Bitcoin Forum
September 20, 2019, 09:18:28 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Captcha bypass  (Read 1458 times)
Armagh1234
Jr. Member
*
Offline Offline

Activity: 35
Merit: 1


View Profile WWW
October 16, 2018, 12:20:53 AM
 #21

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha
1569014308
Hero Member
*
Offline Offline

Posts: 1569014308

View Profile Personal Message (Offline)

Ignore
1569014308
Reply with quote  #2

1569014308
Report to moderator
1569014308
Hero Member
*
Offline Offline

Posts: 1569014308

View Profile Personal Message (Offline)

Ignore
1569014308
Reply with quote  #2

1569014308
Report to moderator
1569014308
Hero Member
*
Offline Offline

Posts: 1569014308

View Profile Personal Message (Offline)

Ignore
1569014308
Reply with quote  #2

1569014308
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
S_Therapist
Sr. Member
****
Offline Offline

Activity: 280
Merit: 271



View Profile
October 16, 2018, 04:23:32 AM
 #22

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
Bot accounts can do nothing because each and every account has their own unique link. So, it's almost imposible to utilize by bots, IMO.

           ▀██▄ ▄██▀
            ▐█████▌
           ▄███▀███▄
         ▄████▄  ▀███▄
       ▄███▀ ▀██▄  ▀███▄
     ▄███▀  ▄█████▄  ▀███▄
   ▄███▀  ▄███▀ ▀███▄  ▀███▄
  ███▀  ▄████▌   ▐████▄  ▀███
 ███   ██▀  ██▄ ▄██  ▀██   ███
███   ███  ███   ███  ███   ███
███   ███   ███████   ███   ███
 ███   ███▄▄       ▄▄███   ███
  ███▄   ▀▀█████████▀▀   ▄███
   ▀████▄▄           ▄▄████▀
      ▀▀███████████████▀▀
DeepOnion
Anonymous and Untraceable
ANN  Whitepaper  Facebook  Twitter  Telegram  Discord 





      ▄▄██████████▄▄
    ▄███▀▀      ▀▀█▀   ▄▄
   ███▀              ▄███
  ███              ▄███▀   ▄▄
 ███▌  ▄▄▄▄      ▄███▀   ▄███
▐███  ██████   ▄███▀   ▄███▀
███▌ ███  ███▄███▀   ▄███▀
███▌ ███   ████▀   ▄███▀
███▌  ███   █▀   ▄███▀  ███
▐███   ███     ▄███▀   ███
 ███▌   ███  ▄███▀     ███
  ███    ██████▀      ███
   ███▄             ▄███
    ▀███▄▄       ▄▄███▀
      ▀▀███████████▀▀
.
guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1176
Merit: 1192



View Profile
October 16, 2018, 07:14:21 AM
 #23

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

Depends. I suppose it could be abused by bots and probably should be limited to Juniors like theymos mentioned in the opening post, but I'm sure the benefits outweigh the negatives. I'm sure the admins will be able to see if it's being abused or not but it's certainly a positive for us genuine users.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1301


https://bit.ly/2FR9nyn - free python tutorials


View Profile
October 16, 2018, 08:37:08 PM
 #24

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

No more than normal. If you were an enthusiastic bot programmer before you could program your addon for firefox or google chrome in order to make your bot post.
Alternatively, there are programming lanauges taht can control browsers that you can use which will probably still be used now for bots to post, there is a limit on newbies of 360 seconds, is this nt enough to try to stop the spambiestm? spamies is copyright Jet Cash

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
October 16, 2018, 09:58:26 PM
 #25

It sounds like this means that for all intents and purposes, you will only need to use a captcha once, when you create your account, provided you save the bypass link and can access it when you login.

This is probably a step forward for tor users, although CF sometimes otherwise makes using tor difficult. It would probably be helpful (and marginally profitable) to sell unique .onion addresses intended for individual users that can be used to access the forum via tor. Privacy would only be impacted marginally, although depending on how much information you think CF collects, it may help privacy.

Find the fire hydrant in my Avatar for a prize.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3514
Merit: 6239


View Profile
October 16, 2018, 11:21:17 PM
 #26

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1301


https://bit.ly/2FR9nyn - free python tutorials


View Profile
October 17, 2018, 11:13:01 AM
 #27

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1176
Merit: 1192



View Profile
October 17, 2018, 12:00:19 PM
Last edit: October 17, 2018, 02:44:50 PM by guybrushthreepwood
 #28

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1301


https://bit.ly/2FR9nyn - free python tutorials


View Profile
October 17, 2018, 08:00:24 PM
 #29

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

I usually try limiting it to three and then just using the shortcut for a new circuit after that...
seemed to work well for me.

Marvell1
Legendary
*
Offline Offline

Activity: 1428
Merit: 1000


View Profile
November 11, 2018, 10:19:59 AM
 #30

Such a wonderful improvement! Last time I was active I just didn't want to get in because of such annoying captcha.

⚫ ⚫ ⚫Make even more profit on crypto trading with secure automatic trading https://trade-mate.io⚫ ⚫ ⚫
H8bussesNbicycles
Jr. Member
*
Offline Offline

Activity: 84
Merit: 9

▄▀ REMOVE LAUDA FROM DT


View Profile
November 13, 2018, 08:03:50 PM
Merited by LoyceV (2)
 #31

I FINALLY BEAT GOOGLE!!!

You can register if you try a bajillion times. It does eventually let you in after an hour of training the self driving cars/skynet killbots.

I expected to be hit by an evil fee but their was no mention of it. Is that still a thing or did I get lucky and happen to be on a rare IP?

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?

▄▀▄▀▄▀▄▀▄ REMOVE LAUDA and Corruption FROM DT ▄▀▄▀▄▀▄▀▄ bitcointalk.org/index.php?topic=5103988
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
November 15, 2018, 02:15:35 AM
 #32

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

Find the fire hydrant in my Avatar for a prize.
H8bussesNbicycles
Jr. Member
*
Offline Offline

Activity: 84
Merit: 9

▄▀ REMOVE LAUDA FROM DT


View Profile
November 15, 2018, 04:35:34 AM
 #33

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?

▄▀▄▀▄▀▄▀▄ REMOVE LAUDA and Corruption FROM DT ▄▀▄▀▄▀▄▀▄ bitcointalk.org/index.php?topic=5103988
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
November 15, 2018, 05:38:36 AM
 #34

Another Q - This captcha bypass link.
If someone were to find my link in a file would they be able to figure out what account is related to that link short of subpoenaing Theymos?
It looks like you will get an error message if you try to login using a link that is not associated with the account you are trying to login to. You could presumably brute force which account is associated with a code by trying to login to every account until you no longer get an error message. I suspect theymos would detect this and invalidate the code before someone could try many accounts.

OH DAMN

For all other accounts it gives "invalid code" with incorrect password.
For the correct account it gives "invalid password" with incorrect password.
It lets you try as fast as you can too.

It would be easy to brute force if you had a list of suspects, even the list of active accounts isn't that many if you use a bot.

Bug?
You could argue this is a bug. Like I said before, I don't think theymos would allow a large number of attempts before he would take action on the code/link being used.

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.

Find the fire hydrant in my Avatar for a prize.
LoyceV
Legendary
*
Offline Offline

Activity: 1610
Merit: 4641


Largest Merit Circle on BPIP!


View Profile WWW
November 15, 2018, 07:01:44 AM
 #35

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.
Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:
If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
December 08, 2018, 10:51:32 PM
Merited by LoyceV (1)
 #36

Perhaps a solution would be to invalidate the code after xxx number of consecutive attempts to login to an account not associated with the code.
Shouldn't that be implemented for incorrect passwords too? If you fail more than 10 times, you should get a captcha again. That also stops any brute-force attack in case your unique link is leaked:
If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it:
Perhaps, however if you keep the link secret, this will not be an issue.

My login code (that I have since reset) is 893f4e9d4e171dc97db6 -- If someone were to know that someone uses this code, they could attempt to login using every username until they don't get an error message anymore, then bruteforce my password.

Another solution might be to only give the error message for the first xxx consecutive attempts to login to an account not associated with the code but keep the code active. This would prevent an attacker forcing someone to use the captcha while reducing the risk that an attacker could use a captcha bypass code to first bruteforce which account it is associated with and then bruteforce the PW

Find the fire hydrant in my Avatar for a prize.
AhmadM
Full Member
***
Offline Offline

Activity: 406
Merit: 165

Do With Your Own Risk


View Profile
February 23, 2019, 01:05:53 PM
 #37

Bump

I know maybe it's not the newest update on bitcointalk, but I just read it recently. Thanks to @LoyceV for bumping this topic [GUIDES] on Bitcointalk. Index thread because of that I can found it.

It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos

And from my sight, it doesn't have high traffic views. So I translated it to my native language with my comprehension to share it on my local board. I'll be glad if you want to visit on my thread here
LoyceV
Legendary
*
Offline Offline

Activity: 1610
Merit: 4641


Largest Merit Circle on BPIP!


View Profile WWW
February 23, 2019, 03:13:56 PM
 #38

It is very useful for me, I don't need to deal with captcha 3-10 times in a day anymore. Thanks @theymos
I guess you didn't see this:
Image loading...

UserU
Member
**
Offline Offline

Activity: 336
Merit: 26

Best VGO and Bitcoin Sites @ VGOSKINZ.COM


View Profile WWW
February 23, 2019, 03:57:15 PM
 #39

I guess you didn't see this:
Image loading...

I tested it, and it showed "You have to login first".

Maybe theymos could just add SolveMedia to alleviate the whole thingy.

AhmadM
Full Member
***
Offline Offline

Activity: 406
Merit: 165

Do With Your Own Risk


View Profile
February 23, 2019, 05:00:15 PM
 #40

I guess you didn't see this:

Yeah, I didn't see it. I also tried it by myself as @UserU do and it showed the same message as him. We have to log in first to get the captcha code.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!