add arrow-down arrow-left arrow-right arrow-up authorcheckmark clipboard combo comment delete discord dots drag-handle dropdown-arrow errorfacebook history inbox instagram issuelink lock markup-bbcode markup-html markup-pcpp markup-cyclingbuilder markup-plain-text markup-reddit menu pin radio-button save search settings share star-empty star-full star-half switch successtag twitch twitter user warningwattage weight youtube

What is reCAPTCHA?

DanDan825

1 month ago

So This is on many logins -including the PCPP one- and I wonder how does it work? I know that it searches to see if you are a computer, but how does it do that, and why?

And more specifically, why does PCPP need it?

Comments

  • 1 month ago
  • 6 points

The reCAPTCHA makes it harder to automate various things on the site, such as registrations and logins. It checks various aspects of your IP, browser, how you click the button, etc, to determine the risk level of you being a bot instead of a human.

The main reason we use it on our login page is to counter credential stuffing. That's where someone goes through a list of username/password pairs they got from a breach of another site, and tries to log into this site using those credentials. If someone used the same username/password on a different site, then the attacker would be able to log in here as well. It's pretty common these days to see automated login attempts at very high rates iterating through a list of stolen username/password pairs. You can do a few things to mitigate that kind of attack:

  • You can block or rate limit based on IP. But that's broken if the attacker uses a large selection of IPs (think 10,000+) and distributes the login attempts across a huge swath of them.
  • You can rate limit based on username. But that's broken if the attacker is only doing one unique username/password pair per attempt.
  • You can put reCAPTCHA on the login page. That doesn't prevent someone logging in with stolen credentials, but it does typically block rapid automated attempts.

We also implement it on registration to prevent automated account generation by spammers.

  • 1 month ago
  • 2 points

I rarely ever see reCAPTCHA on PCPP , but i am sure it is there to keep robots from making accounts for reasons of spam or other reasons.

Here is the real deal, nobody but google really knows how it works. However there are people who think and honestly, i believe them. That it tracks your movement of your mouse, and if the movement feels "robotic" if you give you over options to figure out if you are human.

  • 1 month ago
  • 4 points

Let's invade Google HQ and find out how it works. They can't stop all of us.

  • 1 month ago
  • 1 point

Well I can think of reasons why this site uses the reCAPTCHA. Mainly bot accounts which would spam ads on every thread and even make new threads. Bots can easily spam them fast enough where mods cannot keep up and they got better things to do than deal with that nonsense. If they refuse to take money from people wanting to advertise here they sure as hell won't let people do it for free.

Philip who runs this site said it himself that he refuses to put ads up on this site and since then he kept his word. That is something to truly respect because on many sites allowed ads to get so out of control there is a need for addons like AdBlock. I first installed it years ago on an anime streaming site had video ads that would play 10x louder than the show and even if you try to mute it or pause/stop the video it started playing at full volume again within 2 minutes on loop.

  • 1 month ago
  • 1 point

I know very little about this, but I feel like I saw a video sometime back explaining some of it. When they have the gateway that asks you to click a box and nothing else, they are monitoring mouse movement. For example, a "bot" would have pixel perfect movement leading up to the box, whereas a human would have very imperfect movement.

  • 1 month ago
  • 1 point

I wonder how hard it would be to code an imperfect mouse-movement bot. Sounds like fun

Sort

add arrow-down arrow-left arrow-right arrow-up authorcheckmark clipboard combo comment delete discord dots drag-handle dropdown-arrow errorfacebook history inbox instagram issuelink lock markup-bbcode markup-html markup-pcpp markup-cyclingbuilder markup-plain-text markup-reddit menu pin radio-button save search settings share star-empty star-full star-half switch successtag twitch twitter user warningwattage weight youtube