xevil.net cracked reCaptcha
1,992 views
Skip to first unread message
Alex Schuilenburg
Nov 10, 2017, 4:19:18 PM11/10/17
to reCAPTCHA
We have started to see form spam from bots using XEvil again, even reselling it:
This message is posted here using XRumer + XEvil 4.0XEvil 4.0 is a revolutionary application that can bypass almost any anti-botnet protection.Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, Yandex, VKontakte, Captcha Com and over 8.4 million other types!You read this - it means it works!Details on the official website of XEvil.Net, there is a free demo version.
While we have tweaked our forms to can the spam (again), its annoying having to tweak them in the first place.
Are google aware of this and is anything being done? I prefer the coding simplicity of reCaptcha so would prefer to stick with it, but not at the cost of constantly having to make new tweaks to the forms.
Thanks
-- Alex
Lukáš Kutílek
Nov 13, 2017, 3:09:34 PM11/13/17
to reCAPTCHA
Hi,
We have same issue with reCaptcha and XEvil:
Tato zpráva je zde zveřejněna pomocí programu XRumer + XEvil 4.0 XEvil 4.0 je revoluční aplikace, která může obejít téměř veškerou ochranu proti botnetu. Captcha Rozpoznávání Google (ReCaptcha-1, ReCaptcha-2), Facebook, Yandex, VKontakte, Captcha Com a více než 8,4 milionu dalších typů! Četl jste to - to znamená, že to funguje! ;) Podrobnosti na oficiálních stránkách XEvil.Net, je bezplatná demo verze.
Is here some way to fix it or is working on it?
Thanks, Lukas.
Dne pátek 10. listopadu 2017 22:19:18 UTC+1 Alex Schuilenburg napsal(a):
DrLightman
Nov 13, 2017, 6:36:49 PM11/13/17
to reCAPTCHA
How can you be sure that the message was posted by the bot and not by a human solving it by hand?
Alex Schuilenburg
Nov 14, 2017, 4:25:32 AM11/14/17
to reca...@googlegroups.com
On 13/11/17 23:36, DrLightman wrote:
How can you be sure that the message was posted by the bot and not by a human solving it by hand?
Seriously?
The number of compromised machines as indicated by the IP addresses, and the frequency of the spam is a dead giveaway, unless you wish to suggest this person has a teleporter with 1000's of hosts and nothing better to do 24x7 than spam corporate contact or enquiry forms.
Right now we have pushed out simple techniques to catch and /dev/null the posts and made it an infinitely moving target at the cost of breaking browser auto-fill features, but reCaptcha as a tool to catch bots is on its way out unless Google (or someone else) is paying attention.
-- Alex
The number of compromised machines as indicated by the IP addresses, and the frequency of the spam is a dead giveaway, unless you wish to suggest this person has a teleporter with 1000's of hosts and nothing better to do 24x7 than spam corporate contact or enquiry forms.
Right now we have pushed out simple techniques to catch and /dev/null the posts and made it an infinitely moving target at the cost of breaking browser auto-fill features, but reCaptcha as a tool to catch bots is on its way out unless Google (or someone else) is paying attention.
-- Alex
--
You received this message because you are subscribed to a topic in the Google Groups "reCAPTCHA" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/recaptcha/L_aMdWmNMeM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to recaptcha+unsubscribe@googlegroups.com.
To post to this group, send email to reca...@googlegroups.com.
Visit this group at https://groups.google.com/group/recaptcha.
For more options, visit https://groups.google.com/d/optout.
Bitcoin free
Nov 14, 2017, 8:58:56 AM11/14/17
to reca...@googlegroups.com
<a href="http://www.google.com/recaptcha/mailhide/d?k=01-OVjgWxGTR4yfBt4_7lC8w==&c=5D877bxgN8Pdfi-jrCWiKMnPLhTJfgfgWTzXrP2oDXM=" onclick="window.open('http://www.google.com/recaptcha/mailhide/d?k\x3d01-OVjgWxGTR4yfBt4_7lC8w\x3d\x3d\x26c\x3d5D877bxgN8Pdfi-jrCWiKMnPLhTJfgfgWTzXrP2oDXM\x3d', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;" title="Reveal this e-mail address">a...</a>@gmail.com
http://www.google.com/recaptcha/mailhide/d?k=01-OVjgWxGTR4yfBt4_7lC8w==&c=5D877bxgN8Pdfi-jrCWiKMnPLhTJfgfgWTzXrP2oDXM=
ciao qualcuno mi puo aiutare perche ho sempre probleme
http://www.google.com/recaptcha/mailhide/d?k=01-OVjgWxGTR4yfBt4_7lC8w==&c=5D877bxgN8Pdfi-jrCWiKMnPLhTJfgfgWTzXrP2oDXM=
ciao qualcuno mi puo aiutare perche ho sempre probleme
--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+unsubscribe@googlegroups.com.
dellfalconer
Dec 5, 2017, 5:43:12 AM12/5/17
to reCAPTCHA
Me too. Here's the text:
This message is posted here using XRumer + XEvil 4.0
XEvil 4.0 is a revolutionary application that can bypass almost any anti-botnet protection.
Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, BING, Hotmail, Yahoo,
Yandex, VKontakte, Captcha Com - and over 8.4 million other types!
You read this - it means it works! ;)
Details on the official website of XEvil.Net, there is a free demo version.
Check YouTube video "XEvil ReCaptcha2"
E-Mail-Adresse des Benutzers: ivanfrank...@mail.ru
Alex Schuilenburg
Dec 5, 2017, 6:41:00 AM12/5/17
to reCAPTCHA
The annoying thing is that we had a DDOS hit on our servers within 4 hours of my original post to this list that continued all into the following week. Too much of a conincidence for me, so I suspect he/she is a lurker here also, and an unfriendly one at that. Still, keeps me in my job :-)
We still see attempts to bypass recaptcha but fortunately their submissions still fail our other checks which appear more resilient to the extent that we are considering abandoning recaptcha on all the servers we manage. At least the annoyance has paused for now... Its just a pity that no response or acknowledgement has come from Google, but then I guess they wouldn't anyway (usual corporate "lets not let our users know until we have fixed it"). My real issue is how long they let this vulnerability continue to exist.
-- Alex
dellfalconer
Dec 5, 2017, 7:07:55 AM12/5/17
to reCAPTCHA
We require the user to enter a valid email address. I'm not sure how the spam bot the figures out which field is the email field since I haven't tagged it as such and I gave it a cryptic name. Of the last 24 spammers that got through the reCAPTCHA on my various sites all were XEvil. The email address "entered" was different every time, but was always in the domain mail.ru or yandex.com. I doubt any of my legit visitors use either of those, so it's probably safe for me to block them. But like you said, I don't mind tweaking once or twice, but this has been going on since March 2017 on our servers, and no reaction from Google yet.
I hope my post here doesn't result in a DDOS attack. I don't need one of those right now :-(
FreelancePam
Dec 6, 2017, 10:25:24 AM12/6/17
to reCAPTCHA
I’ll say that I admire the coders who created the script. But it will force captcha creators to code differently and make it harder for bots to bypass. Spelling, images, mathematical equations— what else is left that scripts can’t solve?
You challenge the coders to deconstruct your Captcha and get by it. Say what you will about Russian hackers. You have to admit some are pretty damned talented. Companies often hire hackers to fix their servers to be secure. Now you see why .l,
You challenge the coders to deconstruct your Captcha and get by it. Say what you will about Russian hackers. You have to admit some are pretty damned talented. Companies often hire hackers to fix their servers to be secure. Now you see why .l,
gvanc...@gmail.com
Dec 6, 2017, 10:25:36 AM12/6/17
to reCAPTCHA
Reply all
Reply to author
Forward
0 new messages