Natural selection - the enemy of the bot
An interesting bug just caught. I tell.
We have a service with captcha. To reduce the response time, it is logical to generate pictures on a random code in your spare time at the hour of the smallest load. So we do - we put in the crown a puzzle, we do 100500 captchas (picture + code in the database) and show them during the day. In the event that the pre-generated captcha still ends, we do an emergency flight mode — if the guessed guessing and, therefore, removed from the captcha base reduces the total number of captchas to a dangerous level (for example, less than 50 remains), then we generate a new captcha instead of the removed one. .
It would seem a simple and working scheme. So it was until recently.
Poured complaints that the captcha can not be solved. Complaints began to arrive only after 19:00 when all developers have already closed the IDE and launch DotA. Moreover, under the condition of correct implementation of the random generation of captchas (checked first thing) at the end of the day all (or almost all) captchas began to end with D.
')
It turned out that the following happens: the captcha ends. But, since we do not remove the captcha shown, but not guessed, from the base, among the pregenerated captcha, natural selection begins to work, and by the end of the day we have 50 of the most evil and complex captcha in the world. Further development of the situation, when we add a random captcha instead of a random one, it doesn’t greatly improve the cause. Along the way, we found out that the most potentially unresolved letter in captcha is D, because with a sufficient degree of distortion, a third of users interprets it as D, a third as 0 (zero) and a third as O. And another 46% are entered with a Russian letter.
Here it is, natural selection in action!
We have a service with captcha. To reduce the response time, it is logical to generate pictures on a random code in your spare time at the hour of the smallest load. So we do - we put in the crown a puzzle, we do 100500 captchas (picture + code in the database) and show them during the day. In the event that the pre-generated captcha still ends, we do an emergency flight mode — if the guessed guessing and, therefore, removed from the captcha base reduces the total number of captchas to a dangerous level (for example, less than 50 remains), then we generate a new captcha instead of the removed one. .
It would seem a simple and working scheme. So it was until recently.
Poured complaints that the captcha can not be solved. Complaints began to arrive only after 19:00 when all developers have already closed the IDE and launch DotA. Moreover, under the condition of correct implementation of the random generation of captchas (checked first thing) at the end of the day all (or almost all) captchas began to end with D.
')
It turned out that the following happens: the captcha ends. But, since we do not remove the captcha shown, but not guessed, from the base, among the pregenerated captcha, natural selection begins to work, and by the end of the day we have 50 of the most evil and complex captcha in the world. Further development of the situation, when we add a random captcha instead of a random one, it doesn’t greatly improve the cause. Along the way, we found out that the most potentially unresolved letter in captcha is D, because with a sufficient degree of distortion, a third of users interprets it as D, a third as 0 (zero) and a third as O. And another 46% are entered with a Russian letter.
Here it is, natural selection in action!
Source: https://habr.com/ru/post/234753/
All Articles