Valleywag
Captcha codes are designed to be unreadable by computers, only by humans, so they can be used to lock spambots out of websites. But Google and Websense have determined, by analyzing traffic patterns, that captcha codes are being cracked nightly — not by machines, but by third-world employees. Brad Stone at the New York Times blogs that one Russian-language set of instructions for captcha-cracking promises a minimum $3 per day for the work.
Captcha codes being broken by hand in Russia
Read More:
4:20 PM on Thu Mar 13 2008
By Paul Boutin
1,189 views
14 comments
Comments
That's how I bought my Jag.
Righteous bucks
It should be a secret (shhhhh), but it is not that hard for sites to prohibit entire blocks of spam-spewing IP addresses which are registered and originate in spam-spewing countries such as China or Russia.
@MalcoveMagnesia: Actually, it is hard. Both organizationally as well as technically. Many people find the practice smacks of racist overtones, and belive that such exclusion is either unfair or more pragmatically interferes with business operations (Chinese manufacturing partners, etc). Technically, there is some tenuous correlation between IP allocations and geographic regions, but these can be incorrect for a huge number of regions.
I used to work at a company that operated one of the 'root' domain name servers, and our office IP space happened to be assigned from RIPE, the organization that usually oversaw allocations for the EU region. Countless websites who like you thought it was "not that hard" decided that I was obviously in England, when I was actually in Redwood City.
This is the kind of innovation that only the third world can deliver. It'll be sad to see them advance.
Technically, Russia isn't Third World. The US and the Soviets were, IIRC, the first two "Worlds."
Can't resist:
Top 10 Worst Captchas
johnmwillis.com/other/top-10-worst-captchas/
[ha.ckers.org]
(check out the bidding in the comments)
via waxy.org
This has been going on for quite some time now and you cannot really stop it via IP address restrictions.
For example:
1. Screenscrape (usually via cURL or such) an account creation webpage or other form submission webpage using a respectable IP address.
2. Capture the captcha image, and then immediatlely present the image for "solving" via another webpage (or a [third world country] employee "admin" front-end).
3. Submit the original webpage form with the "solution" in a timely manner (i.e. usually before session expiration...thusly why shorter sessions are a good thing).
Many have done it as such above - having unknowing end users solve their captchas for them (i.e. they think they are solving a captcha for site A but in reality they are solving it for site B as an added step to site A's registration or what now).
Many others have just farmed it out to third world folks as in the original article (using the employee "admin" front-end).
-Harry Wang
Step 3 above should read "Submit the original webpage form with the "solution" in an automated and timely manner..."
BS. $3/day in Russia cannot afford living anymore. Take a look at prices and salaries there.
As soon as captchas began to be used years ago, porn-for-solve schemes were immediately predicted. Heck, I could probably automate this all with that Amazon Magic Donkey or whatever they call their piecework micropayment dealie.
Wow. You didn't know that? What about the "Free porn for breaking captchas" thing? You knew that, right?
As i read in an early post about it, I'm not sure that the captcha is a good defence against bots.
Start a discussion:
Login with your username and password below. Or comment on this post via email.
Forgot your username or password? New User?