Asklemmy

43393 readers

1461 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

372

What about clicking a checkbox means I'm human? How does Cloudflare determine I'm human from that? (lemmy.dbzer0.com)

submitted 3 weeks ago by [email protected] to c/[email protected]

119 comments fedilink hide all child comments

The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I'm human?

That's hardly the Turing Test I'd expected.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 45 points 3 weeks ago (2 children)

Theres a few answrs to this

It uses your movements before this to determine whether it feels like your a bot or not
It makes you wait, the biggest issue with bots is they may try to log in say 50 different passwords for example, so if it takes 5 seconds to do each one it makes boting multiple acounts not worth it.
Google uses catchphas with images to choose. They use this to train their own AI or data to sell

[–] IphtashuFitz 7 points 3 weeks ago* (last edited 3 weeks ago)

Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.

Once we discovered it we didn’t block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.

[–] mynameisigglepiggle 1 points 3 weeks ago

To elaborate on point 1, it's about uniqueness and timing of the path the mouse takes to click the checkbox. If it's too straight or consistent it will red flag you.