A Completely Automated Public Turing test to all Computers and Humans Apart (CAPTCHA), is a test designed to distinguish human users from bots, to reduce the amount of bot traffic hitting a website.
CAPTCHA tests are often used on email login pages, forums and comment sections of a blog or news site to specifically prevent spam bots and automated brute force attacks. As threat actors have become increasingly sophisticated, CAPTCHAs have in turn needed to adapt to remain effective.
While traditionally, CAPTCHAs required a user to copy a jumbled sequence of numbers and letters. However, users are now more likely to see a grid of images from which they must, for example, select all images with bridges or all images with a set of traffic lights.
CAPTCHA evasion techniques
CAPTCHA forms are fundamental to the web/sec admin’s detection and response arsenal, significantly reducing the number of spambots to a website and mitigating the effects of a brute force attack. Due to their ongoing usage, threat actors continue their attempts to defeat their tests using a variety of automated evasion techniques. Amongst the most common evasion strategies are CAPTCHA farms.
CAPTCHA farms bridge the gap between threat actors and the site they want to access via a CAPTCHA form. A bot is integrated via a third-party API and when faced with a CAPTCHA form, a request is sent to a real human in a farm, who will solve the challenge. The human-generated response is sent to the bot, who solves the challenge via the web application and their “human” status is verified.
Blocking CAPTCHA evasion techniques
CAPTCHA continues to play a critical role in most cybersecurity solutions however, they are not enough on its own.
Netacea takes a smarter approach to bot management. Our Intent AnalyticsTM powered by machine learning quickly and accurately distinguishes bots from humans to protect websites, mobile apps and APIs from automated threats while prioritising genuine users. Actionable intelligence with data-rich visualisations empowers you to make informed decisions about your traffic.
Talk to our team of cyber-security experts today to discover more about our pioneering approach to bot management to help you detect unwanted bot activity and defend against it.