RE: Comment Spam: new trends, failing counter-measures and why it's a big deal

["php0t" <very () unprivate com>]

> And a friend of mine has already written a PHP class using GD that can

> beat 80-90% of common CAPTCHA implementations.


  Interested. Further info? Any online implementation that I can feed
images / url's to and receive results?


> It's not a particularly complex algorithm.


  This is all relative. It's supposed to be complex enough for bots to
not be able to do, that was the whole point from the beginning.
Naturally, if you say there's an application that gets 80-90% of them,
we/they can just make more complex images / different approaches for
telling between people and humans. That PHP class you were talking about
may solve some commonly used Turing tests but are you really saying it's
the global solution against word recognition based challenges? If it was
like that, it would mean that there is no way anybody could make an
image generator that would change its success rate from 90% to 0%...


> What's to stop the spammers investing a little more money.


  Sure, they can always invest more money, but that's less profit.
Spammers want the best results investing the smallest amount of money,
it's just a question of balance. That's why for a spammer it makes sense
to focus on the most low-cost ways of promoting their sites / products.
If the bigger percentage of the problem is currently because of sites
using weaker Turing tests that a software can solve with such a high
success rate as you said (or - as it is usually the case - none at all),
we can make the situation better by using captcha-like implementations.
This is all I said, but you're both right about pointing out the
problems of spammers having money / using people, etc as well.

php0t


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/