Can CAPTCHAs be bypassed?

If you’ve browsed the Internet for over, let’s say, 30 minutes it’s highly likely that you’ve encountered a CAPTCHA riddle and wondered how to bypass it. We’re talking about those tasks where you have to decipher a highly distorted text, where you have to pick a certain color, or where you have to pick all the images containing a certain object. Let’s be honest – nobody likes solving them.

Bypassing CAPTCHAs seems like something everyone wants to do. Most website visitors are probably thinking to themselves – I just want to get things done on this website & move on! However, there is a reason for CAPTCHAs to pop up from time to time.

In this article, we’ll go over what CAPTCHAs are, why do they appear, and finally can they be bypassed or not.

What are CAPTCHAs?

Completely Automated Public Turing test to tell Computers and Humans Apart – or shortened CAPTCHA – is a challenge-response test presented to certain website visitors in order to distinguish humans from bots. 

The first version of CAPTCHA was developed in 1997. It was a task of recognizing a distorted text and writing it down as a response. From then on, the varieties of CAPTCHA have flourished and become more complex.

Nowadays, there are image recognition CAPTCHAs, pattern recognition CAPTCHAs, color recognition CAPTCHAs, and even simple checkbox CAPTCHAs that track your cursor movement before you’ve even checked the required box. 

The essence of CAPTCHA logic is that there are tasks that humans can perform with much more ease compared to various types of bots. Specifically, CAPTCHA tasks have at least two stages when it comes to solving them: 

  • Segmentation – refers to the process of distinguishing various elements on a riddle. In most cases, this means various letterforms. This task is made harder or easier depending on the number of additional elements on the CAPTCHA riddle – arcs, lines, overlapping letterforms, etc.
  • Recognition – Once the letterforms have been (successfully) segmented, it’s required for a bot to recognize them. Compared to segmentation, this is usually an easier task. However, the difficulty can vary depending on how distorted the CAPTCHA content is. 

Why do CAPTCHAs appear?

Let’s quickly clear up why CAPTCHAs are being shown in the first place. In most cases it’s due to one of these factors:

  • Suspicious IP address – a visit to the website is originating from an IP address that’s either on a blacklist or in a pool of suspicious IP addresses;
  • Suspicious behavior on a website – this includes, but is not limited to, how many times do you visit the same URL, how long is your time spent on a page, cursor movement patterns, etc.;
  • You’re registering on a website for the first time – usually when creating an account, websites want to check if it’s an automated attempt to create an account for various malicious purposes;
  • You’re trying to change a password – websites want to make sure that the person who’s trying to change the password is a real human (and the actual owner of the account).

As only one of many types of measures against bots, CAPTCHAs are ultimately aimed at stopping malicious bot traffic from overflowing a specific website.

Besides overflowing and thus causing the website to slow down or crash some other negative effects of bot traffic are: 

  • Scraping Data;
  • Creating Fake Accounts;
  • Placing Fake Orders on eCommerce websites;
  • Spamming.

Is it possible to bypass CAPTCHAs?

First of all, sometimes even human visitors are not able to solve every CAPTCHA riddle (for example, when a letterform is too distorted). This poses a risk of deterring real visitors from browsing your website. 

However, when it comes to bypassing and solving CAPTCHAs, there are a couple of ways it can be done. We’ll list the most common ones in this article. 

Bypassing CAPTCHA with Machine Learning

As we’ve previously mentioned, solving CAPTCHAs and creating more difficult CAPTCHA tasks is a process similar to a game of cat and mouse. Newer versions of CAPTCHA have been very successful at being unsolvable by bots. 

Text-based CAPTCHAs may be nowadays not considered secure enough and easily bypassable. However, the varieties that CAPTCHAs come in are numerous and are getting more difficult for bots to bypass.

Mass-solving by humans

The so-called CAPTCHA virtual sweatshops are based in countries where labor is cheap and are thus able to offer incredibly low prices for solving incredibly large amounts of CAPTCHAs. The usual rate for solving 1000 CAPTCHA riddles is around $1!   

Dedicated Services

We will not name them here, but there are services that are able to bypass CAPTCHAs for you by combining the two previously mentioned methods. The rates here are also very cheap and they sometimes add their own features, such as APIs and libraries that will help their clients bypass CAPTCHAs even easier. 

Trying not to be suspicious

Suspicious behavior means behaving similarly to how bots behave on a website. Avoiding this will help you bypass CAPTCHA in the sense that they won’t even show up. It’s important to understand that this is not always possible and that in some cases, the riddles will still appear.

What does this mean, specifically? Here’s a list of generic bot behavior that you should try to stay away from: 

  • Quickly jumping from page to page;
  • Linear cursor movements – this is not that big of a reason to worry, because it’s actually extremely difficult to do this with your own hand;
  • Scrolling patterns. 

Conclusion

As we have seen, CAPTCHAs are one of many ways to stop malicious bot traffic from accessing a website.

Also, we have shown how CAPTCHAs can be bypassed. Nowadays, it’s getting easier and easier to do so. 

What’s important, especially if you’re an owner of a website, is to know how well protected your website is. This means getting a bot protection score that will take into account CAPTCHAs, but also all other bot protection measures you have implemented. 

The great news is that you’re able to do exactly that with BotMeNot, which is currently in the Beta stage and looking for users who are willing to provide feedback (btw – every Beta user receives 100 Free testing credits)!

Leave a Reply