Pages:
Author

Topic: Captcha bypass - page 2. (Read 2276 times)

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 17, 2018, 03:00:24 PM
#28
This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.

I usually try limiting it to three and then just using the shortcut for a new circuit after that...
seemed to work well for me.
legendary
Activity: 1232
Merit: 1195
October 17, 2018, 07:00:19 AM
#27
This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

I've only run into the error that one time so far so it's probably fine.

update - Just happened again, but only took me three goes at the captcha so not really an issue.

This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.

But you still had to go through the tedious process of filling out the captcha ten times just to find out you've been blocked. The bypass link is probably enough for now and I'm thankful for it.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 17, 2018, 06:13:01 AM
#26
This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.

When i used to use it, generally refreshing one's identity did the trick if you can't get through on the first few attempts and you're using tor.
administrator
Activity: 5222
Merit: 13032
October 16, 2018, 06:21:17 PM
#25
This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

It doesn't bypass the Cloudflare captcha, only the forum's own captcha. Whether you get a CF captcha depends on whether / how much the forum is currently being attacked and CF's idea of your IP's reputation.

There are some possible ways that I could allow bypassing the CF captcha, but they're all troublesome in various ways. Maybe I'll look into it if there are a lot of complaints about CF's captcha.
copper member
Activity: 2996
Merit: 2374
October 16, 2018, 04:58:26 PM
#24
It sounds like this means that for all intents and purposes, you will only need to use a captcha once, when you create your account, provided you save the bypass link and can access it when you login.

This is probably a step forward for tor users, although CF sometimes otherwise makes using tor difficult. It would probably be helpful (and marginally profitable) to sell unique .onion addresses intended for individual users that can be used to access the forum via tor. Privacy would only be impacted marginally, although depending on how much information you think CF collects, it may help privacy.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 16, 2018, 03:37:08 PM
#23
Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

No more than normal. If you were an enthusiastic bot programmer before you could program your addon for firefox or google chrome in order to make your bot post.
Alternatively, there are programming lanauges taht can control browsers that you can use which will probably still be used now for bots to post, there is a limit on newbies of 360 seconds, is this nt enough to try to stop the spambiestm? spamies is copyright Jet Cash
legendary
Activity: 1232
Merit: 1195
October 16, 2018, 02:14:21 AM
#22
This was previously working a treat, but today on logging in I immediately got a Cloudflare page and captcha that took about 5 attempts then didn't allow me though. Managed on the second time, however.

Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha

Depends. I suppose it could be abused by bots and probably should be limited to Juniors like theymos mentioned in the opening post, but I'm sure the benefits outweigh the negatives. I'm sure the admins will be able to see if it's being abused or not but it's certainly a positive for us genuine users.
sr. member
Activity: 308
Merit: 280
October 15, 2018, 11:23:32 PM
#21
Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
Bot accounts can do nothing because each and every account has their own unique link. So, it's almost imposible to utilize by bots, IMO.
jr. member
Activity: 35
Merit: 1
October 15, 2018, 07:20:53 PM
#20
Doesn't that make it easier for scammer, bot accounts, farmers, etc. to shitpost constantly?
I use the "always stay logged in" option and rarely have to see the Captcha
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
October 15, 2018, 04:16:58 PM
#19
You can now bypass the login CAPTCHA by bookmarking the link generated for you here: https://bitcointalk.org/captcha_code.php
Thank you very much.
administrator
Activity: 5222
Merit: 13032
October 03, 2018, 10:12:15 PM
#18
The only added risk is that if your computer is compromised, they could get the link with the code. He mentioned owning that code makes bruteforcing the pass easier. Anyone has the math?

If your password is decent and unique to bitcointalk.org, then brute-forcing isn't going to be possible via the Internet. I can't imagine anyone being able to do more than a few hundred attempts per second, which is far slower than if you had the password hash.

The main reason why the login captcha is necessary at all is that whenever some site's username/password database is leaked anywhere on the Internet, hackers would come and try all of those logins here, grabbing a few accounts from people who shared passwords, and sometimes slowing down the forum from the rapid barrage of login attempts. These codes are sufficient for preventing that on any large scale. For individual users, the main thing is to not share passwords, not even with minor variations between sites.
legendary
Activity: 1372
Merit: 1252
October 03, 2018, 09:49:16 PM
#17
Does the captcha vary between countries.
It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue
I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.

I don't think gmail would help too much with tor either.
A good precise tap of the ticking box on a normal computer does enough. If you're precise and natural enough for google to believe you're not a bot, I believe you can get in quite easy on the first few attempts from you IP. However, using recaptcha on a lot of occasions can make the image box show up, when I was in college you used to have to do the image verification every time you wanted to fill a recaptcha no matter what else you'd done and logged onto on that machine...

Captchas are hell with Tor. In most cases, you'll be forced to compromise your security by being forced to enable javascript, iframes and so on so the thing shows up, and hackers love javascript.

But yeah, I just tried theymos' workaround and it will save me so much time. Recently I made a thread asking for some ideas to bypass captcha, I was even willing to pay. It's awesome that he is still adding things to the forum and he did it for free. Now I will no longer have nightmares with traffic signs and crossroads.

The only added risk is that if your computer is compromised, they could get the link with the code. He mentioned owning that code makes bruteforcing the pass easier. Anyone has the math?
legendary
Activity: 1662
Merit: 1050
October 03, 2018, 11:25:57 AM
#16
You can now bypass the login CAPTCHA by bookmarking the link generated for you here: https://bitcointalk.org/captcha_code.php

If it causes problems, I might restrict it to Jr Members and above or something, but currently anyone can do it.

Good job buddy. Good job.

Just wanna know, do you have any formal PHP knowledge or its self-taught?
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 03, 2018, 09:47:40 AM
#15
Does the captcha vary between countries.
It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue
I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.

I don't think gmail would help too much with tor either.
A good precise tap of the ticking box on a normal computer does enough. If you're precise and natural enough for google to believe you're not a bot, I believe you can get in quite easy on the first few attempts from you IP. However, using recaptcha on a lot of occasions can make the image box show up, when I was in college you used to have to do the image verification every time you wanted to fill a recaptcha no matter what else you'd done and logged onto on that machine...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 03, 2018, 04:31:08 AM
#14
Does the captcha vary between countries.
It varies per country, IP address, browser fingerprinting, or anything else Google knows or wants to know about you Tongue
I've noticed that a logged in Gmail in the same browser helps too, and if you only use captcha a few times per day, just one click is enough most of the time.
That's why it's mainly a problem for Tor users, who share their exit IP with many others.
legendary
Activity: 2828
Merit: 2472
https://JetCash.com
October 03, 2018, 04:27:52 AM
#13
Does the captcha vary between countries. Whenever I change login details, all I have to do it to tick the captcha box. I think I have only triggered the image verification extension on a couple of occasions since it was implemented.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
October 03, 2018, 04:17:00 AM
#12
Will hacking an account through this link be easy than previous?

Normally it has 0 effect on the hacking thing. It is just a link that will let you insert your login without resolving captcha. If the hacker already has your credentials, he will hack your account whether he has this link or not.

It actually has an effect. If a hacker gets hold of the link, then the hacker can freely attempt to bruteforce your password; as they'd normally have to pay a good amount of money for captcha solvers(like 2captcha, deathbycaptcha, etc). It probably may not make it easier, but it's definitely a lot cheaper. This is why Theymos implemented a Reset feature for the link to be changed if ever you think someone else has your link.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 03, 2018, 03:57:35 AM
#11
Great! Hope it works because these are exactly the type of people whose posts I like to read..
Maybe nullius will come back..
I've sent him an email already Cheesy

Will hacking an account through this link be easy than previous?
You still need to set a decent password. If it's difficult enough, it can't be brute-forced.
member
Activity: 858
Merit: 13
Christ The King
October 03, 2018, 03:29:32 AM
#10
Thanks for this. I will show it to my BTT friends. There are days I get frustrated when logging in because of captcha and I will just chill hoping to get a quick verification later on. There are days I will have to severally close my browser.
full member
Activity: 448
Merit: 121
self made Full member (^-^)v
October 03, 2018, 12:40:48 AM
#9
Thank you!!

Perhaps I am not a bot, but it was sometimes difficult to clear the CAPTCHA... (Especially the stage of checking the shop's signboard was difficult Cry)
Pages:
Jump to: