Just one month ago, Lemmy didn’t have CAPTCHAs, and we were hit by so many script-kiddies that signups to https://lemmy.world had to be disabled.
The hackers who will create thousands-of-accounts and make thousands-of-spam posts are largely low-quality hackers who don’t know how to make an AI bot. Proof? When the Admins added the dumbest of CAPTCHAs to https://lemmy.world, those fake-signups stopped.
CAPTCHAs work, at least at the level that lemmy.world is at. We’ll have to get better as we get more popular but there’s an ocean of difference from wget/curl script-kiddie and AI-using bot master.
Yeah, they still work somewhat as in they raise the bar on how complex the bot needs to be.
Believe me, there’s tons of spammers out there that have captcha cracking bots. They’re just not as dumb as the basic skiddie that can barely make a http POST.
Captcha’s were supposed to separate bots from humans. Now it separates simple bots from complex bots.
Oh, and as a bonus, a lot of places hire people to create accounts and post spam for pennies.
It’s a very bad decision to not implement CAPTCHA when you are going to allow signups.
There’s always someone that will take advantage of this and annoy you with constant sign ups.
Except we know its not true.
Just one month ago, Lemmy didn’t have CAPTCHAs, and we were hit by so many script-kiddies that signups to https://lemmy.world had to be disabled.
The hackers who will create thousands-of-accounts and make thousands-of-spam posts are largely low-quality hackers who don’t know how to make an AI bot. Proof? When the Admins added the dumbest of CAPTCHAs to https://lemmy.world, those fake-signups stopped.
CAPTCHAs work, at least at the level that lemmy.world is at. We’ll have to get better as we get more popular but there’s an ocean of difference from wget/curl script-kiddie and AI-using bot master.
I suspect it is just a matter of time before someone makes the tech easy to use and affordable enough for the masses of bad actors.
I totally agree.
So basically just a cat and mouse game until the singularity?
Yeah, they still work somewhat as in they raise the bar on how complex the bot needs to be.
Believe me, there’s tons of spammers out there that have captcha cracking bots. They’re just not as dumb as the basic skiddie that can barely make a http POST.
Captcha’s were supposed to separate bots from humans. Now it separates simple bots from complex bots.
Oh, and as a bonus, a lot of places hire people to create accounts and post spam for pennies.
It’s a very bad decision to not implement CAPTCHA when you are going to allow signups. There’s always someone that will take advantage of this and annoy you with constant sign ups.