CAPTCHA farming

Posted by nik on November 21, 2006

Charles Arthur’s wondering why spam came through his CAPTCHA system, and concludes that people are probably being paid to sit there and fill out CAPTCHAs.

There are a couple of other possibilities. The first is that the CAPTCHA system he’s using might be compromised. Some OCR systems can be surprisingly effective on them.

The second is his CAPTCHAs are being reproduced on another site for humans to solve. The canonical example would be where a visitor to a porn site is shown a CAPTCHA and asked to solve it before they can, er, continue. Unbeknownst to them, however, the CAPTCHA is actually coming from Charles’ system, and the solution is then used to send him spam. This is “CAPTCHA farming”.

Searching for “CAPTCHA porn” turns up a number of stories about this over the past few years.

Share This

Trackbacks

Use this link to trackback from your own site.

Comments

Leave a response

  1. Charles Tue, 21 Nov 2006 18:26:27 PST

    Except, as I pointed out, the captcha appears to have been filled in in India - at least, that’s the IP address. Which makes me think it’s almost certainly a human.

    It could have been a fake, or an OCR, but I’ve also seen attempted (or real) registrations from .in in the past couple of days - so I’m sticking with my hypothesis for now.

  2. nik Tue, 21 Nov 2006 22:12:23 PST

    Oh, the CAPTCHA is almost certainly being entered by a human. I haven’t seen much that suggests that OCR is being seriously used by spammers yet (although it’s probably only a matter of time).

    The IP address shows that the computer that posted the CAPTCHA results to you is (almost certainly) in India. But that could easily just be a server that’s hosting the code, and the person typing in the CAPTCHA details could be elsewhere. For example, I’m typing this in the UK, but the computer it’s going to be posted to is in the US.

    Pretty tricky to tell one way or the other though.

  3. Charles Thu, 23 Nov 2006 23:04:03 PST

    Yerss…. though I also saw a number of user registrations from India, and the other day a *comprehensible* comment that was relevant to the topic from “paper shredders”. Based in Pakistan, apparently.

    (That one wasn’t captcha’d.)

    I think we could both be right - I’m watching a video from a Google session about captchas which does suggest the bouncing method you hinted at.

  4. mhe Wed, 07 Mar 2007 08:03:26 PST

    what about using www.captchasolver.com to solve hard captchas?

Comments


Close
E-mail It