CAPTCHA Time

By Sabrina Biehl Published Dec 9, 2011 03:11 pm Updated Jun 24, 2014 03:12 pm

When you submit an event to myMotherLode.com and when you register to post on myMotherLode, you are presented with a little box with an image of misshapen letters and asked to "enter the correct letters". By solving this puzzle the computer knows that you’re human and not a spammer ‘bot.’

No doubt it is not easy to guess what the letters are, if it was, then a computer program that reads text could hack the system. It may take a person several times to guess correctly but the time it takes for a computer program or hacker to get past this problem also deters them.

This is why we use CAPTCHA which stands for: Completely Automated Public Turing Test to Tell Computers and Humans Apart.

The first CAPTCHAs were developed at Carnegie Mellon by Luis von Ahn and his Ph.D. advisor Manuel Blum for use by Yahoo to guard against computers opening email accounts.

myMotherLode.com alters its captcha regularly but recently an automated script got around it and posted hundreds of comments (445 on one news story). Fortunately, because we review comments before posting them, all of them were deleted and the public was never aware of the messages. Blocking the computers responsible is a considerable challenge.

The point of the bogus comments is often to raise search engine ranks of some website (e.g., "buy penny stocks here").

Our classifieds have several levels of security but about once a week a Yorkie puppy ad will show up in one of the free sections. If it wasn’t profitable the spammers would not go through the effort to post but enough people send them money and confirm their email address that it is apparently worth their time.

In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science. As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once.

Students at Carnegie Mellon found a way to stuff the ballots using programs that voted for Carnegie thousands of times. Carnegie’s score started growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000.

It appears that the same computer that was commenting was also voting on myMotherLoe.com’s poll. We can sort out the duplicate votes now that the poll is closed.

There are various "CAPTCHAs" that would be insecure if a significant number of sites start using them. An example of such a puzzle is asking text-based questions, such as a mathematical question ("what is 1+1"). Since a parser could easily be written that would allow bots to bypass this test, such "CAPTCHAs" rely on the fact that few sites use them, and thus that a bot author has no incentive to program their bot to solve that challenge.

For now we have to endure the CAPCHA distorted letters and keep guessing so that we can prove to the computers that we are human.