E-Dribble

It’s no secret that I hate what CAPTCHA’s have become.  If you’ve read my prior posts that mention it, you also know why.  For those that haven’t, CAPTCHA’s are a great way to get your site visitors to do your work for you.  It’s the absolutely perfect tool for the lazy, incompetent or otherwise deficient web site owner that can’t be bothered with properly protecting their site from the scourge of spammers.

Case in point:  During the reading of my aggregated news today, I came across an article on tuxradar, discussing the newest release of linuxMint.  Being the incredibly helpful person that I am, I wanted to post a comment regarding how unfortunate that mint decided to base their improvements on Ubuntu. After typing my thought provoking post, I began proving that I was a human:

Alright, man.  I did it.  I typed the letters as best as I could, seeing as how every month, the letters become more obfuscated.  I think I got it right though.  I click to affirm that I’m human:

Now, I’ve typed my post and I’ve entered two words with a space separating them, perfectly duplicating the mess I see as the challenge.  Upon clicking submit, I am now asked to copy the resulting six lines of scrambled letters into another text box, again to prove I’m human.

To all of the complete fucking morons that think reCAPTCHA’s method of preventing spam is a great idea: You deserve to lose the traffic and interactivity of every visitor who, like me, feel it’s your job to keep your site clean of spam, not mine.  Instead of proving a third time that I was human, I decided to move on, removing the site from my aggregator.

Spam is not hard to control.  You will find no spam on this site.  You’ll find no spam on my community sites that have forums. You also won’t find a CAPTCHA when you try to post a comment.  The reason for this?  I don’t feel it’s your job to keep my site free of spam.  That’s my job.  I view CAPTCHA’s as the first step webmasters took to relieve themselves of the burden of policing their site and placing it squarely on the visitor.  They’ve become commonplace and a generally accepted form of spam prevention.  Why not?  It’s not such a big deal, right?

Had the escalation of laziness stopped at the standard CAPTCHA, even I wouldn’t have such an issue with it, but it didn’t stop there.  See, people are too fucking lazy to create CAPTCHA’s, so a few entities integrated CAPTCHA’s into their applications and scripts for the webmaster’s convenience.  That makes sense.  I mean, if they’re so lazy that they’ll ask me to keep spam off their site, why not ask someone else for the mechanism to allow me to do it?

Only problem? Well, if you have everyone using the same CAPTCHA service, the botters don’t have so many systems to crack. The whole reason reCAPTCHA exists isn’t because CAPTCHAs are easy to defeat.  It’s because there were only 5-10 CAPTCHA systems being used.  The botters only had to break the default phpBB, vBulletin or Invisionboard CAPTCHA to have immediate access to millions of sites using the same system.  Had the webmaster been doing his job, reCAPTCHA would have not had a need to fill.

Let me be clear, reCAPTCHA works.  Of course it does.  It puts the visitor through so much shit just to prove they’re human, that it’s silly to think that a botter would be able to complete it all successfully.

Big fucking deal.  I can make it an incredible hassle for my users to post a comment without their help.  I definitely don’t see their method as being something to be proud of.

I had some problems on two community sites with bots.  It was clear that I needed some form of test to keep them off the site.  These are the two that I developed.  Since I implemented both of these, I have had a total of 0(zero) automated registrations on either site.

The first was a photography forum:

The second is a forum for the enthusiasts of the Husaberg motorcycle:

Now, when I integrated these into the sites, I was ready to expand on the idea, randomly choosing the challenge, obfuscating the image name so the bots couldn’t guess the challenge by the filename and more, but a funny thing happened.  This very simple and never-changing challenge completely halted the registrations.  I didn’t have to do any more work.  I invested less than an hour into each and completely resolved the issue with automated bots registering on the sites.

Why?  It’s simple.  I used something different.  I took the time to create something that the bots hadn’t seen before.  People that sell you Viagra, or pills that at least look like Viagra are dealing with millions of sites a day.  They do not stop to customize their scripts to each site.  They work in big numbers.  If your site doesn’t use one of the common CAPTCHAs, then the bot moves on.

I have never received a complaint concerning the additional step required for registering, but I have received comments by people that thought they were pretty cool or funny.  Something definitely needed to be done to take care of the problem and I needed the visitors help to do it.   The difference between tuxradar and my sites is that my sites takes the main element from the site that they’re at and use it to integrate the botcheck while minimizing any additional work on the visitors part.  Text you can’t read?  You won’t find it.  Copy and paste to another box?  Not on my watch.  Mathmatical equations?  Don’t make me laugh.

My point is simply this.  There is no reason, other than laziness for the insanity that is reCAPTCHA.  If you visit a site that has reCAPTCHA on it, it’s because the webmaster doesn’t care enough to prevent spam on his site.  He’ll just have you take care of it for him.

If I were you, I wouldn’t put up with that shit anymore.