Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How do bots bypass reCaptcha?
frdmn
New
Hello, im using the Application based registration with reCaptcha but i still get tons of applications daily, all with the same "body":
{I want to {see new threads|follow the discussion|be part here|see new additions|access all parts|contibute|say something|reply to a thread|reply to a user|message a user|contact a user|read everything}.
The applicant has always a @outlook.com or @yahoo.com e-mail address and somehow is able to bypass reCaptcha. How?! Do they really bypass it or just "solve" the captchas somehow (OCR or whatever)?
What do you guys to prevent this?
5
Comments
OCR is unlikely to work most of the time reCapatcha is rarely solved (despite what people might believe), sometime they make use of certain exploit or weaknesses in the, but bear in mind is update regular by Google. On the hand it popularity mean a lot of time is invested in trying to crack it.
The application registration doesn't by default have reCapatcha. Are you sure you are using it?
grep is your friend.
@frdmn
You can use this:
http://vanillaforums.org/addon/registrationrestrictlogger-plugin
to block applicants based on their application text, among other things.
You might also want to look at this:
http://vanillaforums.org/addon/addregistrationquestion-plugin
@x00 yeah I am sure, and also made sure it is active (you can check by yourself: http://forums.yeahwh.at)
@whu606 thanks, I am aware of those plugins, but I actually just want to know how they bypass it. Thank you though for the suggestion
Hired humans for cheap.
http://forums.yeahwh.at/entry/register?Target=discussions
no captcha
grep is your friend.
here is my account
http://forums.yeahwh.at/profile/1417/spammer
grep is your friend.
@x00 you're right, it was reCatpcha as i didnt used the Applicant registration method. Just noticed you don't even have the opportunity for reCaptcha on that mode. But we got those spam accounts as we were on "Basic" (with reCaptcha, yes!) as well.
@x00 ,
I have a similar account at Yaweh.com .....
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Check out all of peregrine's addons... lots of them have to do with blocking spammers
There was an error rendering this rich post.
I would have though you were an aztec anyway. I can imagine you removing a few hearts.
grep is your friend.
now I know where she gets the
's from.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@x00 I got yours right here
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I doubt it, I never had one in the first place.
grep is your friend.
Or subscribed to even cheaper, automated services. They work, I tried some of them and they all bypass ReCaptcha.
My shop | About Me
@businessdad
This is why i like this project
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
grep is your friend.
I refer defer to this post
http://vanillaforums.org/discussion/comment/208613#Comment_208613
grep is your friend.
also talk of 'spam' tend to trigger spam, becuase spammer are searching for weak sites. As does context stuff like "Which the best host?"
grep is your friend.
It seems a good idea, but the CBA factor is very strong in some users and could drive them away. -_-
My shop | About Me
I the the CBA is higher with reCatpcha. How hard is it to point a click, and you get clear pictures.
grep is your friend.
Apparently, it's very hard for some people. We had to disable all recaptcha and even email verification on some sites, because for many users it was too much effort to click on one link in the email.
My shop | About Me