Bot protection loophole

Out of order

Posting comments without accounts is supposed to be done manually, using images that only humans are supposed to be able to read.

But the ones employed on this site are extremely weak.

Using simple Javascript, we can easily get past the “bot protection” that can currently be found on any inquiryhub.org blog.

The bot protection only has 9 variations for bots to get past- and it says which variation it uses directly in the image.
This makes it extremely easy to bypass it.

$('securitycode').value = (function () {
    switch ($('securitycode').next().next().src.match(/antiselect=([0-9])/)[1]) {
        case '1': return '1removingspam';
        case '2': return '3iamahuman';
        case '3': return '4iamnotabot';
        case '4': return '5nospamplease';
        case '5': return '6pleasedontspam';
        case '6': return '7spamisntnice';
        case '7': return '8dontspamme';
        case '8': return '9spamisbad';
        case '9': return '10stopmrspam';
    }
})();

6 thoughts on “Bot protection loophole”

Blah

Reply ↓

Is this supposed to work?

Reply ↓

Indy on February 1, 2013 at 4:17 pm said:

It requires the jQuery library. I created a version without this dependancy but never updated the post.

Reply ↓
- S H Mohanjith on February 2, 2013 at 11:57 am said:
  
  I mean is the loop hole still there 🙂
  
  Reply ↓
  - Indy on February 8, 2013 at 6:43 pm said:
    
    Yup
    
    Reply ↓
    - S H Mohanjith on February 9, 2013 at 8:57 am said:
      
      I’m afraid we have already patched it 🙂
      
      You can try again.

Elijah's Blog

Charlie

6 thoughts on “Bot protection loophole”

Leave a Reply Cancel reply