Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN][XRB]Cryptocurrency's killer app: RaiBlocks micropayments
by
jamilservicos
on 25/07/2017, 02:35:53 UTC
Already says the saying "know your enemy first of all".
So for all who think that increasing the difficulty of captcha will prevent bots, thinking that we are still in the era of bots ocr.
I ask you ... Do you understand how these captchas bots work? Do you know the purpose of your initial creation?

Initially the bots were created with the purpose of assisting disabled people with embedded programs, plugins, extensions that could read and / or solve captchas.

As the captchas were simple, the first bots and services used with ocr for captcha recognition.
The idea was copied by misinformed people who started selling automated captcha resolution services for spam purposes.

Just as the captchas system evolved, automation services also ...
Today these services that charge by amount and monthly, pay people per captcha resolved within your site.

Then a bot works as follows ...

It recognizes the captcha and sends it to a server, the server receives and queues it in pool of resolution, where there are dozens, or even hundreds of people solving captchas every second. When the captcha is resolved it is sent back to the requester, and automatically placed in the response input.
When the solution is sent, it is validated by the program, plugin, bot and returns with right or wrong to the server, it pays the person who solved, or punished the error.

Nowadays, bots are only remote people. Then the difficulty of captcha itself, not for the bots, but the people ... if it is possible for a person to read, the bot will read.

Increasing the difficulty for people, for the purpose of stopping the bots, is simply to make your system accessible only by bots. Which has several people to try to solve.
While the average user will just give up trying.

And that's exactly why the new version of recaptcha has no more difficulty, it only validates backend.


When a developer thinks about system security, he first needs to understand how the most common attacks work.
In the case of captchas bots, it uses multi tabs resolved by remote people at the same time.
Therefore the solution is the limitation of validations per min of each wallet. Ip does not work simply by being easily changed in adsl connections and proxys

And of course changing fixed ids and fixed function names would also hamper the automated imput, since the code would be obfuscated by ids and dynamic names created during the rendering;

The issue is not increasing the difficulty of viewing the captcha, but the backend validation and reading the source code.