Top 10 Worst CAPTCHAs (humor)

OnThePike · 2011-08-13 12:12 am

zaphod wrote:

Yeah, that's alot like the captcha that I wrote, because it engages a part of the human mind to see the actual data. It cannot be directly interpreted. Might actually work. Just don't forget the Chinese Probrem. Zap

One of the things about this idea is there's no "right way" to list the numbers. Whatever sounds good, no matter the length, that's necessary to get the number across. So it's not easily logged as a single image representing data because everyone can write it their own way.

You might like FAW, I might like FouAh and someone else might like FoRe and so on. Any way you look at it, it's 4.

Wizzle · 2011-08-13 1:34 am

And also it would make it almost impossible, at least not feasible, to write code to crack it.
Personally I like fhore hornered zebenty sax

OnThePike · 2011-08-13 3:20 am

That's exactly my point. You can spell numbers anyway you wish, within the realm or reason and still have a human figure it out, while a bot, at this time (I believe), isn't capable of solving what amounts to a variable mathematical expression. Take it a step further and you have a variable mathematical expression, then equation, if the numbers are to be computed in some way for a final answer.

Should I run to the Patent Office?

Katana · 2011-08-13 3:25 am

OnThePike wrote:

That's exactly my point. You can spell numbers anyway you wish, within the realm or reason and still have a human figure it out, while a bot, at this time (I believe), isn't capable of solving what amounts to a variable mathematical expression. Take it a step further and you have a variable mathematical expression, then equation, if the numbers are to be computed in some way for a final answer.
Should I run to the Patent Office?

All it would take is a markov chain generator; if applied widely, it'll be smashed wide open in no time.

Honestly, the best anti-bot method is a challenge-response system. You can register, but you don't have auths until you answer to the anti-bot challenge (which would be something like a direct PM from a moderator). The more manual the process is, the harder it will be for the spammers to defeat.

OnThePike · 2011-08-13 3:42 am

Obsidian wrote:

All it would take is a markov chain generator; if applied widely, it'll be smashed wide open in no time.

I can't agree or disagree with you, because I know nothing about your solution. I don't understand it. But I do like to know when an idea won't work and why.

Write the code that will crack it. I'll print it out and take it to a friend of mine; a nuclear physicist at Brookhaven National Laboratory, formerly Shoreham Nuclear Power Plant and see what he thinks. I don't know that he himself will know (or even understand), but I am sure he can pass it along to someone who does. I took a look at the "Markov chain generator" you mentioned, and honestly, couldn't understand it at all.

I'll let my friend explain it to me in layman terms.

Thanks!

Alex Kemp · 2011-08-13 3:53 am

zaphod wrote:

See: http://www.mrc-cbu.cam.ac.uk/people/mat … Cmabrigde/
Which states:
mrc-cbu.cam wrote:
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

Man, that's astonishing. Best thing I've seen for ages.

Wizzle · 2011-08-13 4:37 am

markov chain generator??
You're giving these dickweeds waaaay to much credit. LOL!
Seriously though, any system that is adapted on a wide scale will be cracked. A spammers ROI depends on it being cracked.
That is the problem with all forums/blogs/guestbooks/CMS..... they pretty much have to include "some" type of anti-spam system.
But, IF they could make the system have several layers, CAPTCHA, Q&A, what have you, that are forward facing plus ones that are not, timers, hidden fields, anti-spam database checks, spoofing yada yada, and make every one an "option" it would make it much more difficult for bots to get through.

Even though almost all of them could be bypassed, a bot would have to assume that entire suite of defenses was in use on every site and would slow registering/posting to a crawl. There goes the ROI.

Shoot, even if the authors would code in a simple anti-spam database check and turn it on by default.. it would make a heck of a difference.
I'm sure the Big Dogs *cough* SFS *cough* would be happy to work out a deal for a default API key they could use in their software. For a small monthly/yearly fee of course.

heenan73 · 2011-08-13 8:27 am

OnThePike wrote:

"Enter the numbers represented below in pairs, separated by a space:"

zaphod wrote:

Just don't forget the Chinese Plobrem.

No worries - if they get the numbers wrong, substitute a large boiled rice for the main course - three failed logins, and they'll explode.

Maikuolan · 2011-08-13 8:45 am

There's ways around that, too. I probably wouldn't do this because of the sheer level of work involved, but, in theory, you could always just have a different set of questions depending on what language the end user speaks, make a fair guess on their language based on country of origin and couple that with a basic option to switch between languages, thus, presenting questions that don't confuse based on language.

An example of where this could work with Chinese: The word for "Dead" ( 死 / Sǐ ) and the word for "Four" ( 四 / Sì ) are approximate to one another, and could be used for a Chinese CAPTCHA in the same way that we're talking about using "Fawr/Fhore/Fhahw" and etcetera. Plenty of others, too.

I reckon this could definitely work. But like I said, too much work for me to personally want to do the required research to make it work multilingually.

Alex Kemp · 2011-08-13 9:46 pm

Maikuolan wrote:

... depending on what language the end user speaks

You use the Content-Language Request header.

A quick plug for Conteg; easy setting Response headers for PHP.

Gaieus · 2011-08-14 6:26 pm

zaphod wrote:

Wonder if the mind isn't geared towards English, if simple middle scrambling would throw most spammers.
See: http://www.mrc-cbu.cam.ac.uk/people/mat … Cmabrigde/
Which states:
mrc-cbu.cam wrote:
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.
How many native English speakers could read that mess? How many of you users who don't speak english as a first language could read that mess?
I would almost bet a captcha based on that, for an English only site (with an e-mail bypass registration link) would stop the russians, indians, chinese, and other spammers cold.
Zap

Well, I could read that with (almost) no issues even in speed but I wonder who could do this with a text in Hungarian where a noun can have some 1200 different forms (with all the prefixes and suffixes attached right after each other)?

Certainly they were English speaking researchers...

_______

Edit: Hehe... There is indeed a Hungarian version and I did have issues!

Last edited by Gaieus (2011-08-14 6:28 pm)

lyndonaus · 2011-08-15 12:27 am

I would have no hope with Hungarian, whether it was scrambled or not but with the English, I have no problem whatsoever, either with meaning or speed. Gawd, what does that say about my brain? LOL

heenan73 · 2011-08-15 10:54 am

Looks like it would be ideal for forums whose language is English, and where most spammers are not English speaking.

It would be interesting to know how well it works for people who use English as a second language - my guess is that they'd find it tougher.

BTW, just checked another phpBB forum where we introduced keycaptcha a couple of months ago.

Spam posts=0
Registrations down by 95% - not one complaint, but I can't deny it's entirely possible (if a tad unlikely) that many genuine members tried and failed to register - no emails.

Registrations from China=0 - this is significant, because the forum used to get about 100/month, all spammers.

Last edited by heenan73 (2011-08-15 11:04 am)

spamsplatter · 2011-08-25 8:46 pm

What does CAPTCHA stand for?

Does it mean

Can't Anymore Prevent The Creation of Hellacious Accounts ?

Last edited by spamsplatter (2011-08-25 8:49 pm)

Katana · 2011-08-25 9:03 pm

http://en.wikipedia.org/wiki/Captcha

The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".

The problem is, a completely automated Turing test is destined to fail. Any automated system can only be pseudorandom, which limits the range of possible answers/choices and provides a window of opportunity for the Turing test to be broken.

also see: http://en.wikipedia.org/wiki/Pseudorandomness

zaphod · 2011-08-25 9:42 pm

And I've seen several people fail their turing tests too.

Just try to talk to me before I guzzle Mtn. Dew, or Coffee.

Zap

spamsplatter · 2011-08-25 9:51 pm

Obsidian wrote:

http://en.wikipedia.org/wiki/Captcha
The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".
The problem is, a completely automated Turing test is destined to fail. Any automated system can only be pseudorandom, which limits the range of possible answers/choices and provides a window of opportunity for the Turing test to be broken.
also see: http://en.wikipedia.org/wiki/Pseudorandomness

Usually if I good up a CAPTCHA, it makes me do another new one.

How would a spamming device be able to get it on the first try?

Psudeorandom or not, it should be taking hours, not less than a minute, to get it right.

What I thought it was doing was trying to read the binary for the image and somehow knowing what to put.

Katana · 2011-08-25 9:57 pm

How do you think Google transcribes old books and makes them searchable online? They don't have a bunch of people reading and typing them up; they use Optical character recognition software.
Along with advancements in speech-to-text software, we're inadvertently aiding spammers in cracking CAPTCHAs, for the sake of accessibility and easy communication.

Tedd3000 · 2011-08-25 10:29 pm

Gaieus wrote:

Certainly they were English speaking researchers...

hmmm thats strange, different Countrys, different Researchers but the same Text.
seen the same written in German from a Uni. over here.

WindsorFox · 2011-08-26 12:29 am

Obsidian wrote:

How do you think Google transcribes old books and makes them searchable online? They don't have a bunch of people reading and typing them up; they use Optical character recognition software.
Along with advancements in speech-to-text software, we're inadvertently aiding spammers in cracking CAPTCHAs, for the sake of accessibility and easy communication.

Well I must say as a user of Google Voice, the speech to text tech is not nearly as good as the text to speech if what they use is representative.

spamsplatter · 2011-08-26 1:28 am

I still think

Can't Anymore Prevent The Creation of Hellacious Accounts

is pretty funny.

I'm wondering, is there a website where you can add their homepages so that their homepage gets blacklisted so that their SEO schemes will backfire?

Like

spampagelistings.com

or something.

Right now I'm going to reset every spammer's birthday to April 1st.

Ha ha ha!

Last edited by spamsplatter (2011-08-26 1:49 am)

heenan73 · 2011-08-26 9:43 am

Obsidian wrote:

The problem is, a completely automated Turing test is destined to fail. Any automated system can only be pseudorandom, which limits the range of possible answers/choices and provides a window of opportunity for the Turing test to be broken.

Everything is destined to fail. Ask any engineer; it's a given. And as no-one can accurately predict the future, all you can do is the best you can, in the full knowledge you'll have to make adjustments - or redesign - at some point. Simples.

Which is why CAPTCHAS are a very effective defense (when you use the latest types, of course), and exclude a tiny number of people - mostly those with irrational fears - who can be catered for by a simple email address.

Sure, they can be broken - immediately by a human operative who is paid to do so, and eventually by technology. The human can be slowed - even stopped, for a while - by introducing cultural or linguistic aspects, technology can be kept at bay by frequent updates and developments.

It's called a dynamic. It's not new. Once you accept that there won't ever be a nice, safe equilibrium in security matters, you're on the road to coping. Good Luck!

Last edited by heenan73 (2011-08-26 9:44 am)

beko · 2011-08-26 10:21 am

zaphod wrote:

Wonder if the mind isn't geared towards English, if simple middle scrambling would throw most spammers.
See: http://www.mrc-cbu.cam.ac.uk/people/mat … Cmabrigde/
Which states:
mrc-cbu.cam wrote:
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.
How many native English speakers could read that mess? How many of you users who don't speak english as a first language could read that mess?

Wow this is amazing. I could A little bit slower than usual but without problems.

Tonttu · 2011-11-02 10:07 am

Keycaptcha critique:
http://keycaptchaured.wordpress.com/2011/09/09/113/

It is like in any scam scheme: first, a victim is enticed by an irresistible offer of absolutely free of charge novel (“first”, “innovative”, “sexy”. “unique”, etc.) miracle or easy way to earn money (including interesting job offer like it was for me by KeyCAPTCHA.com). Then you are trapped by a sneaky change in conditions of bargain (employment)… Accordingly, first, KeyCAPTCHA.com filled the internet with ads of its first absolutely free of charge (“unique”, “novel”, “innovative”, “unbreakable”) anti-spam miracle. It was not only without any advertising but even buyers of commercial fee-based KeyCAPTCHA service were initially prohibited to create CAPTCHAs with any advertising. Then, in the beginning of August, 2011, after bloggers started to write about and webmasters with sysadmins to advise each other this miracle en masse, KeyCAPTCHA.com changed its ToS converting KeyCAPTCHA from antispam captcha into spam platform.

KeyCAPTCHA · 2011-11-03 4:34 am

Dear visitors,

Here are variants of using KeyCAPTCHA:
1. You earn money by using KeyCAPTCHA. In this case we pay you for ads in KeyCAPTCHA on your website.
2. You pay us for personal CAPTCHAs. In this case you can use your own images to create your own CAPTCHAs (containing your or third-party advertisement or without any ads) which will be displayed on your websites.
3. Combination of 1 and 2.
4. Free KeyCAPTCHA. In this case you don't earn money and you don't pay us. If you choose this way, we will display our standard CAPTCHAs (without any ads) on your websites.

This info is also available at https://www.keycaptcha.com/whatisit/?s=forwm-variants

Please be careful with author of the blog above. He attacks our service by publishing his lie over the Internet.
Twitter blocked his 5 accounts at least. For example: https://twitter.com/keycaptcha_ured

Best regards,
KeyCAPTCHA Team

#26 2011-08-13 12:12 am

Re: Top 10 Worst CAPTCHAs (humor)

#27 2011-08-13 1:34 am

Re: Top 10 Worst CAPTCHAs (humor)

#28 2011-08-13 3:20 am

Re: Top 10 Worst CAPTCHAs (humor)

#29 2011-08-13 3:25 am

Re: Top 10 Worst CAPTCHAs (humor)

#30 2011-08-13 3:42 am

Re: Top 10 Worst CAPTCHAs (humor)

#31 2011-08-13 3:53 am

Re: Top 10 Worst CAPTCHAs (humor)

#32 2011-08-13 4:37 am

Re: Top 10 Worst CAPTCHAs (humor)

#33 2011-08-13 8:27 am

Re: Top 10 Worst CAPTCHAs (humor)

#34 2011-08-13 8:45 am

Re: Top 10 Worst CAPTCHAs (humor)

#35 2011-08-13 9:46 pm

Re: Top 10 Worst CAPTCHAs (humor)

#36 2011-08-14 6:26 pm

Re: Top 10 Worst CAPTCHAs (humor)

#37 2011-08-15 12:27 am

Re: Top 10 Worst CAPTCHAs (humor)

#38 2011-08-15 10:54 am

Re: Top 10 Worst CAPTCHAs (humor)

#39 2011-08-25 8:46 pm

Re: Top 10 Worst CAPTCHAs (humor)

#40 2011-08-25 9:03 pm

Re: Top 10 Worst CAPTCHAs (humor)

#41 2011-08-25 9:42 pm

Re: Top 10 Worst CAPTCHAs (humor)

#42 2011-08-25 9:51 pm

Re: Top 10 Worst CAPTCHAs (humor)

#43 2011-08-25 9:57 pm

Re: Top 10 Worst CAPTCHAs (humor)

#44 2011-08-25 10:29 pm

Re: Top 10 Worst CAPTCHAs (humor)

#45 2011-08-26 12:29 am

Re: Top 10 Worst CAPTCHAs (humor)

#46 2011-08-26 1:28 am

Re: Top 10 Worst CAPTCHAs (humor)

#47 2011-08-26 9:43 am

Re: Top 10 Worst CAPTCHAs (humor)

#48 2011-08-26 10:21 am

Re: Top 10 Worst CAPTCHAs (humor)

#49 2011-11-02 10:07 am

Re: Top 10 Worst CAPTCHAs (humor)

#50 2011-11-03 4:34 am

Re: Top 10 Worst CAPTCHAs (humor)

Board footer