1. Home
  2. Community News
  3. Make captchas great again - HugBunter

Make captchas great again - HugBunter

HugBunter wrote:

As you will have witnessed, and likely have been brought to tears by the recent captcha changes, they have been necessary and Paris has had to deal with cleaning out the spam to the point of temporarily disabling registration, which is the first occurrence of this since Dread launched, whilst the current captcha implementation has been destroyed with the use of machine learning. This is something that is hard to be up against and whilst the initial concept of this captcha, I built to be unique and fairly user-friendly, it is no longer reliable to protect the platform and needs a complete overhaul.

Dread’s Current Captcha

Dread’s Current Captcha

I’ve been cooking up some new unique concepts recently, but after testing and benchmarking, they are either too unreliable to the point where many of the randomizations will result in them being illegible, power hungry resulting in extreme generation times and potentially page load times or I simply concluded that machine learning was going to fuck it in the ass the minute it goes live.

Some experimenting with animated GIF captchas seemed like a reasonable solution, however as mentioned, the processing required and file sizes would only allow it to possibly be used at the app layer DOS screen and it would still not be a guaranteed solution by any stretch (Not the end game captcha).

As for the end game captcha, it is now text based and whilst may be somewhat annoying, it caters for color blind users unlike the existing pattern challenge and allows easy access overall for the majority of users.

Now I would consider going text based with a similar captcha for the application, but that’s not how we roll, we will not be beaten, so I am going to roll out some varied captchas over the next 48 hours which may periodically rotate so we can see how things go and receive feedback. Please have patience with us, I know how fucking annoying this all is, but we’re being targetted and doing what we think is best at this moment in time.

One idea I was extremely keen to work on, I recently saw has been used for onion.live’s captcha and while I did decide to scrap it based on it being used elsewhere, I also came to the realization of how limited it would be and easy to solve even without the likes of machine learning, so it would not be usable, if they have an account here, please tag them, would be good to speak with them especially if they have been experiencing any sort of similar attacks where their captcha has been bypassed.

With all that being said, if you are able to come up with a unique solution that we are able to use (needs to be built without the use of JavaScript of course, so try to take that into consideration with any ideas) drop it into the /d/Dread modmail. Would be more than happy to try and compensate for it.

Signed Message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

As you will have witnessed, and likely have been brought to tears by the recent captcha changes, they have been necessary and Paris has had to deal with cleaning out the spam to the point of temporarily disabling registration, which is the first occurrence of this since Dread launched, whilst the current captcha implementation has been destroyed with the use of machine learning. This is something that is hard to be up against and whilst the initial concept of this captcha, I built to be unique and fairly user-friendly, it is no longer reliable to protect the platform and needs a complete overhaul.

I've been cooking up some new unique concepts recently, but after testing and benchmarking, they are either too unreliable to the point where many of the randomizations will result in them being illegible, power hungry resulting in extreme generation times and potentially page load times or I simply concluded that machine learning was going to fuck it in the ass the minute it goes live.

Some experimenting with animated GIF captchas seemed like a reasonable solution, however as mentioned, the processing required and file sizes would only allow it to possibly be used at the app layer DOS screen and it would still not be a guaranteed solution by any stretch (Not the end game captcha).

As for the end game captcha, it is now text based and whilst may be somewhat annoying, it caters for color blind users unlike the existing pattern challenge and allows easy access overall for the majority of users.

Now I would consider going text based with a similar captcha for the application, but that's not how we roll, we will not be beaten, so I am going to roll out some varied captchas over the next 48 hours which may periodically rotate so we can see how things go and receive feedback. Please have patience with us, I know how fucking annoying this all is, but we're being targetted and doing what we think is best at this moment in time.

One idea I was extremely keen to work on, I recently saw has been used for onion.live's captcha and while I did decide to scrap it based on it being used elsewhere, I also came to the realization of how limited it would be and easy to solve even without the likes of machine learning, so it would not be usable, if they have an account here, please tag them, would be good to speak with them especially if they have been experiencing any sort of similar attacks where their captcha has been bypassed.

With all that being said, if you are able to come up with a unique solution that we are able to use (needs to be built without the use of JavaScript of course, so try to take that into consideration with any ideas) drop it into the /d/Dread modmail. Would be more than happy to try and compensate for it.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl7r+m0ACgkQ6GEFEPmm
6SL0qQ/+J+bqB5+inrMH2WK6l3ZOplJNCiOM+r3CUGjtWapeBWirmBcXc+D+/hpA
DSL7tCKDyV5BS6Y9ptpI3nvhodnMhA4esIzxkvxF6K5ZgRI0ka98661X9DI6vdw8
vNTJ+6cJj6C4f7/eu9zjqpWX6//sy3DqGkpy0MPOFy0fnKNpz8jDJBzhIfDk2+54
Uyl/OglRfpR4NnFSK5v+r10cgvWydynkwu1GNPq046c9lfdLLDHT4Aan3SLjq6Uy
5D94vgw4FK9DBlSYXFsH91sUS/S17NpiZXgRitDfSYjGpfwBbEOk/cuwLcscSJvD
BxBTT5aFgwvhmH/4CCHsnzVz4kac41QhWaSzwFW6wtCvQrGqH9m8oCYnwKLjNdh2
puxM7oiGghyyNVhhjAkBJrcCqNuOpaJu6isUs4HpPbAgnUMC8QKNoEsjmwmOHN7y
93FtQjSDtqDUO1JONeyleKPmO1RvnDbd6S8tm5XjvNFYxwOkZQ0aPPJjf5JZ6kzO
WAaj/V0WoffOyBgWDKYQhmplUqs0Ox/go3esxAR4DOCE16sfaK0/NY+RQrAcO7d5
hlXmbVDQlE8wKRsMcJbP5FYpcVTNONolMzT5liHWf/LK1AfHD9AIkx41Sz3/QMbA
MXYSVy0E3c7xmMHl1ZymO8xVDF/0SFVkd5YxJqlxrjorWAAOWtc=
=6I+T
-----END PGP SIGNATURE-----

(worp! link)