• dragontamer@lemmy.world
    link
    fedilink
    English
    arrow-up
    50
    ·
    1 year ago

    Except we know its not true.

    Just one month ago, Lemmy didn’t have CAPTCHAs, and we were hit by so many script-kiddies that signups to https://lemmy.world had to be disabled.

    The hackers who will create thousands-of-accounts and make thousands-of-spam posts are largely low-quality hackers who don’t know how to make an AI bot. Proof? When the Admins added the dumbest of CAPTCHAs to https://lemmy.world, those fake-signups stopped.

    CAPTCHAs work, at least at the level that lemmy.world is at. We’ll have to get better as we get more popular but there’s an ocean of difference from wget/curl script-kiddie and AI-using bot master.

    • agent_flounder@lemmy.one
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      I suspect it is just a matter of time before someone makes the tech easy to use and affordable enough for the masses of bad actors.

    • Terrasque@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      Yeah, they still work somewhat as in they raise the bar on how complex the bot needs to be.

      Believe me, there’s tons of spammers out there that have captcha cracking bots. They’re just not as dumb as the basic skiddie that can barely make a http POST.

      Captcha’s were supposed to separate bots from humans. Now it separates simple bots from complex bots.

      Oh, and as a bonus, a lot of places hire people to create accounts and post spam for pennies.

    • asudox@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      It’s a very bad decision to not implement CAPTCHA when you are going to allow signups. There’s always someone that will take advantage of this and annoy you with constant sign ups.