r
rcook12
Jan 10, 2012

How do spam bots make it past CAPTCHA to post their wares?

I know there is software out there that is intended to defeat CAPTCHAs, but it doesn't work well on a lot of CAPTCHA systems and we still get automated account creation and spam. Is it really worth their time to solve all those CAPTCHAs just to post an offer for knock-off jewelry or fake brand name shoes?  

b
becker
01/11/2012

 

There are companies out there that have PEOPLE solving all those CAPTCHAs for basically nothing.  For example, KolotiBablo is one company that exists for just for spammers, and offers CAPTCHA solving at low, low prices.  For ~$0.75 per thousand CAPTCHAs solved, they will have some poor sod in Pakistan, China, Vietnam, etc. sit around all day typing in solutions for a couple of dollars per day.  Having actual people doing the work makes the solution rate higher than programs that read CAPTCHAs, and the cost is low enough to keep CAPTCHAs from really discouraging spammers.  

 

I ran across an interesting article on this subject recently.  I had never thought about digital sweatshops before, but that's a pretty apt description of how all those CAPTCHAs get solved.

https://krebsonsecurity.com/2012/01/virtual-sweatshops-defeat-bot-or-not...

 

jimlynch
01/10/2012
It depends on the software in question. For example, some message board software such as VBulletin get tons and tons of spammers. Why? VBulletin is widely used so there are scripts that make it easy for spammers to continually register and automatically post in those kinds of forums.

This works for blogs, CMS software, etc. too.

One way I've found around it is to use more niche software. For my own discussion forums I use Beehive. It's free and open source. Very few forums use it (it's frames based forum software) so there really is nobody making scripts to register and post spam messages. I think we've gotten about two spammers the whole time we've been running it. We actually welcome them since clearly they took the time to register and spam us. We're spam worthy! Woohoo! ;)

At one point I tried VBulletin and it was a spam nightmare. I fled back to Beehive.

So anyway, the more popular a software package is the better the chances are of it being constantly spammed via script spammers. If you need software it's sometimes better to go off the beaten path.

You can snag Beehive here: http://sourceforge.net/projects/beehiveforum/ You can get support at the developers forum: http://www.tehforum.co.uk/forum/index.php?
Answer this