Captcha bypass

[S_Therapist]

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?

Bot accounts can do nothing because each and every account has their own unique link. So, it's almost imposible to utilize by bots, IMO.

[1713568285]

1713568285

[1713568285]

1713568285

[guybrushthreepwood]

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

Depends. I suppose it could be abused by bots and probably should be limited to Juniors like theymos mentioned in the opening post, but I'm sure the benefits outweigh the negatives. I'm sure the admins will be able to see if it's being abused or not but it's certainly a positive for us genuine users.

[jackg]

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

No more than normal. If you were an enthusiastic bot programmer before you could program your addon for firefox or google chrome in order to make your bot post.
Alternatively, there are programming lanauges taht can control browsers that you can use which will probably still be used now for bots to post, there is a limit on newbies of 360 seconds, is this nt enough to try to stop the spambies^tm? spamies is copyright Jet Cash

[Quickseller]

It sounds like this means that for all intents and purposes, you will only need to use a captcha once, when you create your account, provided you save the bypass link and can access it when you login.

This is probably a step forward for tor users, although CF sometimes otherwise makes using tor difficult. It would probably be helpful (and marginally profitable) to sell unique .onion addresses intended for individual users that can be used to access the forum via tor. Privacy would only be impacted marginally, although depending on how much information you think CF collects, it may help privacy.

[theymos]

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

[jackg]

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

[guybrushthreepwood]

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

[jackg]

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

I usually try limiting it to three and then just using the shortcut for a new circuit after that...
seemed to work well for me.

[Marvell1]

Such a wonderful improvement! Last time I was active I just didn't want to get in because of such annoying captcha.

[H8bussesNbicycles]

I FINALLY BEAT GOOGLE!!!

You can register if you try a bajillion times. It does eventually let you in after an hour of training the self driving cars/skynet killbots.

I expected to be hit by an evil fee but their was no mention of it. Is that still a thing or did I get lucky and happen to be on a rare IP?

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?

[Quickseller]

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?

It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

[H8bussesNbicycles]

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?

It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?

[Quickseller]

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?

It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?

You could argue this is a bug. Like I said before, I don't think theymos would allow a large number of attempts before he would take action on the code/link being used.

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.

[LoyceV]

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.

Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:

If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:

[Quickseller]

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.

Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:

If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:

Perhaps, however if you keep the link secret, this will not be an issue.

My login code (that I have since reset) is 893f4e9d4e171dc97db6 -- If someone were to know that someone uses this code, they could attempt to login using every username until they don't get an error message anymore, then bruteforce my password.

Another solution might be to only give the error message for the first xxx consecutive attempts to login to an account not associated with the code but keep the code active. This would prevent an attacker forcing someone to use the captcha while reducing the risk that an attacker could use a captcha bypass code to first bruteforce which account it is associated with and then bruteforce the PW

[AhmadM]

Bump

I know maybe it's not the newest update on bitcointalk, but I just read it recently. Thanks to @LoyceV for bumping this topic [GUIDES] on Bitcointalk. Index thread because of that I can found it.

It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos

And from my sight, it doesn't have high traffic views. So I translated it to my native language with my comprehension to share it on my local board. I'll be glad if you want to visit on my thread here

[LoyceV]

It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos

I guess you didn't see this:

[UserU]

I guess you didn't see this:

I tested it, and it showed "You have to login first".

Maybe theymos could just add SolveMedia to alleviate the whole thingy.

[AhmadM]

I guess you didn't see this:

Yeah, I didn't see it. I also tried it by myself as @UserU do and it showed the same message as him. We have to log in first to get the captcha code.

[OgNasty]

Personally, I think more should be done to make TOR users have to jump through hoops to access the forum, not the other way around.  This is probably outstanding news to those who use alt accounts regularly though.