Thu

Jan 24
2008

Brady Forrest

Brady Forrest

Slow Comments on Radar

We have turned off auto-publish on Radar comments. We have been using reCAPTCHA, the human-detection system that assists in the translation of books, and it appears that there is currently an exploit. Our internal team is working to make our commenting system secure again (thanks Jennifer, Dave and Laura!), but for now all comments will be approved manually (sorry!). Hopefully there will be a fix soon.


tags: geo, web 2.0  | comments: 5   | Sphere It
submit:

 
Previous  |  Next

0 TrackBacks

TrackBack URL for this entry: http://blogs.oreilly.com/cgi-bin/mt/mt-t.cgi/6225

Comments: 5

  bex [01.25.08 11:49 AM]

It might be a CaPTCHA porn proxy... a SPAMMER sets up a porn site, and give free access to any human that beats your captcha:

http://bexhuff.com/2007/08/captcha-experiment

stupid web 2.0...

The best way to beat spammers? Create some kind of "SETI-at-home" applet that must be run before you can post... effectively charging each commenter a penny of electricity by running their CPU hot for a few seconds. Even if you still get SPAM, you help solve a distributed computational project.

that has accessibility problems... so the alternative is to only allow "authorized" commenters to post comments... like they do at Lifehacker.

  Steve [01.26.08 10:17 AM]

We used reCaptcha a few months ago in an attempt to foil cheating on a contest.
We figured out how to get past it, as did a cheater on the contest.

Two ways.
1) Only one of the two words has to be typed.
2) The reCaptcha servers don't (didn't) check if the same hash was being resubmitted. Some tweaks with greasemonkey, and it was off to the races.

  Chris [01.26.08 08:01 PM]

The idea with one of the 2 words is good, or to find the 3 word in a sentence

  Manuel [01.27.08 04:36 AM]

Do you have any more infos on the exploit? I'm using ReCaptcha on several of my vbulletin forums

  Luis von Ahn [01.27.08 06:43 AM]

Hi,



This is Luis von Ahn from reCAPTCHA. We’ve been in contact with the O’Reilly Radar engineers, and their particular spam problem seems to be due to a person manually typing in solutions to reCAPTCHAs. There is very little that can be done to stop this type of determination: if a real human targets you for spam, they will succeed. Fortunately, they will only succeed on a very small scale.



reCAPTCHA does check (and has always checked) if the same hash is being submitted more than once. Our system is used by over 20,000 Websites, including some very prominent ones (we serve over 30 million CAPTCHAs per day), and to the best of our knowledge there is no exploit. The small number of times people have complained to us about bots still getting through, it has always been due to either (A) an incorrect implementation on the webmaster’s end, or (B) a small number of manually typed reCAPTCHAs, which allow spam through (albeit on a very small scale). If you are experiencing spam on a site protected by reCAPTCHA, please contact us so we can help you isolate and resolve the problem.

Post A Comment:

 (please be patient, comments may take awhile to post)






Type the characters you see in the picture above.