2

I've seen some registration pages that have a "skill testing question" in addition to having a captcha. These skill testing questions are usually easy trivia, such as "what is 2 + 2" or "who invented the light bulb?". Registration will not go through unless the correct answer is given. What is the reason behind having such questions? If a bot already got past the captcha, there never seems to be a large pool of questions so the answers could be hard coded in. If a human in a 3rd world country is getting past the captchas (which to my understanding is why they don't work well) they could also solve a skill testing question (provide they have access to a search engine).

Celeritas
  • 10,039
  • 22
  • 77
  • 144
  • "which to my understanding is why they don't work well" -- are you assuming people in 3rd world countries are unable to retype a sequence? Or is this a misinterpretation? – pguetschow Nov 29 '16 at 10:17
  • @TechTreeDev what I was referring to is how people in in impoverished countries can be paid $5 for 100 correct captures or something like that. If you feel the need to make the wording more politically correct feel free to, but please don't waste anyone's time trying to nit pick. – Celeritas Nov 29 '16 at 10:20
  • Okay, I may have misunderstood that, as I were not aware of this method – pguetschow Nov 29 '16 at 10:38

2 Answers2

4

Bots are usually made generic. There is no bot to register specifically at Celeritas.domain and post spam. There is a bot to register at any generic Wordpress/xForum/yCMS site and post spam.

It is very hard to generically write a bot that can answer "What is one plus -2", "What color is a Firetruck?", "What is the name of this Blog?" and whatever else such registration questions can be. Posting spam on a single website is (currently) not valuable enough for this Spammers to pay humans to solve this things.

If there is a new Captcha system used at many domains, it is worth the effort to implement that. For a single site, the effort just isn't worth it, it seems, even if the effort is very low.

Josef
  • 5,903
  • 25
  • 33
  • On the contrary, human-generated spam is widespread and commonplace. From: https://theadminzone.com/threads/human-spammers-people-are-paid-to-spam-your-forum.136955/ "You may be aware of services like Amazon Mechanical Turk or Microworkers. These are crowdsourcing services that allow vendors to pay small amounts of money for the completion of tasks. These tasks often range from things like helping Google and Bing rank search results (human experience), and completing surveys. However, as I discovered today, spammers are using these systems on a massive scale to recruit human spammers." – Alfred Armstrong Nov 29 '16 at 17:31
  • @AlfredArmstrong and what prevents this people from solving simple skill testing questions? – Josef Nov 30 '16 at 07:19
  • Nothing. It seemed to me that you were implying that people don't pay humans to submit spam, but that may not have been exactly what you meant. – Alfred Armstrong Nov 30 '16 at 16:34
0

It is good enough for them because nobody cares enough to break it, but you are right that a bot could easily solve all those questions by either hardcoding the answers or as a generic fall-back solution trying to parse the mathematical expression which will always work for things like "2+2".

André Borie
  • 12,706
  • 3
  • 39
  • 76