vBulletin captcha *cracked*

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AlexanderT
    Senior Member
    • Mar 2003
    • 992

    vBulletin captcha *cracked*

    Pwntcha ("Pretend We're Not a Turing Computer but a Human Antagonist") claims that the vBulletin captcha has been cracked, due to:
    • constant font
    • fixed glyph position
    • no rotation
    • no deformation
    • almost constant colours
    • weak perturbation

    Time to update the code, wouldn't you say?
  • ajaspers
    Senior Member
    • Sep 2003
    • 132
    • 3.8.x

    #2
    I wouldn't be surprised if this were true, but PWNtcha doesn't make the source code available, so it's not possible to verify their claims.

    BTW, it's very difficult to make a high-quality captcha with GD.

    Comment

    • Reeve of Shinra
      Senior Member
      • Sep 2001
      • 4325
      • 4.0.0

      #3
      You can already change the font thats used.
      Plan, Do, Check, Act!

      Comment

      • Zonex
        Senior Member
        • Dec 2004
        • 1127

        #4
        look somebody made flood :( and i closed the forum how can i delete all the "waiting for e-mail v. group" http://img267.imageshack.us/img267/8237/adsz1zo.jpg (http://img267.imageshack.us/img267/8237/adsz1zo.jpg) and what can i do for this. it was opened image verification when register :( what can i do as

        Comment

        • daemon
          Senior Member
          • Jun 2003
          • 2351
          • 3.5.x

          #5
          Have they tried this against 3.5 or only 3.0.x? In 3.5 the code changed and now produces deformed letters instead of ones with just noise in the background.
          Bugdar: PHP bug tracking software that is beautiful, fast, and robust.

          Comment

          • AlexanderT
            Senior Member
            • Mar 2003
            • 992

            #6
            I think it only applies to V3.0x. Though if you look at the other "cracked" captchas, it is likely V3.5 could also be parsed by a sophisticated spam script.

            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 73981

              #7
              vb 3.5's is much different. Plus you can easily change the font in 3.5 just by uploading it to the forum directory and changing an option.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

              Comment

              • Matthew Gordon
                Senior Member
                • May 2002
                • 3243
                • 1.1.x

                #8
                Well, it only took them 2 and a half years.

                Comment

                • Guest

                  #9
                  It's always something, we break their bots and they break our methods.

                  Gatta love cycles.

                  (not a put down on the dev's, every software suffers from this in one form or the other. )

                  Comment

                  • AlexanderT
                    Senior Member
                    • Mar 2003
                    • 992

                    #10
                    Originally posted by Wayne Luke
                    vb 3.5's is much different. Plus you can easily change the font in 3.5 just by uploading it to the forum directory and changing an option.
                    It's not the type of fond that determines the strength of a captcha.

                    Comment

                    • Steve Machol
                      Former Customer Support Manager
                      • Jul 2000
                      • 154488

                      #11
                      The original post does say 'constant font'. 3.5 also includes deformation and color change.
                      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                      Change CKEditor Colors to Match Style (for 4.1.4 and above)

                      Steve Machol Photography


                      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                      Comment

                      • ajaspers
                        Senior Member
                        • Sep 2003
                        • 132
                        • 3.8.x

                        #12
                        Originally posted by Wayne Luke
                        vb 3.5's is much different. Plus you can easily change the font in 3.5 just by uploading it to the forum directory and changing an option.
                        Is the new captcha generated with ImageMagick or GD?
                        Last edited by ajaspers; Wed 24 Aug '05, 12:11pm.

                        Comment

                        • Steve Machol
                          Former Customer Support Manager
                          • Jul 2000
                          • 154488

                          #13
                          Originally posted by ajaspers
                          Is the new captcha genereated with ImageMagick or GD?
                          Both.
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment

                          • Freddie Bingham
                            Former vBulletin Developer
                            • May 2000
                            • 14057
                            • 1.1.x

                            #14
                            The 3.5 Image Verification has many new features.

                            IM:
                            - Random color
                            - Swirl
                            - Different position per letter

                            GD:
                            - Random color
                            - Swirl and Wave

                            I will continue to tweak the algorithms as time goes on. You can change the font for each type, but as of now all letters will be of the same font. I would expect in the future to add the ability to select a range of fonts that would allow random fonts per letter.

                            Comment

                            • MGM
                              Senior Member
                              • Aug 2002
                              • 3653
                              • 3.6.x

                              #15
                              Originally posted by Freddie Bingham
                              The 3.5 Image Verification has many new features.

                              IM:
                              - Random color
                              - Swirl
                              - Different position per letter

                              GD:
                              - Random color
                              - Swirl and Wave

                              I will continue to tweak the algorithms as time goes on. You can change the font for each type, but as of now all letters will be of the same font. I would expect in the future to add the ability to select a range of fonts that would allow random fonts per letter.
                              Could we also have the ability to add our own colors and backgrounds? I would love to be able to have a gaming-related background for it on my site... maybe it wouldn't be "practical" (unless its a "good" background) but cool nonetheless.

                              MGM out

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...