Hacker News new | comments | show | ask | jobs | submit login

That doesn't look at all impressive. It seems easy to write a solver for it. Especially considering most spam bots are quite happy with relatively low rates of succeeding, they can just brute-force until they find one they can solve.

I think they use javascript to record the coordinate (x, y) where you clicked it

on one scenario you 'll select a 24x24 square out of a 200x100 pixel picture, the success rate is 2.8%

Why would I pick a pixel at random when I could pick a black pixel and have better than 10% chance of getting it right regardless of the question with less than 10 lines of code?

I think it's higher than that. I think we can atleast use some kinda of processing to detect where the circle/square/retangles are. So, it is more like 1/9. So in 6 tries there is a 50% chance of success.

Bots will be happy by any success rate above 0%


I am the developer of clickcha. Appreciate the input, but you seem to be forgetting that bruteforcing can be avoided by temporarily banning the IP for some time after certain number of incorrect attempts.

Don't forget that spammers exploit botnets with tens of thousands zombie computers each one with unique IP. 2.8% from 10000 zombies = 280 first try successful breaches.

You could make it much harder for bots by asking the user to click on two numbers (e.g. highest and lowest). I don't think that would be too much extra work for the user as most of the effort is in scanning through all of the numbers.

That's why they use botnets for this. Each attempt will be from a fresh ip.

Don't give up though, you are on to something. If you can make the permutation higher then yea you can definitely make it big.

I'd like to combine this with akismet. Bots will be happy with a 2% rate but I'll be more happy than them with 98% less comments to check in the spam folder

2% success rate against bots does not equal 98% fewer bot posts. Just 50x more traffic.

> Just 50x more traffic.

50x traffic is too obvious to ban :)

a five digit case-ignore number/letter success rate is 1/(36^5), it's very small but still above 0%

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact