Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Spam userbots solving the captcha? #121

Open
shentino opened this issue Aug 27, 2021 · 6 comments
Open

[Question] Spam userbots solving the captcha? #121

shentino opened this issue Aug 27, 2021 · 6 comments
Labels
question Further information is requested track Something to keep track of its evolution

Comments

@shentino
Copy link

Just wanted to give a heads up to the devs that I just got hit by a pakistani promotions spambot that successfully completed the captcha.
@J-Rios
Copy link
Owner

J-Rios commented Aug 27, 2021

Hi,

Did you see a lot of them joining, or it is just one?

Are you sure that it is an automatically userbot and not a human that solve the captcha and then send Spam?

Note that JoinCaptchaBot uses image captchas and that technology are not infallible in these days, I mean, if some malicious developer train a neural network specifying targeting this images to make an OCR, it is posible to solve them and make userbots that can solve it. However, due I made my own way to create this captchas and are not globally used (as google recaptcha and others), there is not a public library to solve them, so they need to focus specifically and waste time developing/training to solve JoinCaptchaBot.

So, are there some userbots that can solve JoinCaptchaBot captchas? I think so, however currently, JoinCaptchaBot keeps out near 99% of userbots that exists in Telegram. For that 1% specific ones, remember that you could configure your group to also avoid them, by increasing captcha difficulty (/difficult command) or using other captcha modes like the "custom poll captcha" (setup a poll and modify that poll each week). Of course, don't use button captcha mode, it is not recommended and there is a lot of userbots that can easily press the button and solve it.

If userbots that can solve JoinCaptchaBot increase from 1% to 10%, then this issue will become significantly...

@shentino
Copy link
Author

Hi,

Did you see a lot of them joining, or it is just one?

Are you sure that it is an automatically userbot and not a human that solve the captcha and then send Spam?

Note that JoinCaptchaBot uses image captchas and that technology are not infallible in these days, I mean, if some malicious developer train a neural network specifying targeting this images to make an OCR, it is posible to solve them and make userbots that can solve it. However, due I made my own way to create this captchas and are not globally used (as google recaptcha and others), there is not a public library to solve them, so they need to focus specifically and waste time developing/training to solve JoinCaptchaBot.

So, are there some userbots that can solve JoinCaptchaBot captchas? I think so, however currently, JoinCaptchaBot keeps out near 99% of userbots that exists in Telegram. For that 1% specific ones, remember that you could configure your group to also avoid them, by increasing captcha difficulty (/difficult command) or using other captcha modes like the "custom poll captcha" (setup a poll and modify that poll each week). Of course, don't use button captcha mode, it is not recommended and there is a lot of userbots that can easily press the button and solve it.

If userbots that can solve JoinCaptchaBot increase from 1% to 10%, then this issue will become significantly...

I don't have hard stats, but as far as unique users go this is the second time I've seen a spambot get past the captcha, which means it's at least a 2-case pattern at this point.

My point being that it seems to be the start of a trend and I wanted to help nip it in the bud early, espeically if TJCB's profile rises and makes it more tempting a target for bypass in the future.

As for the spammers in question I already reported them globally to telegram itself

@shentino
Copy link
Author

Also to be fair I'm pretty sure it's either a bot or a very well disguised human. I don't have enough context on my end to tell the difference.

@J-Rios
Copy link
Owner

J-Rios commented Aug 28, 2021

Ok, let's keep this issue open to see if there is more users reporting this and keep track of the evolution of userbots that solve TJCB captchas.

@J-Rios J-Rios changed the title Spammers getting past the captcha [Question] Spam userbots solving the captcha? Aug 28, 2021
@J-Rios J-Rios added question Further information is requested track Something to keep track of its evolution labels Aug 28, 2021
@J-Rios
Copy link
Owner

J-Rios commented Sep 10, 2021

captcha2

I have updated multicolorcaptcha library to use new and interesting Fonts.

Hopefully it will help to break spam userbots that are solving the current captchas images...

Will be added for next Bot vrsion update.

@shentino
Copy link
Author

Yeah from what I remember they do have "captcha solver" sweat shops out there taking advantage of poor people.

Not sure how to tell the difference between them and a well coded AI

@J-Rios J-Rios mentioned this issue Dec 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested track Something to keep track of its evolution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shentino @J-Rios