Well we run neechan and tentakle (these are both anonymous image boards) and since like a month ago, we started getting bombed with CP , although completely against our rules, the idea of a image board is that anyone can post easily, so CP and other nasty stuff tends to show up from time to time, but that was not the case, this was continuous multiple posts a day, the idea is simple, to bypass our various protections, they just post a CP image with the url to visit on the image itself, so things like banning the domain aren’t going to work as well as banning just posting images, cause that’s a natural thing to do on a image boards, so what did we do?

Hummm we started by increasing the restrictions, adding captcha and starting to ban by image hash, however all of these the bots kept bypassing, old captcha systems can be broken pretty easily by software, images can be changed ever so slightly to bypass image hash, that was especially hard on neechan’s wabaka captcha, that was easily broken, this got to a point that rightly so someone told google that we were hosting CP ourself, but only between the time of posting and the time it takes for an admin (me) to delete it, so clearly we needed to improve even more our code, so we hacked the code and started using re-captcha.

So did it work? actually yes, not only cause re-captcha is quite a strong captcha system, but mostly cause these bots are targeted to this software and its weaknesses, if i would change to a more simple setup i believe it would also break the bots, well until it was programmed to break that particular system, but this way, we can outsource at least part of our security to someone that knows captchas and thus solving our problem, so will we switch tentakle also to re-captcha, hummm if CP starts passing through it, absolutely ^_^.oO ( thank you recaptcha )

Leave a Reply