011-08-11 2:16 am

#6 is also a troll-filter if you think about it. Keeps the 4chan morons out.

Alex Kemp · 2011-08-11 2:17 am

Very good indeed. #6 had me laughing out loud.

(bugger. Obsidian just beat me to first reply)

Last edited by Alex Kemp (2011-08-11 2:18 am)

OnThePike · 2011-08-11 2:39 am

Here's #6.

Katana · 2011-08-11 3:02 am

Also available for phpBB: http://www.phpbb.com/customise/db/mod/c … ha_plugin/

Maikuolan · 2011-08-11 3:18 am

#9 is.. Fail. #8 is just confusing. #4, #5 and #7, I can't even read, and #7 just looks like what happens when you stick a three year old in front of MSPaint. #3 looks like the sort of CAPTCHA Dr Suess would use if he were a webdesigner. And #6.. Oh god, that things scares the crap out of me... >.x

Thanks for sharing!

OnThePike · 2011-08-11 3:49 am

Obsidian wrote:

Also available for phpBB: http://www.phpbb.com/customise/db/mod/c … ha_plugin/

I don't have any members as it is! If I installed that, I might as well close up shop!

Zangano · 2011-08-11 7:50 am

This brightened up my morning. Thanks.

I suppose CAPTCHAs are helpful for keeping some of the bad guys out, but I loathe them personally. I'm sure some of them can only be read by a computer. Reminds me of the latest xkcd cartoon about passwords: http://xkcd.com/936/

heenan73 · 2011-08-11 8:23 am

I can't see a problem with #8 - maybe the key is a bit bunched, but it's perfectly logical and legible - but very easy to mess up if you hurry it (so don't hurry it!).

Do you really want to make it so easy that the "8 cents a time" guy gets rich, and xrumer fills our forums?

I don't *like* captchas, but for those who don't have the access to the best defenses, they are a Godsend - and it's really so easy to offer an alternative to those challenged by them or frightened of them ... at the very worst, just offer an image of an email address. It really isn't rocket science.

Katana · 2011-08-11 12:06 pm

Anymore, captchas don't work to begin with. Advancements in OCR technology end up backfiring on us.

heenan73 · 2011-08-11 12:22 pm

Obsidian wrote:

Anymore, captchas don't work to begin with.

Sorry, but that's simply not true.

The number of spammers registering on two forums I work with both dropped by over 90% when we introduced recaptcha, and spam posts by 99%.

Sure the crudest systems are written into xrumer these days, and many spammers use the '8c per login' services from mostly Asian 'SEOs' - but it's way premature to write off the whole thing; as the scum advance, so capchtas advance too.

Eventually, of course, we'll need new weapons. But don't write off the bow and arrow just because one guy used a shield effectively. Just start work on a nuclear arrow

Maikuolan · 2011-08-11 3:37 pm

Obsidian wrote:

Anymore, captchas don't work to begin with. Advancements in OCR technology end up backfiring on us.

Not entirely true. I'd suggest that *those* CAPTCHAs, perhaps, are not the best choices available. However, I built one for myself ground up for my CMS which has thus far worked perfectly. Not a single spambot registration whatsoever, and my statistics report that for the past year alone, I've had 4,424 failed CAPTCHA attempts, which equals an average of 13 failed CAPTCHA attempts per day. Seeing as in the entire time I've been using it, I haven't had a single member complain about the CAPTCHA, their not being able to read it or the likes, and haven't received any complaints regarding registrations (and that my log files indicate that almost every one of those failed attempts have been by "users" attempting to register with things like 'cialis' and 'viagra' in their usernames), though one can never be absolutely certain about these things, I feel it's fairly safe to say that equates to nearly 4,424 prevented spambot registrations. ^.^

Build them properly and they'll work.

OnThePike · 2011-08-11 3:49 pm

Maikuolan wrote:

I built one for myself [..]

What I like about your registration process is how little information you require during sign-up. Although I didn't see a "reload image" prompt (may have just missed it), it's a trivial process to simply reload the registration page and refresh the image. I was able to read 8 of 10 images very clearly. One I found too obscure. One I may have been able to figure out, but didn't feel the need.

Personally, I've switched to Q & A. But I also use ZBBlock and the ASACP, so registrations by spambots are very few and very far between, if at all.

Katana · 2011-08-11 4:00 pm

I'm sticking to my guns here; as is obvious with a system like SFS, CAPTCHAs do not work. OCR technology advancements, again, screw us all over, and then when a good solution takes off, it becomes a high priority target (i.e. recaptcha).

If your site grows to the point where you desperately need an antibot solution (let's say it's a huge community, to the scale of something like ubuntuforums et al) you'll have bastards targeting any custom solutions you put up.

Not to mention, it only sifts out the human/automated component of black-hat marketing. It only can do half the job; the rest must be done by a human.

No matter how much you work on a CAPTCHA, it cannot and will not stop everything (which is to be expected; a perfect turing test is nigh impossible to implement on a large scale).

Oh, and...

http://i54.tinypic.com/atua0.jpg

http://i55.tinypic.com/2m4rdk1.jpg

screw you recaptcha.

Maikuolan · 2011-08-11 4:32 pm

@OnThePike:

Thanks for the feedback!

You are correct, actually - I don't have a reload button at the moment. I did originally have one, but ended up removing it because of a rather unusual bug that I never quite managed to solve - Manually reloading the image is fine, as is refreshing the page, but for reasons I don't know (I thoroughly looked through everything I could think of), if it's reloaded via JavaScript, AJAX, iframe, or asynchronously, it seems to want to -continually- refresh until you hit the stop button, instead of just refreshing once. Thought it might've been the image expiry or something at first, but was told that it shouldn't be a problem, but can't see anything else that would cause it either, so ended giving up on that one. But, I'm detracting from topic, so I'll leave my sorrows at that.

I haven't honestly looked too carefully into ZBBlock and the ASACP, but I'll Google it and look further into it later tonight.

@Obsidian:

You've got a good point. In my case, my communities have never gotten particular large, and I don't currently drive the sort of traffic that would really make specifically targeting my websites particularly viable or worthwhile for anyone serious about this sort of stuff. That being said, for those in mine and similar situations, I think CAPTCHAs are definitely a worthwhile solution. But you are right - In the end, for every measure placed, there's a way to get around it, thus goes the continual game of cat and mouse between security and anti-security, spambot and anti-bot, and thus, for both sides of the saga, the human is never truly redundant. OCR advancements are continuous, and indeed, the higher the priority something becomes, the more it is targeted, and thus, the quicker it becomes redundant.

For the time being, I feel rather confident in my CAPTCHA. But that being said, I wouldn't implement anything on any of my websites without running thorough tests beforehand, and I did, actually, find ways to automatically work it out pretty quickly - I'm just hoping that being the developer of what I'm trying to get around gives me a bit of an advantage over others trying to get around it, but I don't know. I have no doubts that if any of my websites ever become popular (extremely unlikely that they would, but hey, for sake of discussion), that things would turn sour pretty quickly.

..Number #6 still freaks me out a little. I don't think I'd ever *want* to register to a community with a CAPTCHA like that. My math isn't quite on that level, and I'm not entirely sure how to even interpret that equation - While I'm sure I could Google it, even if I did, and thus, registered, I'd likely be constantly worrying about unintentionally writing something stupid that reveals my true and rather ordinary level of intelligence, resulting in some obscure form of belittling, most likely in some mathematical form that I wouldn't understand even if I saw it. XD

I thought ReCaptcha was a pretty good idea when I first saw it, but never ended up using it, mostly, because of my own neurosis regarding the actual transfer of the CAPTCHA verification between two servers and the unlikely and possibly impossible possibility of spoofing of that data.. That, and more simply put, I reckon that if you're going to use a CAPTCHA, and it's possible to host it yourself, that hosting it yourself is a better way to go. Though I can understand the benefits of using a service which hasn't released the source code for their service.

heenan73 · 2011-08-11 5:11 pm

Obsidian wrote:

I'm sticking to my guns here; as is obvious with a system like SFS, CAPTCHAs do not work.

Well, you have a right to be deluded, and I respect that right. But it's a shame you seek to translate a personal preference into a statement of fact.

This is the last place I'd expected to see defeatist talk, especially when the defeatism is against almost all the evidence.

Of course captchas aren't perfect; no defence is or can be.

Of course it is - and always will be - an arms race against the scumbag community.

But to suggest captchas 'don't work' is simply balderdash.

The only evidence you've cited against them is the existence of SFS, which is ridiculous, as you don't know how many members' forums use captcha, or what type, and you don't know their own statistics for its use when they do. For all I know (and its unlikely), every member except me hates captcha and doesn't use it, because they, too have an irrational hatred of it. Luckily, I can tell the difference between theoretical possibilities and the real world.

If you don't like captcha, that's absotootally fine. But I don't think that gives you the right to talk rubbish about it.

Sorry to be so stroppy, but I think SFS is too important for members to be misinformed this way.

Alex Kemp · 2011-08-11 5:42 pm

A webmaster's decision to use / not use CAPTCHA is bound to be influenced by personal reaction and, in a knife-edge decision, tipped by it.

CAPTCHA on a website makes me grit my teeth. I *really* need to register before even considering to go ahead. Of course, for some webmasters that alone will be a good reason to use it.

zaphod · 2011-08-11 6:12 pm

Variant 1 of this captcha, http://www.spambotsecurity.com/casper.php , was never cracked.

But many people would get too near thier monitors, or not have good enough vision to see it.

For me, it's easy.

Even variant 2.

But, I quit once ZB Block took off.

Zap

insektenfang · 2011-08-11 7:02 pm

Glad you quit development Zap. That one is not only bot-proof, but user-proof as well!!!

It might also induce epileptic fits!

Last edited by insektenfang (2011-08-11 7:02 pm)

spamsplatter · 2011-08-11 9:36 pm

OnThePike wrote:

Here's #6.

28 cos(7x - PI/2)
for x = 0;

= 28 cos(-PI/2) = 28 * 0 = 0;

Also, try to make it ask you to divide by 0.

Another idea would be to make a new custom profile field and make you fill it in with say

"Bob" or something or else it won't let you register.

The computer can't read that part that tells the human users to write that there, can it?

Last edited by spamsplatter (2011-08-11 9:44 pm)

CS3Regina · 2011-08-12 5:30 pm

I'm laughing my rear off at #6. I have a simple equation on my site, one of those what is the sum of a number and a Roman numeral. The other day someone sent me an e-mail, said they were an "average college student" and that my problem was impossible to solve. Of course perhaps if I had a problem like that, they would have been able to solve it. LOL I'm sure it would stop about ninety percent of the registrations I get, though.

Apparently Captchas are a YMMV thing. Mine didn't do anything at all to slow down spam-bots. SFS caught many of them, but I really saw the difference after adding the registration question. I think a few get by because once in a while I see an account that was registered and activated in only a minute and I know it takes longer than that to register on my forum. Since the registration question, though, the only spam has been by human hands, and very little at that, which has been wonderful. I had over three weeks without a single spammer.

WindsorFox · 2011-08-12 6:06 pm

heenan73 wrote:

Obsidian wrote:
I'm sticking to my guns here; as is obvious with a system like SFS, CAPTCHAs do not work.
Well, you have a right to be deluded, and I respect that right. But it's a shame you seek to translate a personal preference into a statement of fact.
Sorry to be so stroppy, but I think SFS is too important for members to be misinformed this way.

Horse hockey. Case in point, Google. It's broke, period.

zaphod · 2011-08-12 11:05 pm

Wonder if the mind isn't geared towards English, if simple middle scrambling would throw most spammers.

See: http://www.mrc-cbu.cam.ac.uk/people/mat … Cmabrigde/

Which states:

mrc-cbu.cam wrote:

Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

How many native English speakers could read that mess? How many of you users who don't speak english as a first language could read that mess?

I would almost bet a captcha based on that, for an English only site (with an e-mail bypass registration link) would stop the russians, indians, chinese, and other spammers cold.

Zap

OnThePike · 2011-08-12 11:52 pm

I had thought of something similar using slang and/or phonetic obscurity of expressed/implied numbers to be interpreted back as sets of numerical digits. Such as: "Enter the numbers represented below in pairs, separated by a space:"

fautee faww
atee ate
turdee sephen

And so on. Or to get more complex, just write out a few of these and add them up. Enter a single number into the box.

What do you think? Even an image Captcha that includes the above, but then has to be mathematically converted might prove more challenging for a bot. Since we're not looking for the actual text, but instead, the implied mathematical sum (or whatever).

zaphod · 2011-08-13 12:01 am

Yeah, that's alot like the captcha that I wrote, because it engages a part of the human mind to see the actual data. It cannot be directly interpreted.

Might actually work.

Just don't forget the Chinese Probrem.

Zap

#1 2011-08-11 2:03 am

Top 10 Worst CAPTCHAs (humor)

#2 2011-08-11 2:16 am

Re: Top 10 Worst CAPTCHAs (humor)

#3 2011-08-11 2:17 am

Re: Top 10 Worst CAPTCHAs (humor)

#4 2011-08-11 2:39 am

Re: Top 10 Worst CAPTCHAs (humor)

#5 2011-08-11 3:02 am

Re: Top 10 Worst CAPTCHAs (humor)

#6 2011-08-11 3:18 am

Re: Top 10 Worst CAPTCHAs (humor)

#7 2011-08-11 3:49 am

Re: Top 10 Worst CAPTCHAs (humor)

#8 2011-08-11 7:50 am

Re: Top 10 Worst CAPTCHAs (humor)

#9 2011-08-11 8:23 am

Re: Top 10 Worst CAPTCHAs (humor)

#10 2011-08-11 12:06 pm

Re: Top 10 Worst CAPTCHAs (humor)

#11 2011-08-11 12:22 pm

Re: Top 10 Worst CAPTCHAs (humor)

#12 2011-08-11 3:37 pm

Re: Top 10 Worst CAPTCHAs (humor)

#13 2011-08-11 3:49 pm

Re: Top 10 Worst CAPTCHAs (humor)

#14 2011-08-11 4:00 pm

Re: Top 10 Worst CAPTCHAs (humor)

#15 2011-08-11 4:32 pm

Re: Top 10 Worst CAPTCHAs (humor)

#16 2011-08-11 5:11 pm

Re: Top 10 Worst CAPTCHAs (humor)

#17 2011-08-11 5:42 pm

Re: Top 10 Worst CAPTCHAs (humor)

#18 2011-08-11 6:12 pm

Re: Top 10 Worst CAPTCHAs (humor)

#19 2011-08-11 7:02 pm

Re: Top 10 Worst CAPTCHAs (humor)

#20 2011-08-11 9:36 pm

Re: Top 10 Worst CAPTCHAs (humor)

#21 2011-08-12 5:30 pm

Re: Top 10 Worst CAPTCHAs (humor)

#22 2011-08-12 6:06 pm

Re: Top 10 Worst CAPTCHAs (humor)

#23 2011-08-12 11:05 pm

Re: Top 10 Worst CAPTCHAs (humor)

#24 2011-08-12 11:52 pm

Re: Top 10 Worst CAPTCHAs (humor)

#25 2011-08-13 12:01 am

Re: Top 10 Worst CAPTCHAs (humor)

Board footer