[wp-hackers] Anti spam idea

David Chait davebytes at comcast.net
Thu Nov 18 16:02:36 UTC 2004 

The recognition can be done -- they've proven over 90% hit on the 'simple 
CAPTCHA' case -- though remember that more complex, tricky stuff is getting 
into our hands daily which hasn't been broken, AND that any OCR type system 
is significantly more resource consuming than the generation itself. 
Spammers aren't looking to have things take longer than they do, and will 
avoid breaking CAPTCHA sites for stuff like this -- at least for this 
generation.

Breaking CAPTCHAs is more for people trying to spoof affiliate sites and 
such, or anything where creating and controlling some kind of account 
automatically (and likely making a profit doing so) is involved.  I'd think 
it's for a single targeted thing they're trying to do.

Also, from my analysis of CAPTCHA (and I haven't yet seen someone else give 
this analysis yet), where the simple OCR systems seemed to be breaking down 
is when normally straight-edged letters become curved -- in theory, curving 
a random numbers of letters (not putting them on a curve, they do that 
already by default!) would likely make it much harder to beat.

-d

----- Original Message ----- 
From: "C. Rummel" <rummel at gmail.com>
To: <hackers at wordpress.org>
Sent: Thursday, November 18, 2004 4:15 AM
Subject: Re: [wp-hackers] Anti spam idea


> On Thu, 18 Nov 2004 03:52:44 -0500, Mark Jaquith
> <mark.wordpress at txfx.net> wrote:
>>  Not only does it only get called once a comment has been submitted... it 
>> is
>> only called if that comment goes to moderation.  Generating the CAPTCHA
>> doesn't take up significant system resources, and in any case, it isn't
>> called for every comment.
>
> Sure thing, this doesn't apply to everybody.
>
>>  I've seen that site with the proof of concept OCR thing... but I've not 
>> yet
>> seen a spammer in posession of such software.  Remember, this is like in
>> real life... stick up a fake video camera outside your house, and robbers
>> will move on to an easier target.
>
> Right, kind of like a scarecrow. The OCR-thing is only a proof of
> concept. Spammers
> testing for the existance of Kitty's scripts is proof enough that
> spammers adapt to
> countermeasures, at least they give up until they have developed
> something better.
>
> Chris
>
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>

More information about the hackers mailing list