Spammers Randomate and Captchas

Spammers can crack any captcha on any site now in a matter of seconds.     There are even sites like http://www.captchakiller.com  which allow you to break captcha’s  using API’s.     I was able to break  All of americansingles sites captches in a matter of seconds,  my own and every other dating site I could find.    Now we get a lot of losers like Art Harrison at Randodate are using automated programs to break captchas on my site and attempt to create thousands of fake profiles and spam their site all over.   But the most annoying are by far the russians and other spam groups which are really stepping up their attacks lately.   

Does anyone have one of these automated spam bots?  I’d love to get my hands on one so I can test and figure out how they work.     Post a link below or send me an email if anyone knows of any.

30 Responses to “Spammers Randomate and Captchas”

  1. JDog Says:

    Here’s one guy I’ve seen around for auto spam on websites like myspace, yahoo, craigslist, etc.

    http://www.adsoncraigs.com/index.php

  2. Sebbi Says:

    Captchakiller.com ist using humans to solve captchas … there is no fighting that …

  3. TJ Says:

    Markus,
    I’m a vancouver local and may be able to offer you some insight/advice.

    You have my email. Feel free to get in touch.

  4. Rush Says:

    I haven’t tried anything against forms with a captcha but i’ve done comment spammers for blogs and ripping data off of sites. I’ll have to check out captchakiller to see if they have something I can use!

  5. Guy Says:

    Hey Marcus, sorry to hear about the spam bots. I have a moderately busy forum and have spent a few years fighting them and spammers and con artists in general. I’ve never used captchas but on the registration page I force the user to select year, month and day of a birthday before they register. The 2nd and 3rd drop down only appear after the first one has been selected. This makes it a bit trickier for the bots to control.

    I also maintain a spam domain list and a spam IP list but as you know they aren’t that helpful.

    There is one thing that I haven’t tried and that’s alternating between captcha’s, general knowledge quizes, math questions, and other type of interogation that might reduce the onslaught.

    Finally have read this blog post by Jeff Atwood?
    http://www.codinghorror.com/blog/archives/001067.html

    Towards the end he names some interesting captcha-esque techniques include ASCII art and “Solve failed OCR inputs”.

    Feel free to drop me a line if you want to brainstorm some of this further.

  6. Aris Says:

    PHPbb has been hit by automated spammers all over the world. The one thing which seems to keep them out is a math question during registration. Assuming you have a large enough pool of questions and answers (the questions could be something other than math) – in theory that should keep them at bay as the questions require understanding and logic of the question.

    There is also the ReCapcha project at Carnegie Mellon University http://recaptcha.net/ which is interesting in itself, and may well help block the spammers too.

  7. Andrew Says:

    A couple of solutions I’ve considered for the problem are as mentioned above. Questions instead of capchas, questions which would be difficult for a computer to process automatically. Simple logic and linguistic questions would seem to me to be more secure than math problems. Parsing math problem and calculating a response should be fairly trivial for a computer – it’s what they’re good at by design after all.

    Fundamentally the answer is going to be to remove any benefits gained from spamming by burying or flagging content created from questionable sources for review. Some ideas we’ve considered implementing are:

    1) Check the authenticity of the users’ registration details and weigh accordingly
    1a) confirm the email address, this is elementary and most sites do it
    1b) location of the IP against the country the user has specified when signing up.

    2) As posters above mention maintaining black or grey lists of IPs and domains both used for email confirmation and signups to add further weight. I agree that they won’t solve all your problems but they can be effective to add weight to the scores.

    3) Using the logic question, or captcha and not providing feedback. Allow the account to be created and use the results to add further weight to your review or burying process.

    4) Spam controls on the actually content, content similar to spam content should be flagged and weighted as spam controls for email have been doing for years.

    5) Batch cleanup of profiles and accounts that are inactive and over a certain spam threshold, mark the accounts as inactive and heavily weigh or exclude them from the results. Again, spam or no spam accounts this would only serve to improve the usefulness for users.

    6) Use your users’ passion for your service, provide a mechanism to allow them to flag inappropriate content as spam and use the results when weighing the visibility.

    The big problem I have with captchas is you’re taking part in an arms race with the spammers and giving them instant feedback on how well they’re doing. The primary concern should be to provide higher quality content, results or matches to users and adding a spam score to a result can drastically affect it’s visibility and thus usefulness to an attacker.

    Focus on improving results and visibility for genuine content users have an interest in and try to give as little feed back to spammers as possible. I’m not advocating security through obscurity, but don’t give them the blueprints to the vault either.

    You don’t have to run faster than the bear, just faster than the guy behind you. Make it more difficult to game your site and piggy back on your success than to build and publicise a competing service.

  8. Aaron Says:

    Markus,

    Great blog and congrats on your success. I was trying to reach you to ask you a question but couldn’t find your email. I used to have an Adsense banner ad 728X90 on plentyoffish last year and then it stopped running on your site for some reason. I tried to find out why but couldn’t get an answer. Please contact me if you have a chance, you have my email.

    Thanks,

    Aaron

  9. Chat Line Says:

    Markus,

    The software they are probably using is xrumer 4. This software bypasses catchpas and submits to guestbooks, forums, etc. Im sure it is some variation of that.

    Regards,
    Michael Francis

    P.S. i liked you post about free chat lines we just started one and we are monetizing it through different means but not paid for. The way we are moving we will have a huge chunk or lavalife, livelinks, and other paid chat line soon competitors market share very soon. We have alot of ways to monetize just like free conference on the backend and audio advertising on the actual call. Great business i surprised how big its growing how quickly.
    Best wishes to your continued success Markus…

  10. Jenny Lee Says:

    I have a question for Markus or anybody else who could fill me in =P I’ve read about the initial start of plentyoffish (great site by the way). And I read about a “viral” marketing approach to get the site up and going. When Markus refers to “viral”, does anybody know what he means or examples of viral marketing. Thanks so much everybody!

    Jenny

  11. Mayo Says:

    @Jenny,

    i presume he used word of mouth between his coworkers and friends, one friend told another and it spread like wildfire in Canada.

    Use word of mouth to friends, coworkers.. use cheap flyers, learn how to use Yahoo Publishing Network for starters(get their $100 voucher) and later when you are profitable start advertising with Google Adwords(visit uberaffiliate.com to understand how to advertise on Adwords but don’t jump right on adwords but start with YPN).

    Just use your creative thinking how to get new visitors.

    Best of luck Jenny!

  12. Mike Stevens Says:

    Markus, we use a random simple question/answer to stop the bot spammers…. Human spammers are still a problem but we at least stopped the bots with this…..we have five random questions like: spell the word red…..what is 2 plus 2 etc…. you can see these examples at ezdate123 on our sign up page.. Just hit refresh to see the random questions…Also Markus I have been on your site and it is really good and I have never encountered any spam….I did have a plug on my profile about ezdate123 but out of respect for you and your website i did take it out…..The best to you, Mike/ezdate123

  13. Markus Says:

    Mike, problem is when your site becomes really popular they just sit there and try and break whatever you put up. It definatelly happens to all the top dating sites… There are legions of hackers selling myspace break in tools.

  14. michael salway Says:

    hey Marcus what makes you think you can do something but anyone else does it and their losers? think your a loser too. anyone that can allow their memberes to commit defamation on their site and you allow them to get away with it is a loser and not much of a man. as long as you feel you don’t have to give a damn about american laws why don’t you get the heck out of here.

  15. Johnpaul Says:

    I run a site http://www.gojuryu.net and http://www.budomall.com

    My solution is BotSlap. Dig around a little for which version is best for your needs.

  16. Aleem Says:

    It’s a cat and mouse game–there’s no end in sight. And the harder your Turing tests, the less accessible your site becomes.

    The only reliable way to combat spam is using Bayesian filtering as it uses statistical modeling to find outliers. Anything else would be broken in due time.

    Short of using statistical analysis to find spammers, the next best thing is to use the collective power of your community. You’d need a weighted algorithm so that older users get more weight on their vote vs new users etc. If a 100 users report a user as a spammer, you can block their account and put them on probation.

    I am afraid, going any other route will just make your life harder as you alone combat the collective will of spammers–a very determined adversary.

  17. jeremiah Says:

    You know, if we just made it a crime to spam and started executing these fuckers, I am willing to bet the rate of spam will drop dramatically.

  18. Amir Wald Says:

    Some spam fighting methods:
    * Turing tests such as Captcha or whichever ones you can think of. You can change them frequently enough so bots cannot get you.
    * Since humans can spam (and labor is too cheap in some countries) you can add some rules to reduce it. You can give full permissions only after a validated email was given and some time + logins + normal pageviews have passed (say only after 10 logins, 7 different days on the site and views of different pages).
    * Simply block what it is that they’re trying to achieve. If somebody’s out to publish their website, simply block this expression and put the user on a mode that would require further authentication.

    Truth is that since you’re fighting with other humans, it’s simply an ongoing battle. Good luck🙂

  19. Mary Says:

    Your captchas are very poor, that is why they can get into yours, your captchas can be broken in less than 1 second by programs that go for less than $200 (there are many)…. try not using words and scramble them, also make it less easy to distinguish between text and background you should maybe use multi colour captchas and backgrounds that randomate between colors. also lines through the text or making each letter a different font…

    one thing i have not seen anyone do is a flash captcha, i know this would almost impossible to read, if you have some movement in it.

  20. Chris Says:

    For a US-specific solution, TXT-messaging is compelling. User signs up, enters their number to get TXT’d a code to, enters the code in the website and on they go. A lot of the spammers breaking those CAPTCHAs are outside the US, so you’d massively narrow their options. Facebook seemed to do this for a while.

    Another more severe approach is the SomethingAwful approach. You’re allowed to browse for free, but searching and posting require a one-time fee (say, $5 – although I think SomethingAwful is 10 + 10 now). By doing this you off-load the scammer problem to the major credit card companies. You also make it scarier to scam your site (You’ve got their credit card info, useful for legal purposes), and expensive (if they create 100 false accounts it costs them $500 instead of $0). As SomethingAwful clearly noticed, you also make a little bit of cash.

    But you’ll force out most of the younger audience (under 18) out there – which may actually be good for a dating site – and you’ll scare off those who are skittish about associating their real identity with a dating website. That might scare off the skeezy cheater types though. Maybe one-time membership fees are workable for PoF.

  21. Adam Says:

    Hi,

    I worked in the MySpace Abuse dept. I designed a system to eliminate approximately 99.9% of all their new profile spammers. A version of which is in use today. At one point they had one million new profiles per day being created by spammers. Their new spam profile adds and new profile spam abuse has gone down dramatically.

    Bots don’t matter.

    Contact me if you want more information.

    Adam

  22. Craigslist Traffic New Posting Bot Says:

    Craigslist Traffic Bot is what I use to Auto Post.It’s 20 times faster than CL BOT PRO

  23. Telephone Chat Says:

    Did you find a solution to this problem? The program was probably xrumer.

  24. Phone Fun Says:

    If you can build a program to stop spam, there will be a program to bypass it. There is just too much to gain in the marketing war.

  25. adwords Says:

    adwords…

    […]Spammers Randomate and Captchas « Plenty of fish blog[…]…

  26. Article Bot 2.0 Says:

    Article Bot 2.0…

    […]Spammers Randomate and Captchas « Plenty of fish blog[…]…

  27. Lifetype base Says:

    Lifetype base…

    […]Spammers Randomate and Captchas « Plenty of fish blog[…]…

  28. August Says:

    I am not sure where you are getting your information, but good
    topic. I needs to spend some time learning more or
    understanding more. Thanks for great info I was looking for this information
    for my mission.

  29. hormigon en Illescas Says:

    I’m really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the nice quality writing, it’s
    rare to see a great blog like this one these days.

  30. typebd Says:

    daily payment with captcha work .http://easywork01.blogspot.com/2015/02/human-ocr-captcha-entry-registration.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: