- Posts: 8
COMMUNITY FORUM
So, apparently reCAPTCHA has been cracked...
- Duane Allam
- Topic Author
- Offline
- New Member
Less
More
13 years 7 months ago #94604
by Duane Allam
So, apparently reCAPTCHA has been cracked... was created by Duane Allam
One of my client sites just noticed a bunch of spam comments in their articles, which concerns me as they have reCAPTCHA enabled.
I found this article claiming that reCAPTCHA had been cracked but I'm taking it with a grain of salt as it is an internet artlice after all...
So I was wondering if any other developers or administrators out there have noticed anything similar? And how will the developers of K2 react to this. if reCAPTCHA truly has been broken...?
cheers,:Duane
I found this article claiming that reCAPTCHA had been cracked but I'm taking it with a grain of salt as it is an internet artlice after all...
So I was wondering if any other developers or administrators out there have noticed anything similar? And how will the developers of K2 react to this. if reCAPTCHA truly has been broken...?
cheers,:Duane
Please Log in or Create an account to join the conversation.
- Terry Britton
- Offline
- Elite Member
Less
More
- Posts: 198
13 years 7 months ago #94605
by Terry Britton
Replied by Terry Britton on topic So, apparently reCAPTCHA has been cracked...
There are several programs out there that will calculate the recaptcha phrase with about a 20% accuracy. This has been true for a while although the accuracy is improving. Recaptcha's weakness is that it uses words, hence it is easier to estimate what the correct answer is. Decaptcher.com, for example, will crack 1,000 recaptcha phrases for $2.
I always put in a form field and then hide it with css. The spambot will put something in the field and then I test to make sure the field is empty. This works even better if you label the field url or email or something similar. Eventually they'll get on to this, but for now it works. Also consider the fact that overseas labor is cheap and it might not have been a bot.
I always put in a form field and then hide it with css. The spambot will put something in the field and then I test to make sure the field is empty. This works even better if you label the field url or email or something similar. Eventually they'll get on to this, but for now it works. Also consider the fact that overseas labor is cheap and it might not have been a bot.
Please Log in or Create an account to join the conversation.
- Concerto Designs Inc.
- Offline
- Junior Member
Less
More
- Posts: 29
13 years 7 months ago #94606
by Concerto Designs Inc.
Replied by Concerto Designs Inc. on topic So, apparently reCAPTCHA has been cracked...
Terry:
Have you coded a conditional that checks the hidden field before allowing submit? I've used a similar plugin for Wordpress called invisible captcha (or something like that) - it would be great if we had that for K2 as well...
-Alan
Have you coded a conditional that checks the hidden field before allowing submit? I've used a similar plugin for Wordpress called invisible captcha (or something like that) - it would be great if we had that for K2 as well...
-Alan
Please Log in or Create an account to join the conversation.
- Duane Allam
- Topic Author
- Offline
- New Member
Less
More
- Posts: 8
13 years 7 months ago #94607
by Duane Allam
Replied by Duane Allam on topic So, apparently reCAPTCHA has been cracked...
@Terry: I've successfully used similar hidden field methods in the past in lieu of CAPTCHA. Haven't implemented anything for K2 yet though.
Are you able to employ your method without any core hacking? It would be ideal if we had a plugin that adds a field like you describe.
Are you able to employ your method without any core hacking? It would be ideal if we had a plugin that adds a field like you describe.
Please Log in or Create an account to join the conversation.
- Terry Britton
- Offline
- Elite Member
Less
More
- Posts: 198
13 years 7 months ago #94608
by Terry Britton
Replied by Terry Britton on topic So, apparently reCAPTCHA has been cracked...
@Duane, I haven't gotten far enough on my first project with k2 to implement the hidden field yet. I'll do it when I get closer to going live. But from what I've seen you would have to hack form.php to add the field and then check that it is empty.
@Alan, as mentioned above just hack form.php to add a field and then check that the field is empty. Form.php already does some conditinal checks on submit so just add it to that portion of the code.
@Alan, as mentioned above just hack form.php to add a field and then check that the field is empty. Form.php already does some conditinal checks on submit so just add it to that portion of the code.
Please Log in or Create an account to join the conversation.
- Concerto Designs Inc.
- Offline
- Junior Member
Less
More
- Posts: 29
13 years 7 months ago #94609
by Concerto Designs Inc.
Replied by Concerto Designs Inc. on topic So, apparently reCAPTCHA has been cracked...
@Terry@Duana
I'll give it a whirl and see how it turns out - if successful, I'll post mods here.
I'll give it a whirl and see how it turns out - if successful, I'll post mods here.
Please Log in or Create an account to join the conversation.
- Francis Darren
- Offline
- Senior Member
Less
More
- Posts: 55
13 years 5 months ago #94610
by Francis Darren
Replied by Francis Darren on topic So, apparently reCAPTCHA has been cracked...
i started receiving spam the last few days.
Please Log in or Create an account to join the conversation.
- Bas Boerman
- Offline
- New Member
Less
More
- Posts: 7
13 years 2 months ago #94611
by Bas Boerman
Replied by Bas Boerman on topic So, apparently reCAPTCHA has been cracked...
I'm having exactly the same problem! Did you found a solution?
Please Log in or Create an account to join the conversation.
- BBC
- Offline
- Platinum Member
Less
More
- Posts: 663
13 years 2 months ago #94612
by BBC
Replied by BBC on topic So, apparently reCAPTCHA has been cracked...
K2 should make some comments verification as SMF forum registration has.
reCaptcha is cracked (and every other known even faster), and i fought with spammers at my forum for weeks. Every day i had to delete at least 30 spammers account. (and many spam posts)
And then i made an experiment with a question and answer for registration. Simple question as tex "What is capital od France?" Answer is not case sensitive.
Imagine what happened ? Number of spammers drop to (0) Zero.
Same can use for K2 comments. Captcha and bebeath captcha some simple question.
That way at least you know you fight not automatised scripts.
reCaptcha is cracked (and every other known even faster), and i fought with spammers at my forum for weeks. Every day i had to delete at least 30 spammers account. (and many spam posts)
And then i made an experiment with a question and answer for registration. Simple question as tex "What is capital od France?" Answer is not case sensitive.
Imagine what happened ? Number of spammers drop to (0) Zero.
Same can use for K2 comments. Captcha and bebeath captcha some simple question.
That way at least you know you fight not automatised scripts.
Please Log in or Create an account to join the conversation.
- BBC
- Offline
- Platinum Member
Less
More
- Posts: 663
13 years 2 months ago #94613
by BBC
Replied by BBC on topic So, apparently reCAPTCHA has been cracked...
Sorry, case insensitive sholud be.
Please Log in or Create an account to join the conversation.