Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here’s a program that can detect bots

  For user in Twitter:
    Confirmation = random(number)
    Send user message(“if you are not a bot reply with”, confirmation)
Variations can be devised but the real risk is that it also identifies inactive accounts.


You know how iPhones can extract verification codes from SMS? The botmasters will simply create a regex to extract the number and reply accordingly.


Just use a captcha image. Not foolproof, but would eliminate a huge swath of bots.

They don't even try this. Why?


Then they will simply solve the captchas using captcha solvers or humans paid pennies per captcha. You do something else and the botmasters will respond.

It's really hard to get rid of bots and fake accounts. Also, false positives are expensive because you end up annoying a real human and as a result your mistake doesn't disappear until you make it right.


The cat and mouse game of bots vs captchas has been going on for a long time and has become increasingly sophisticated. "Just use a captcha image" is a 10 year old solution, if not more.


How would they know to write that code if they were not expecting it? Just do it as a one-off on a particular day without any warning. And you can show it to some small sample % of total users then extrapolate, so that the average botmaster wouldn’t even notice.


I guess you can run a sting operation, it may work.


Beat botnets with this one simple trick!


Aren't you just suggesting a very simple CAPTCHA challenge? This is an area that has seen an arms race for over a decade of platforms coming up with increasingly complex "human-intelligence" challenges, and botmasters coming up with increasingly ingenious ways to bypass them (including, sometimes, using real human intelligence)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: