Natural selection is the enemy of the bot

    An interesting bug has just been caught. I tell you.

    We have a service with captcha. To reduce the response time, it is logical to generate pictures by random code in free time at an hour of the least load. So we do - put the task in the crowns, make 100500 captchas (picture + code in the database) and show them during the day. In case the regenerated captchas still run out, do an emergency flight mode - if guessed and, therefore, removed from the base captcha reduces the total number of captchas to a dangerous level (for example, remains less than 50), then we generate a new captcha instead of the removed .

    It would seem a simple and working scheme. So it was until recently.

    Complaints raged that the captcha could not be solved. Complaints began to arrive exclusivelyafter 19:00 when all developers already close the IDE and launch DotA. Moreover, provided that the random generation of captchas was correctly implemented (checked first), at the end of the day, all (well, or almost all) captchas began to end with D.

    It turned out that the following happened: the captchas were over. But, since we do not remove the shown but not resolved captcha from the database, among the regenerated captchas, natural selection starts to work and by the end of the day we have the 50 most evil and complex captchas in the world. Further development of the situation, when instead of solved CAPTCHA we add random one - it doesn’t greatly improve the matter. Along the way, we found out that the most potentially unsolved letter in captcha is D, because with a sufficient degree of distortion, a third of users interpret it as D, a third as 0 (zero) and a third as O. And another 46% are entered in Russian.

    Here it is, natural selection in action!

    Also popular now: