Captcha bypass - page 2. | Bitcointalksearch.org

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: guybrushthreepwood on October 17, 2018, 08:00:19 AM

Quote from: theymos on October 16, 2018, 07:21:17 PM

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

Quote from: jackg on October 17, 2018, 07:13:01 AM

Quote from: theymos on October 16, 2018, 07:21:17 PM

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

I usually try limiting it to three and then just using the shortcut for a new circuit after that...
seemed to work well for me.

guybrushthreepwood

legendary

Activity: 1232

Merit: 1195

Quote from: theymos on October 16, 2018, 07:21:17 PM

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

Quote from: jackg on October 17, 2018, 07:13:01 AM

Quote from: theymos on October 16, 2018, 07:21:17 PM

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: theymos on October 16, 2018, 07:21:17 PM

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: guybrushthreepwood on October 16, 2018, 03:14:21 AM

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

Quickseller

copper member

Activity: 2870

Merit: 2298

It sounds like this means that for all intents and purposes, you will only need to use a captcha once, when you create your account, provided you save the bypass link and can access it when you login.

This is probably a step forward for tor users, although CF sometimes otherwise makes using tor difficult. It would probably be helpful (and marginally profitable) to sell unique .onion addresses intended for individual users that can be used to access the forum via tor. Privacy would only be impacted marginally, although depending on how much information you think CF collects, it may help privacy.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: Armagh1234 on October 15, 2018, 08:20:53 PM

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

No more than normal. If you were an enthusiastic bot programmer before you could program your addon for firefox or google chrome in order to make your bot post.
Alternatively, there are programming lanauges taht can control browsers that you can use which will probably still be used now for bots to post, there is a limit on newbies of 360 seconds, is this nt enough to try to stop the spambies^tm? spamies is copyright Jet Cash

guybrushthreepwood

legendary

Activity: 1232

Merit: 1195

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

Quote from: Armagh1234 on October 15, 2018, 08:20:53 PM

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

Depends. I suppose it could be abused by bots and probably should be limited to Juniors like theymos mentioned in the opening post, but I'm sure the benefits outweigh the negatives. I'm sure the admins will be able to see if it's being abused or not but it's certainly a positive for us genuine users.

S_Therapist

sr. member

Activity: 308

Merit: 277

Quote from: Armagh1234 on October 15, 2018, 08:20:53 PM

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?

Bot accounts can do nothing because each and every account has their own unique link. So, it's almost imposible to utilize by bots, IMO.

Armagh1234

jr. member

Activity: 35

Merit: 1

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Quote from: theymos on October 02, 2018, 09:49:32 PM

You can now bypass the login CAPTCHA by bookmarking the link generated for you here: https://bitcointalk.org/captcha_code.php

Thank you very much.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: cellard on October 03, 2018, 10:49:16 PM

The only added risk is that if your computer is compromised, they could get the link with the code. He mentioned owning that code makes bruteforcing the pass easier. Anyone has the math?

If your password is decent and unique to bitcointalk.org, then brute-forcing isn't going to be possible via the Internet. I can't imagine anyone being able to do more than a few hundred attempts per second, which is far slower than if you had the password hash.

The main reason why the login captcha is necessary at all is that whenever some site's username/password database is leaked anywhere on the Internet, hackers would come and try all of those logins here, grabbing a few accounts from people who shared passwords, and sometimes slowing down the forum from the rapid barrage of login attempts. These codes are sufficient for preventing that on any large scale. For individual users, the main thing is to not share passwords, not even with minor variations between sites.

cellard

legendary

Activity: 1372

Merit: 1250

Quote from: jackg on October 03, 2018, 10:47:40 AM

Quote from: LoyceV on October 03, 2018, 05:31:08 AM

Quote from: Jet Cash on October 03, 2018, 05:27:52 AM

Does the captcha vary between countries.

It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue

I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.

I don't think gmail would help too much with tor either.
A good precise tap of the ticking box on a normal computer does enough. If you're precise and natural enough for google to believe you're not a bot, I believe you can get in quite easy on the first few attempts from you IP. However, using recaptcha on a lot of occasions can make the image box show up, when I was in college you used to have to do the image verification every time you wanted to fill a recaptcha no matter what else you'd done and logged onto on that machine...

Captchas are hell with Tor. In most cases, you'll be forced to compromise your security by being forced to enable javascript, iframes and so on so the thing shows up, and hackers love javascript.

But yeah, I just tried theymos' workaround and it will save me so much time. Recently I made a thread asking for some ideas to bypass captcha, I was even willing to pay. It's awesome that he is still adding things to the forum and he did it for free. Now I will no longer have nightmares with traffic signs and crossroads.

The only added risk is that if your computer is compromised, they could get the link with the code. He mentioned owning that code makes bruteforcing the pass easier. Anyone has the math?

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: theymos on October 02, 2018, 09:49:32 PM

You can now bypass the login CAPTCHA by bookmarking the link generated for you here: https://bitcointalk.org/captcha_code.php

If it causes problems, I might restrict it to Jr Members and above or something, but currently anyone can do it.

Good job buddy. Good job.

Just wanna know, do you have any formal PHP knowledge or its self-taught?

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: LoyceV on October 03, 2018, 05:31:08 AM

Quote from: Jet Cash on October 03, 2018, 05:27:52 AM

Does the captcha vary between countries.

It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue

I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.

I don't think gmail would help too much with tor either.
A good precise tap of the ticking box on a normal computer does enough. If you're precise and natural enough for google to believe you're not a bot, I believe you can get in quite easy on the first few attempts from you IP. However, using recaptcha on a lot of occasions can make the image box show up, when I was in college you used to have to do the image verification every time you wanted to fill a recaptcha no matter what else you'd done and logged onto on that machine...

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Jet Cash on October 03, 2018, 05:27:52 AM

Does the captcha vary between countries.

It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue

I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.

Jet Cash

legendary

Activity: 2688

Merit: 2444

https://JetCash.com

Does the captcha vary between countries. Whenever I change login details, all I have to do it to tick the captcha box. I think I have only triggered the image verification extension on a couple of occasions since it was implemented.

mk4

legendary

Activity: 2716

Merit: 3817

Paldo.io 🤖

Quote from: InvoKing on October 03, 2018, 01:27:48 AM

Quote from: Little Mouse on October 03, 2018, 01:18:18 AM

Will hacking an account through this link be easy than previous?

Normally it has 0 effect on the hacking thing. It is just a link that will let you insert your login without resolving captcha. If the hacker already has your credentials, he will hack your account whether he has this link or not.

It actually has an effect. If a hacker gets hold of the link, then the hacker can freely attempt to bruteforce your password; as they'd normally have to pay a good amount of money for captcha solvers(like 2captcha, deathbycaptcha, etc). It probably may not make it easier, but it's definitely a lot cheaper. This is why Theymos implemented a Reset feature for the link to be changed if ever you think someone else has your link.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: eddie13 on October 02, 2018, 11:06:54 PM

Great! Hope it works because these are exactly the type of people whose posts I like to read..
Maybe nullius will come back..

I've sent him an email already Cheesy

Quote from: Little Mouse on October 03, 2018, 01:18:18 AM

Will hacking an account through this link be easy than previous?

You still need to set a decent password. If it's difficult enough, it can't be brute-forced.

Lizzylove1

member

Activity: 858

Merit: 13

Christ The King

Thanks for this. I will show it to my BTT friends. There are days I get frustrated when logging in because of captcha and I will just chill hoping to get a quick verification later on. There are days I will have to severally close my browser.

tactac

full member

Activity: 448

Merit: 121

self made Full member (^-^)v

Thank you!!

Perhaps I am not a bot, but it was sometimes difficult to clear the CAPTCHA... (Especially the stage of checking the shop's signboard was difficult Cry

)

Topic: Captcha bypass - page 2. (Read 2157 times)