Showing posts with label bots captcha. Show all posts
Showing posts with label bots captcha. Show all posts

Saturday, 18 November 2017

Why can't bots check 'I am not a robot' checkboxes?



First, captchas aren't there to make it impossible to overcome - that is not possible to do. It's to make it difficult for a bot, i.e. to either make it impossible for it to do at all by itself or only very slowly. This is to make it impossible for a bot to e.g. try a password 1000 times per second, or to let it log in automatically without the help of a human.

Actually, clicking the box is a rather trivial part of what those CAPTCHAs are looking for. What they're actually looking for are things like:

did the 'user' instantly move their mouse to the exact coordinates of the box, or did they traverse thru the page like a human would?

is the user scrolling to the box, or are they remotely executing javascript to trigger a scroll to the box? how long after page load did the user find the box? Too quickly is obviously a red flag, but taking too long is also. commonly, to get around reCAPTCHA you'll need to find out 4-5 areas to click in addition to the initial click. The way that most people do this is using CAPTCHA services, which are real people solving them and returning the answer to you (i.e. for a text captcha, you'd send them the image and they'd send back the letters/numbers). The way you do this with reCAPTCHA is sending a screenshot of the computer, and you are returned the coords that you're supposed to click on to answer the question properly. [e: apparently this method is old, and a new method where the CAPTCHA is actually served up to the person within the service that will solve it for you!] 

However, it usually doesn't take a legitimate human 5 minutes to answer a few questions about 9 images. if you take too long, they'll make you do another image check challenge. basically, it's really, really difficult to make a bot move the mouse, scroll, and react naturally to a page load. and even if you do manage to fool reCAPTCHA, you'll be thrown to a few image tasks which may serve to block you out from the website completely, due to the reasons mentioned above. e: as others have mentioned, this type of stuff is only part of what reCAPTCHA relies on to determine human/non-human - particularly, your referring information & whether or not you have a logged in Google account. e2: there are a bunch of people claiming that mouse movement tracking is impossible to do. in chrome, hit ctrl+shift+j, paste onmousemove = function(e){console.log("mouse location:", e.clientX, e.clientY)} in, and hit enter. then move the mouse. it's easily done. e3: there are still a ton of people claiming that I just made up the ability to track end user mouse movements. 

http://www.javascriptsource.com/page-details/mouse-coordinates.html is another example Source Reddit
Read more ...

LinkWithin

Related Posts Plugin for WordPress, Blogger...