190
qdsp13
6y

These "math question" captchas are really stupid.
It's not even an image that has to be OCR-ed, it's just plaintext. Why can't these people understand a captcha is supposed to be something only a person can do? This is math. Computers are amazing at math.

Comments
  • 21
    It’s 42?

    You’ll probably find the requirements were something like this

    Manager: we need a captcha thingn on this page
    Dev: ok I’ll just throw in Google Recaptcha
    Manager: our users find this way to difficult and can’t get passed it
    Dev: I’ll use this other one instead
    Manager: no that’s still to complicated
    Dev: stuff it!
  • 22
    Correction, we built computers for math.
  • 13
    Hey, don't give it away... Parts of my less-than-nice-and-not-on-github-for-this-very-reason codebase relies on people continuing to use those ;)
  • 6
    You can google this captcha and google solves it for you :D
  • 14
    document.querySelector(inputQuery).value = eval(document.querySelector(query).innerText)
  • 8
    CAPTCHA = Completely Automated Public Turing test to tell Computers and Humans Apart

    Probably they just look at the response and if it's correct, they'll assume it's a computer, since they are better at math ;)
  • 7
    Sometimes security isn’t about being a hard target, it’s just about not being the softest
  • 2
    Actually is a string that multiply a sum of two numbers, It's quite hard for a human. I think it's an anti-human captcha at this point
  • 3
    @beggarboy computers are essentially math and a lot of look up tables.
  • 1
    If I have some free time, I'll ddos the shit out of them if that'll help
  • 4
    The answer is:
    9*Math question + 9
  • 0
    some programmers have less brain cells than we do 🤷‍♂️
  • 1
    I don't see anything wrong with that. It probably keeps away 95% of the robots and it's easy to use, easy to maintain and no shitty dependency.
  • 1
    @Kisle I learned the hard way that a captcha like this doesn't work. It's practically entirely ineffective at keeping out bots. A site I had it on was still absolutely bombarded with spam.
  • 0
    There's one benefit to a captcha like this..unlike wordpress and unlike recaptcha, it's not widespread and common. Generally speaking, programmers want the most bang for their buck and will find workarounds for things that either a) have a lot of value or b) can work on millions of websites. So putting a custom crappy captcha on a tiny site that has minimal value and just wants to block spam probably isn't horrible.
  • 2
    I built one a few years ago that said "count the cars", "type the numeric version of this string 'four'", "what's the opposite of hot?", etc. It was probably pretty simple for someone to get around if they wanted to, but at the time other captchas were those crappy cryptic strings that people hated doing and always got wrong. It was simple for people (who spoke english at least lol), and I was at a low risk of being targeted for spam. I used it on several sites before deciding to shut it down because it was a service that relied on a server I didn't want to keep paying for lol. One additional neat feature I had was that it would keep a record of IPs that failed over X times and then just naturally block them going forward on the entire site my script was setup on (they would basically just see a "fuck off" message instead of the site).
  • 7
    Did I mention that honeypots can work wonder? Have an input field/textarea called "subject" or "message" or something and hide it with css. If there's text in it, it's a bot
  • 1
    @Wack I do that all the time and use a name that seems semi-legit. name="email2"
  • 0
    You'll still have to write an expression tree to solve this. At least some script wouldn't break that.
  • 0
  • 1
    As the "Math question" is in multiplication with 9,
    Its
    Math question Math question Math question Math question Math question Math question Math question Math question Math question 9
  • 4
    How has nobody else mentioned the opt-out checkbox yet?
  • 0
    Maybe it's not computers that they're trying to deter.
Add Comment