DarkSEO has some code to attack php3bb captchas

. (Note: I didn’t even look at the code, it could be a virus or anything).

I do not find that very surprising that this has happened, most of the captchas around are very naive, and I’ve seen multiple scientific articles detailing how to attack various captchas. Many use colors and thin lines to make them look hard, but after applying a naive energy function and doing some blurring to remove the thin lines, they break down.

ReCaptcha is quite interesting, because it doesn’t bother with some useless colorification that doesn’t change contrast. But I wonder if it can’t be overrun by spammers and how long it will scale. Still I figure it is what I would pick right now, because they can upgrade it if it actually is attacked by solvers.

It doesn’t help much for the proxy attack on Captchas though (offer users to view some pr0n in exchange for solving a Captcha that you actually were given to solve by another site) - at least not when combined with some XSS and/or bot net. (The ‘obvious’ proxy approach can be IP-filtered.)