Tuesday, May 30, 2006

Sign-up pages smarter than you

There is one fight on the Internet that has been going on for a good number of years - spammers versus webmasters everywhere. I am not talking about the annoying email spam but the niche spam that targets website forums and comment sections. This type of spam can turn a vibrant community into a ghost-town in a matter of weeks. Today Engadget had to disable their comments section due to excessive spamming.

Most commercial forum and blog spammers use these attacks to register users with "interesting" URLs in their user profile, then post small nuggets of wisdom on random threads, stuff like where you can get the cheapest Viagra, or how to make millions playing poker online. This whole process is automated - scripts locate your site, sniff out what type of software you use to run your forum or blog, then apply appropriate methods to create a user account and then deposit their poop all over your site.

To respond to this abuse web application developers started adding those annoying "Type in the letters you see above" traps, where letters were drawn on an image that you had to read in order to retype them - no ability to cut and paste text, which also means automated scripts couldn't "see" what was written on the image.

Unfortunately, it didn't take long for spammers to find their way around it - soon, spamming scripts were upgraded as well so that they literally scan the included image and "read" out the letters present. Web application developers responded by making the images ever-more elaborate, with backgrounds, random lines going through them, etc. It's gotten so bad that some of these CAPTCHAs as they are known (Completely Automated Public Turing test to Tell Computers and Humans Apart) cannot be easily read by computer or a human. Often I have to refresh the page several times until I get a CAPTCHA that I can decipher.

For a demonstration of why CAPTCHAs are getting so ridiculously complicated take a look at one CAPTCHA decoder, with analysis of the common CAPTCHAs out there and their weaknesses - at least now you'll understand!


Blogger Software Tin Man said...

Cool commentary. What would really make it better though is some INC4REAZE$ Y0R S!Z3 V1A6RA!!!

11:08 PM  

Post a Comment

<< Home