Shoutbox

A smart spammer, or one who needs to earn a living from it, will avoid captcha's as much as possible, even if they are breakable.

Because captcha's also create an extra overhead, which means loss of time. Which means that they could make more money spamming an unprotected service than a protected one. Because for even a simple captcha, it still takes extra resources and time to bypass it (being done automated or not)...

But no, ofcourse captcha's aren't 100% suitable for everything (eg: once sign up on a forum, you can usually make as many posts as you want), but for certain things it is effective (eg: password guessing - MS uses a captcha after x failed attempts, making brute forcing them a whole lot harder and more time and resource consuming).

im sure with plenty of spammers making New and much better bot scripts to spam they'll spare that time, if it means making money  et the end of the day they'll do it.

Yes, but again, they are mostly used to discourage the vast majority of spammers, not the 1% of pro-spammers.

Most spam does not come from 'expert' spammers, but from people like you and me.... well, not exactly like you and me, but I mean the casual user or casual would-be spammer, people like script-kiddies: spam-kiddies so to speak...

Which is also the reason why MS uses captcha when you add x amount of contacts which was the whole point of that original thread and the remark done by the OP and why I said what I said.

It's the very same discussion with encryption. Many encryption methods are breakable in one way or the other. Take MD5 for example. Yet it is still the most used hashing method today. And does that protect like 99% of the stuff it needs to protect. Yes it does. Not because it is failproof, but because it discourages 99% of (would-be) hackers/crackers.

The point is that it is not about 100% protection. Claiming it is, or discussing it like that by saying all captcha's are useless so let's not use them at all, is besides the point, or at least getting things out-of-context  imo.

Cooks, have you ever been a Moderator of a Forum that has had to ban spammers etc? my guess is no, so this is all theory of yours.  there are a hell of a lot of "pro-spammers" out there  the only script kiddies i can think of are some that write scripts from this forum and maybe others.  i know a certain someone on this forum that can bypass Bans, i wont name who that is,

you talk about MD5sum, Mozilla had a recent problem with that. infact if you have a look in wikipedia you can see how easy it is to  encrypt and decrypt MD5sum.  or was that sha256?  i'll have to have a look, im sure i posted about it on the fedoraforum.

http://www.neowin.net/news/mozilla-inadvertently-...00-users-passwords


http://forums.fedoraforum.org/showpost.php?p=1430818&postcount=4

that stevea knows his stuff since he is a kernel hacker

quote:

---

Originally posted by Alias
Cooks, have you ever been a Moderator of a Forum that has had to ban spammers etc? my guess is no, so this is all theory of yours.

---

your guess is wrong. I have been, and still am.... And no, this isn't just theory, research has been done about it and papers published. And in practice I have seen it from happening myself, that is: a simple, easy breakable, captcha beeing used to stop all spamming (thus far) just because it discouraged the spammers.

Second, you're focussing on forums only. Captcha's are used for more than just registering on forums. More infact, the original thread you replied on (and got split into this one) didn't had anything to do with registering or even forums at all.

And see one of my previous posts where I acknowledged that once a spammer has passed the captcha to register on a forum he usually can spam all he wants (until modded), but that is only a small portion of captcha usage. Focussing on that only and coming to the conclusion that captcha's in general are useless is a leap too far.

quote:

---

Originally posted by Alias
you talk about MD5sum, Mozilla had a recent problem with that. infact if you have a look in wikipedia you can see how easy it is to  encrypt and decrypt MD5sum.  or was that sha256?  i'll have to have a look, im sure i posted about it on the fedoraforum.

http://www.neowin.net/news/mozilla-inadvertently-...00-users-passwords

http://forums.fedoraforum.org/showpost.php?p=1430818&postcount=4

that stevea knows his stuff since he is a kernel hacker

---

Yes, but what is the point of that in regards to what I've said?

compiz.org check that out, they have a twiitter thing there, it gets spammed yet they  do stuff all about it.  but in general twitter can be spammed to. so can facebook accounts.  the fact is Cooks, spammers know how to use Proxies well enough to create account after account to make new spam .  its like a chat i used to use called voodoochat.com , im banned from that but nore do i care to get back in it cause there losers in it. nore am i despewrate enough to get back in it, however i know someone that can bypass the owners bans.