Creating An Army of Free Captcha Typers
People are finally starting to catch on to this technique. However I’m finding a lack of tact in how to accomplish it successfully. The objective is simple. How do we get a bunch of other people to type in Captchas for us willingly? First we’ll dive into why this is useful. Lets say you’re spamming Myspace or Yahoo accounts for instance. You could either attempt to defeat it through various OCR techniques or hire people from India to type them in for you. Captcha decoding is very tough to master and uses loads of server usage. Reliable Indians are tough to find and it poses a margin that you must beat. So now you’re starting to consider your options. There are still some out there but the best one I can recommend would be to find a way to get others to do it for you by giving them an incentive.
What Will You Need
First you will need to create the script that will actually grab the Captcha and output it so you can display it to the user without them knowing what the real reason is of they are typing it in. Next you will need to actually require the user to type it in in order to preform an action on your site. Next your script will need to grab what they type in and check to see if it was correct. Lets say your spamming Myspace. So you display the Captcha on another site of yours and when the user types it in, a second script actually makes the account using what they said the Captcha was. Make sense?
The Incentive
I’ve seen a few ideas mole around about how to do this. Some suggest adding the Captcha to your blog comments. It doesn’t really do anything and if they don’t type it in, it will still allow the comment. However anyone who does type it in. The script will create the account and boom your in like flint. However each of these ideas I’ve heard have one major flaw; lack of traffic. Even if your blog or other site gets 20 comments/day that still isn’t very many captcha types and hardly worth the trouble. I’ve also heard some ideas about offering free porn but the problem is still the same wouldn’t you agree? So you’ll need a site that will grab major traffic, lots of pageviews, and most of all the users will be obligated to type the traffic.
Here’s My Proposal
Try creating a webproxy. A web proxy is designed to bypass proxy restrictions through a web interface. For example, in a university, the IT department blocks a lot of harmless websites simply because of their popularity. So people use webproxies to access those websites. Creating a webproxy is great because they draw MAJOR traffic and TONS of pageviews very quickly. They don’t require much promotion to become very popular. They are also very easy to setup. First you’ll need to find a good webproxy script. I’d recommend CGIProxy or PHP Proxy. Use whatever is most comfortable for you to setup and edit. Next you need to do a tad bit of promotion on it. The best way is to sign it up on a few proxy top sites lists or free proxy directories. You’ll find out quickly that you won’t need much promotion to get them some serious daily traffic. I recently setup a webproxy (Unblock Myspace) and it was getting 400 unique visitors/day and 20,000 pageviews/day within days of opening with very little promotion. Currently its getting about 700 unique visitors/day and approx 72,000 pageviews/day. To put that in the math sense; if I display a Captcha for the visitor to type in every 25 random pageviews in order for them to continue to the page they wanted to go to. That comes out to about 2880 Captchas/day. In case you were paying attention thats A LOT of Myspace accounts(money). 
So whats the downside? Well first web proxies are a big strain on servers. A lot of hosting providers don’t allow them for that reason. An easy way to solve this is to get your own virtual private server/dedicated server, or get a buddy to donate a dedicated box. Another would be to have multiple hosting providers and have the script disperse the traffic amongst them evenly to lighten the load. Where theres a will(money) theres a way.
Good idea there, I should have come up with that! Anyone who tried this yet?
I’ve got to say, this is one of the coolest ideas I’ve seen in a long time. I think this needs to be t&ted.
Now, where’s my server?
A proxy is a good idea, but it’s too much work for lazy people like me.
Instead, just use the fact that myspace users are dumb to your advantage.
Send out a bulletin offering a free ipod, tv, rimjob, or whatever to your friends, and then hit them with the captcha before they get to see the offer. The thing is, there is never an offer because they keep entering in the captcha “wrong.”
You can get up to 5-10 captchas entered with each person who comes to your site.
lol, thats hilarious.
good idea too.
That’s a great idea! This blog is addicting…I find myself on here daily for a little jump start for idea. Keep up the great post!
Nice idea. Can you monetize the proxy?
Another great Blue Hat Seo idea! Now I just gotta convert all my proxy sites into myspace acccount makers and we are good to go… looks like I may have to consult with some cheap indian programmers after all.
There is still one more issue to contend with, and that is all the same accounts being signed up from the same IP.
You’ll need to find reliable proxies to send all these queries through or in the end, the accounts will be shut down I suspect.
yep, proxies are always a good idea when creating spam accounts.
Interesting tactic. Has it been worthwhile?
Nice one Eli. Think I am going to have to try something like this.
Side note.
Joseph T released an out of the box script for MySpace recently called Spacepromoter and since I like to see what people are doing with these things I checked a few of my accounts for friends requests.
Pretty funny what I found. 20 friends requests with 2 different screen names and the exact same custom profile layout except for the display picture. Everything else on page was the same.
I guess I am ranting because people need to customize a little. How long do you think it’s going to take a normal net user to realize they are getting the same requests over and over? Granted there are some morons out there but when it gets this obvious…. Jesus.
Ah captcha blow-through scripts…well I guess this tactic is no longer worth doing now that its been outed…lol, oh well.
Actually this is nothing new, and has been talked about plenty in other places…not that I’m going to say where
Keep in mind that this violates the TOS of most sites and they could sue you under some vague ‘improper use’ law, so be very careful doing this.
So what if your on the flip-side of this…how can you protect your site from these blow-throughs?
Check for the IP doing the captcha pull. See if I’m pulling your captcha to my site to have someone fillout then you will see the same IP making requests (generally, unless they are using a botnet…then more advanced tactics are required).
Also, bots have trouble doing js or flash…so just make your captcha require one of these.
Nothing new: http://boingboing.net/2004/01/27/solving_and_creating.html
I successfuly implemented this technique about one year and a half ago on a free hosting plan.
The PHP script is really easy to code (fsockopen or cURL do the job). The (not so) hard part was to automate the creation of email adresses for each account and to click on the confirmation link that was sent to me after the CAPTCHA validation. Hopefully, at this time, I had found a website offering webmail based email adresses on about 50 different domains. Account opening wasn’t requiring captcha on this site, so it was easy to create a script opening email adresses and scraping the webmail for the link to click. The site doesn’t exist anymore, but the same can be achieved with disposable email services.
Although, some websites allow only a certain amount of accounts per IP per day, so I also had to build a web based TOR gateway.
The whole thing didn’t require more than two days (actually, nights) of work, and it really worth it.
I agree the idea is really starting to move around the net. About time if you ask me. I’ve heard the free porn idea too, along with about a half dozen others. I’d really recommend the webproxy one though. It works better than any of these ideas i’ve ever seen.
As far as your email problem, someone mentioned this in a recent comment(i don’t remember which) but you could use a catch-all email account. So you don’t have to continually create accounts.
I tried the catch-all email account, but my domain was surprisingly banned after one week…
when i ran into that problem i mixed it up randomly. So i’d get a 100 domains with the catch all and use those randomly. So they wouldn’t ban them.
but i don’t want to turn this into a how to spam myspace discussion. So we’ll keep it focused on the webproxy idea
Hows this for an idea?
What if you find someone with an already established webproxy and you pay them per captcha. They pull your script in an iframe to the user. it passes the url the user was wanting to go to. The user types in the captcha, the script says ok click here to continue than links to the continue url with a target=_top. Than you pay say .25/captcha
btw since i posted this my webproxy has already gotten 236,000 pageviews so far today. haha. Maybe i shouldn’t of linked to it. All well.
Hi Eli.
This is a great idea.
Would you mind making some comments on other effective ways to monetize proxies while doing the captchas with them? After all, if we aren’t making money off the excess proxy traffic, we are just leaving it out there for someone else…
Another twist on this is using torrents to your advantage. Just head to mininova, see what the top downloads are, grab some files, .rar them with passwords, and re-torrent them.
Include a text file in the torrent that directs them to grab the password at your website. When they go to your site, have them enter the captcha to access the password.
More accounts than you’ll know what to do with.
Eli,
Love the idea and I am very interested in implementing it but can you provide more info on how to pass the Captcha to myspace.
There’s a program written in vb that automates things:
Universal Account Creator:
http://uac.sourceforge.net/
Anyone have any template they want to share for it?
Sorry, but this is very old idea of many people… You can even use Amazon web services for that.
any other good uses for proxies?
Man the stuff you guys come up with…amazing!
You should just pay some teenagers or people in India to enter captchas for you for 5 cents each. =) Since most sites only require a captcha for every so many actions, like myspace only requires one every 5 comments after you do more than 50 comments in a day this is usually a good solution.
@GlobalWarming:
i created the Universal Account Creator.
you could use it for this sort of thing, but the OCR engine is probably no way near good enough for myspace (well i haven’t seen it but i assume it would be well developed).
but there is an option in the Fields Config Creator to enter the captcha yourself (haha if i can remember corretcly, if not i might add it).
i’m hoping to add proxy support to my account creator but atm i’m just using a 3rd party prog that changes after each internet explorer page surfed (which it uses).
This is you?
http://uac.sourceforge.net/
I just found that a couple weeks ago. Great stuff!
what about using www.captchasolver.com web service?
http://zelune.net - Free proxy script that you can upload and have it working within minutes. It is a lot less complicated than php/cgiproxy.
If anyone wants to code the captcha system, I will pay you. Let me know.
How about moneterising all those visits and page views? Are advertisers willing to advertise on proxies??
We are already working on some other captcha system for auto-scripts. I think that we could also do it for myspace.
So Collin, if yopu need somebody to code the captcha sys, don´t hesitate to contact me.
mail: Thomas [[[at]]] xiuk [.dot.] de
lol that is freakin brilliant, its actually my next project, ive got a few spare domains to make into proxies, use one for makeing accounts the others, for msging and commenting.
its a neat idea but operating several of these proxy sites needs a lot of server resources
nice match captcha!
anyway I have heard of this captcha proxying done with a strip poker game, you win the hand but before the girl next to your opponent shows, you have to answer the captcha. brilliant.