Tuesday, September 2, 2008

Gotcha spammers with CAPTCHA!

Last year, some of my websites that had comment and forum features was heavily flooded with those shameless spams.

These spams have been very embarrassing. The websites I was maintaining was about charity works and goodwill and these spams were advertising sleazy items.

Even when I disabled the comment and forum sections, these spams still kept coming. I configured the web host server such that any new emails will be redirected to my personal account. Not only were the spams tasteless and blasphemous, they were also slowing the traffic. Several times, the web hosting companies temporarily stopped the service because of spam traffic.

Thanks to CAPTCHA, these spams were significantly reduced if not totally eliminated. I have always noticed in many websites that their registration process includes typing some words (some words did not make any sense at all). I first thought that it was a specialized program developed by their in-house IT staff but when I figured how proliferated it was, I scoured the internet to know it’s name until I knew it was CAPTCHA.

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" which was developed by Carnegie Mellon University. CAPTCHA usually involves having the user type the letter and number contents of a distorted image. This is under the presumption that a computer cannot programmatically interpret the distorted image.

CAPTCHAs are not just used to ward of evil acts of spammers. They are also used to protect websites from illegal or excessive registrations. In the past, free website services have suffered from “bots” attack which programmatically signs up thousands of emails every few minutes. Online polls have already benefited from CAPTCHAs having prevented malicious voters from multiple castings using malicious codes.

CAPTCHAs come in other forms for people with disabilities. For instance, people suffering from blindness or minor sight impairment like color blindness can opt for audio CAPTCHAs. But at present, only few websites offer this option and has still cause complaints from affected users.

There are also CAPTCHA-like implementations like being asked the sum or product of numbers. In fact, one website I visited made me answer 3 simple and dumb-sounding questions like “What is the capital of Japan?” or “Britney Spears is a (a) singer (b) inventor (c) prime minster?” This makes sense because there is no way for computers to know the correct answers to random questions like these without human interventions.

But spammers are pushing forward too wherever CAPTCHAs take them. Many spamming groups employ cheap labor from poor countries to do the solving of CAPTCHA codes.
Another technique is employed by spammers is to copy the CAPTCHA images and use them for their website. When their traffic is high enough, they can then get the interpretations of these CAPTCHA images and use them on the legitimate sites.

CAPTCHAs are very easy to implement. In fact, many Joomla templates and other CMS software already come bundled with CAPTCHAs. Any non-programmer can already integrated CAPTCHAs into his website in less than a minute.

No comments: