Monday, August 27, 2007

Blogger, The CAPTCHA, And The Spammers

Recently, we've been seeing a lot of complaints from folks who claim that their blogs have been detected as spam.
I have to solve a word puzzle each time I post. Help!


Don't you just hate that word puzzle, aka CAPTCHA? Every time you setup a new blog, you have to solve one.

I capitalise the word "CAPTCHA", because it's an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". It's there to keep spammers from setting up hundreds of blogs, or email accounts, by simply using automated scripts. And, it's not working.

Spammers are ignoring the CAPTCHA, and automating the setup of spam blogs. Want to see how the spammers are working around, with ease, the CAPTCHAs that we have to deal with?

This is a pretty long video (50 some minutes), but it's worth the time to watch. It discusses these issues, and more.
  • What is a CAPTCHA, and why is it not the ultimate protection against automated attacks?
  • Why do I see a CAPTCHA sometimes, when I'm looking at pictures?
  • Why are there so many free online games?
  • How does Google Images get their pictures labeled so accurately?
  • How do hackers and spammers setup multiple online accounts and blogs, using scripts, even with CAPTCHAs required by the setup processes?

>> Captchas and Online Games:

»http://www.youtube.com/v/tx082gDwGcM
Human Computation (Luis Von Ahn: July 26, 2006)


And here's a later story. The New Scientist: CAPTCHAs conquered?, or my mirror if the New Scientist web site is still slow responding. And an additional opinion: brains-N-brawn.

Listen to Luis in the video.
The reason it works is because humans, at least non-visually impaired humans, have no trouble reading distorted characters, where as computer programs simply can't do it as well yet.
Which is true, as he explains in the beginning.

But as he continues, and explains multi-player online games, he shows how spammers defeat the CAPTCHA, with ease (at 5:46).
So porn companies also want to send spam, they also want to break CAPTCHAs, and this is how they're allegedly doing it.

And, at the very end (at 51:10)
You can use these games, to break the CAPTCHAs - yeah, definitely.
I think this is one place where allegedly doesn't apply - and in the two remarks (above), Luis is admitting the problem.

We, the blog owners, have to disable the Navbar, to prevent our readers from associating our blogs with porn and other trash. The answer, by some online services like Blogger, simply makes it harder for Blogger blog owners and readers, to maintain and publish their blogs.

Want another interesting example? How about a blatantly commercial product used for scripted placement of spam in online forums, that only incidentally includes automated CAPTCHA resolution? This product still exists, even though their website may not provide an easily located demo video. This is another product which uses CAPTCHA breaking, similar to setting up multiple Yahoo accounts.

Think about the above, the next time you surf your favourite entertainment website - and get a CAPTCHA to solve, to see the pictures.

>> Top

1 comment:

BetteJo said...

This is exactly where I did find the link to blogger support! Thanks so much for being out here!

My blog is broken and I don't know if I did it or it is a blogger problem. I logged a ticket, they have my email and my blog - but I didn't get the botmail.
I'm wondering if I should find someone to look at my code for me. Ideas?

Again - thanks for your blog(s) - I bookmarked it!

BetteJo