The DDoS That Almost Broke the Internet

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen.
Growth Spurt
On Monday, March 18, 2013 Spamhaus contacted CloudFlare regarding an attack they were seeing against their website spamhaus.org. They signed up for CloudFlare and we quickly mitigated the attack. The attack, initially, was approximately 10Gbps generated largely from open DNS recursors. On March 19, the attack increased in size, peaking at approximately 90Gbps. The attack fluctuated between 90Gbps and 30Gbps until 01:15 UTC on on March 21.
The attackers were quiet for a day. Then, on March 22 at 18:00 UTC, the attack resumed, peaking at 120Gbps of traffic hitting our network. As we discussed in the previous blog post, CloudFlare uses Anycast technology which spreads the load of a distributed attack across all our data centers. This allowed us to mitigate the attack without it affecting Spamhaus or any of our other customers. The attackers ceased their attack against the Spamhaus website four hours after it started.
Other than the scale, which was already among the largest DDoS attacks we've seen, there was nothing particularly unusual about the attack to this point. Then the attackers changed their tactics. Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth. More on that in a second, first a bit about how the Internet works.
Peering on the Internet
The "inter" in Internet refers to the fact that it is a collection of independent networks connected together. CloudFlare runs a network, Google runs a network, and bandwidth providers like Level3, AT&T, and Cogent run networks. These networks then interconnect through what are known as peering relationships.
When you surf the web, your browser sends and receives packets of information. These packets are sent from one network to another. You can see this by running a traceroute. Here's one from Stanford University's network to the New York Times' website (nytimes.com):

1  rtr-servcore1-serv01-webserv.slac.stanford.edu (134.79.197.130)  0.572 ms
 2  rtr-core1-p2p-servcore1.slac.stanford.edu (134.79.252.166)  0.796 ms
 3  rtr-border1-p2p-core1.slac.stanford.edu (134.79.252.133)  0.536 ms
 4  slac-mr2-p2p-rtr-border1.slac.stanford.edu (192.68.191.245)  25.636 ms
 5  sunncr5-ip-a-slacmr2.es.net (134.55.36.21)  3.306 ms
 6  eqxsjrt1-te-sunncr5.es.net (134.55.38.146)  1.384 ms
 7  xe-0-3-0.cr1.sjc2.us.above.net (64.125.24.1)  2.722 ms
 8  xe-0-1-0.mpr1.sea1.us.above.net (64.125.31.17)  20.812 ms
 9  209.249.122.125 (209.249.122.125)  21.385 ms

There are three networks in the above traceroute: stanford.edu, es.net, and above.net. The request starts at Stanford. Between lines 4 and 5 it passes from Stanford's network to their peer es.net. Then, between lines 6 and 7, it passes from es.net to above.net, which appears to provide hosting for the New York Times. This means Stanford has a peering relationship with ES.net. ES.net has a peering relationship with Above.net. And Above.net provides connectivity for the New York Times.
CloudFlare connects to a large number of networks. You can get a sense of some, although not all, of the networks we peer with through a tool like Hurricane Electric's BGP looking glass. CloudFlare connects to peers in two ways. First, we connect directly to certain large carriers and other networks to which we send a large amount of traffic. In this case, we connect our router directly to the router at the border of the other network, usually with a piece of fiber optic cable. Second, we connect to what are known as Internet Exchanges, IXs for short, where a number of networks meet in a central point.
Most major cities have an IX. The model for IXs are different in different parts of the world. Europe runs some of the most robust IXs, and CloudFlare connects to several of them including LINX (the London Internet Exchange), AMS-IX (the Amsterdam Internet Exchange), and DE-CIX (the Frankfurt Internet Exchange), among others. The major networks that make up the Internet --Google, Facebook Yahoo, etc. -- connect to these same exchanges to pass traffic between each other efficiently. When the Spamhaus attacker realized he couldn't go after CloudFlare directly, he began targeting our upstream peers and exchanges.
Headwaters
Once the attackers realized they couldn't knock CloudFlare itself offline even with more than 100Gbps of DDoS traffic, they went after our direct peers. In this case, they attacked the providers from whom CloudFlare buys bandwidth. We, primarily, contract with what are known as Tier 2 providers for CloudFlare's paid bandwidth. These companies peer with other providers and also buy bandwidth from so-called Tier 1 providers.

There are approximately a dozen Tier 1 providers on the Internet. The nature of these providers is that they don't buy bandwidth from anyone. Instead, they engage in what is known as settlement-free peering with the other Tier 1 providers. Tier 2 providers interconnect with each other and then buy bandwidth from the Tier 1 providers in order to ensure they can connect to every other point on the Internet. At the core of the Internet, if all else fails, it is these Tier 1 providers that ensure that every network is connected to every other network. If one of them fails, it's a big deal.
Anycast means that if the attacker attacked the last step in the traceroute then their attack would be spread across CloudFlare's worldwide network, so instead they attacked the second to last step which concentrated the attack on one single point. This wouldn't cause a network-wide outage, but it could potentially cause regional problems.
We carefully select our bandwidth providers to ensure they have the ability to deal with attacks like this. Our direct peers quickly filtered attack traffic at their edge. This pushed the attack upstream to their direct peers, largely Tier 1 networks. Tier 1 networks don't buy bandwidth from anyone, so the majority of the weight of the attack ended up being carried by them. While we don't have direct visibility into the traffic loads they saw, we have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack. That would make this attack one of the largest ever reported.
The challenge with attacks at this scale is they risk overwhelming the systems that link together the Internet itself. The largest routers that you can buy have, at most, 100Gbps ports. It is possible to bond more than one of these ports together to create capacity that is greater than 100Gbps however, at some point, there are limits to how much these routers can handle. If that limit is exceeded then the network becomes congested and slows down.
Over the last few days, as these attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare. If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why.
Attacks on the IXs
In addition to CloudFlare's direct peers, we also connect with other networks over the so-called Internet Exchanges (IXs). These IXs are, at their most basic level, switches into which multiple networks connect and can then pass bandwidth. In Europe, these IXs are run as non-profit entities and are considered critical infrastructure. They interconnect hundreds of the world's largest networks including CloudFlare, Google, Facebook, and just about every other major Internet company.
Beyond attacking CloudFlare's direct peers, the attackers also attacked the core IX infrastructure on the London Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX). From our perspective, the attacks had the largest effect on LINX which caused impact over the exchange and LINX's systems that monitor the exchange, as visible through the drop in traffic recorded by their monitoring systems. (Corrected: see below for original phrasing.)

The congestion impacted many of the networks on the IXs, including CloudFlare's. As problems were detected on the IX, we would route traffic around them. However, several London-based CloudFlare users reported intermittent issues over the last several days. This is the root cause of those problems.
The attacks also exposed some vulnerabilities in the architecture of some IXs. We, along with many other network security experts, worked with the team at LINX to better secure themselves. In doing so, we developed a list of best practices for any IX in order to make them less vulnerable to attacks.
Two specific suggestions to limit attacks like this involve making it more difficult to attack the IP addresses that members of the IX use to interchange traffic between each other. We are working with IXs to ensure that: 1) these IP addresses should not be announced as routable across the public Internet; and 2) packets destined to these IP addresses should only be permitted from other IX IP addresses. We've been very impressed with the team at LINX and how quickly they've worked to implement these changes and add additional security to their IX and are hopeful other IXs will quickly follow their lead.
The Full Impact of the Open Recursor Problem
At the bottom of this attack we once again find the problem of open DNS recursors. The attackers were able to generate more than 300Gbps of traffic likely with a network of their own that only had access 1/100th of that amount of traffic themselves. We've written about how these mis-configured DNS recursors as a bomb waiting to go off that literally threatens the stability of the Internet itself. We've now seen an attack that begins to illustrate the full extent of the problem.
While lists of open recursors have been passed around on network security lists for the last few years, on Monday the full extent of the problem was, for the first time, made public. The Open Resolver Project made available the full list of the 21.7 million open resolvers online in an effort to shut them down.
We'd debated doing the same thing ourselves for some time but worried about the collateral damage of what would happen if such a list fell into the hands of the bad guys. The last five days have made clear that the bad guys have the list of open resolvers and they are getting increasingly brazen in the attacks they are willing to launch. We are in full support of the Open Resolver Project and believe it is incumbent on all network providers to work with their customers to close any open resolvers running on their networks.

Unlike traditional botnets which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes. They are like bazookas and the events of the last week have shown the damage they can cause. What's troubling is that, compared with what is possible, this attack may prove to be relatively modest.
As someone in charge of DDoS mitigation at one of the Internet giants emailed me this weekend: "I've often said we don't have to prepare for the largest-possible attack, we just have to prepare for the largest attack the Internet can send without causing massive collateral damage to others. It looks like you've reached that point, so... congratulations!"
At CloudFlare one of our goals is to make DDoS something you only read about in the history books. We're proud of how our network held up under such a massive attack and are working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.
Correction: The original sentence about the impact on LINX was "From our perspective, the attacks had the largest effect on LINX which for a little over an hour on March 23 saw the infrastructure serving more than half of the usual 1.5Tbps of peak traffic fail." That was not well phrased, and has been edited, with notation in place.

Read More

Spamhaus’ attackers turned DNS into a weapon of mass destruction

A little more than a year ago, details emerged about an effort by some members of the hacktivist group Anonymous to build a new weapon to replace their aging denial-of-service arsenal. The new weapon would use the Internet's Domain Name Service as a force-multiplier to bring the servers of those who offended the group to their metaphorical knees. Around the same time, an alleged plan for an Anonymous operation, "Operation Global Blackout" (later dismissed by some security experts and Anonymous members as a "massive troll"), sought to use the DNS service against the very core of the Internet itself in protest against the Stop Online Piracy Act.
This week, an attack using the technique proposed for use in that attack tool and operation—both of which failed to materialize—was at the heart of an ongoing denial-of-service assault on Spamhaus, the anti-spam clearing house organization. And while it hasn't brought the Internet itself down, it has caused major slowdowns in the Internet's core networks.
DNS Amplification (or DNS Reflection) remains possible after years of security expert warnings. Its power is a testament to how hard it is to get organizations to make simple changes that would prevent even recognized threats. Some network providers have made tweaks that prevent botnets or "volunteer" systems within their networks to stage such attacks. But thanks to public cloud services, "bulletproof" hosting services, and other services that allow attackers to spawn and then reap hundreds of attacking systems, DNS amplification attacks can still be launched at the whim of a deep-pocketed attacker—like, for example, the cyber-criminals running the spam networks that Spamhaus tries to shut down.

Hello, operator?

The Domain Name Service is the Internet's directory assistance line. It allows computers to get the numerical Internet Protocol (IP) address for a remote server or other network-attached device based on its human-readable host and domain name. DNS is organized in a hierarchy; each top-level domain name (such as .com, .edu, .gov, .net, and so on) has a "root" DNS server keeping a list of each of the "authoritative" DNS servers for each domain registered with them. If you've ever bought a domain through a domain registrar, you've created (either directly or indirectly) an authoritative DNS address for that domain by selecting the primary and secondary DNS servers that go with it.
When you type "arstechnica.com" into your browser's address bar and hit the return key, your browser checks with a DNS resolver—your personal Internet 411 service— to determine where to send the Web request. For some requests, the resolver may be on your PC. (For example, this happens if you've requested a host name that's in a local "hosts" table for servers within your network, or one that's stored in your computer's local cache of DNS addresses you've already looked up.) But if it's the first time you've tried to connect to a computer by its host and domain name, the resolver for the request is probably running on the DNS server configured for your network—within your corporate network, at an Internet provider, or through a public DNS service such as Google's Public DNS.
There are two ways for a resolver to get the authoritative IP address for a domain name that isn't in its cache: an iterative request and a recursive request. In an iterative request, the resolver pings the top-level domain's DNS servers for the authoritative DNS for the destination domain, then it sends a DNS request for the full hostname to that authoritative server. If the computer that the request is seeking is in a subdomain or "zone" within a larger domain—such as www.subdomain.domain.com—it may tell the resolver to go ask that zone's DNS server. The resolver "iterates" the request down through the hierarchy of DNS servers until it gets an answer.
But on some networks, the DNS resolver closest to the requesting application doesn't handle all that work. Instead, it sends a "recursive" request to the next DNS server up and lets that server handle all of the walking through the DNS hierarchy for it. Once all the data is collected from the root, domain, and subdomain DNS servers for the requested address, the resolver then pumps the answer back to its client.

How DNS queries are supposed to work—when they're not being used as weapons.

To save time, DNS requests don't use the "three-way handshake" of the Transmission Control Protocol (TCP) to make all these queries. Instead, DNS typically uses the User Datagram Protocol (UDP)—a "connectionless" protocol that lets the server fire and forget requests.

Pump up the volume

That makes the sending of requests and responses quicker—but it also opens up a door to abuse of DNS that DNS amplification uses to wreak havoc on a target. All the attacker has to do is find a DNS server open to requests from any client and send it requests forged as being from the target of the attack. And there are millions of them.
The "amplification" in DNS amplification attacks comes from the size of those responses. While a DNS lookup request itself is fairly small, the resulting response of a recursive DNS lookup can be much larger. A relatively small number of attacking systems sending a trickle of forged UDP packets to open DNS servers can result in a firehose of data being blasted at the attackers' victim.
DNS amplification attacks wouldn't be nearly as amplified if it weren't for the "open" DNS servers they use to fuel the attacks. These servers have been configured (or misconfigured) to answer queries from addresses outside of their network. The volume of traffic that can be generated by such open DNS servers is huge. Last year, Ars reported on a paper presented by Randal Vaughan of Baylor University and Israeli security consultant Gadi Evron at the 2006 DefCon security conference. The authors documented a series of DNS amplification attacks in late 2005 and early 2006 that generated massive traffic loads for the routers of their victims. In one case, the traffic was "as high as 10Gbps and used as many as 140,000 exploited name servers," Vaughan and Evron reported. "A DNS query consisting of a 60 byte request can be answered with responses of over 4000 bytes, amplifying the response packet by a factor of 60."
But even if you can't find an open DNS server to blast recursive responses from, you can still depend on the heart of the Internet for a respectable hail of packet projectiles. A "root hint" request—sending a request for name servers for the "." domain—results in a response 20 times larger than the packet the request came in. That's in part thanks to DNS-SEC, the standard adopted to make it harder to spoof DNS responses, since now the response includes certificate data from the responding server.

A comparison of a "root hint" query and the response delivered by the DNS server. Not all data shown.

Sean Gallagher

In the case of the attack on Spamhaus, the organization was able to turn to the content delivery network CloudFlare for help. CloudFlare hid Spamhaus behind its CDN, which uses the Anycast feature of the Border Gateway Protocol to cause packets destined for the antispam provider's site to be routed to the closest CloudFlare point of presence. This spread out the volume of the attack. And CloudFlare was able to then shut off amplified attacks aimed at Spamhaus with routing filters that blocked aggregated DNS responses matching the pattern of the attack.
But that traffic still had to get to Cloudflare before it could be blocked. And that resulted in a traffic jam in the core of the Internet, slowing connections for the Internet as a whole.

No fix on the horizon

The simplest way to prevent DNS amplification and reflection attacks would be to prevent forged DNS requests from being sent along in the first place. But that "simple" fix isn't exactly easy—or at least easy to get everyone who needs to participate to do.
There's been a proposal on the books to fix the problem for nearly 13 years—the Internet Engineering Task Force's BCP 38, an approach to "ingress filtering" of packets. First pitched in 2000  1998 as part of RFC 2267 , the proposal has gone nowhere. And while the problem would be greatly reduced if zone and domain DNS servers simply were configured not to return recursive or even "root hint" responses received from outside their own networks, that would require action by the owners of the network. It's an action that doesn't have a direct monetary or security benefit to them associated with it.
ISPs generally do "egress filtering"—they check outbound traffic to make sure it's coming from IP addresses within their network.  This prevents them from filling up their peering connections with bad traffic.  But "ingress" filtering would check to make sure that requests coming in through a router were coming from the proper direction based on their advertised IP source.
Another possible solution that would eliminate the problem entirely is to make DNS use TCP for everything—reducing the risk of forged packets.  DNS already uses TCP for tasks like zone transfers. But that would require a change to DNS itself, so it's unlikely that would ever happen, considering that you can't even convince people to properly configure their DNS servers to begin with.
Maybe the attack on Spamhaus will change that, and core network providers will move to do more to filter DNS traffic that doesn't seem to match up with known DNS servers. Maybe just maybe, BCP 38 will get some traction. And maybe pigs will fly.

Read More

How to Protect Domain Name To Be Hijacked

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So, let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. It is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The Operation of a Domain Name is as Follows:

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows:

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s data (web pages, scripts etc.) are actually hosted.

For a clear understanding let me take up a small example:

John registers a new domain called “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y).

Now, whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What Happens When a Domain Name is Hijacked?

Now, let us see what happens when a domain name is hijacked. To hijack a domain name, you just need to gain access to the domain control panel and point the domain name to some other web server other than the original one. So, to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of  “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the Domain Names are Hijacked?

To hijack a domain name, it is necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients:

1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access to the WHOIS data, go to www.whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this, you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for the words something like: “Registered through:: XYZ Company”. Here XYZ Company is the domain registrar. In case if you do not find this, scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So, to take full control of the domain, the hacker will have to hack the administrative email associated with it. 

Once the hacker takes full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There, he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done, all the details to reset the password will be sent to the administrative email address.

Since the hacker has the access to this email account, he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to Protect the Domain Name from Getting Hijacked?

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. You can read my earlier post on how to protect your email account from being hacked. Another best way to protect your domain is to go for a private domain registration.

When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public.

whenever a hacker performs a WHOIS lookup for your domain name, he will not be able to find your name, phone or the administrative email address. Thus, the private registration provides an extra security and protects your privacy. Even though it costs a few extra bucks, is really is worth for it’s advantages.

I hope that this article has helped you. You can express your feedback through comments.

Read More

Common Internet Scams and Frauds

The term Internet Scam or Internet Fraud refers to any type of fraud scheme that uses one or more online services to conduct fraudulent activities. Internet frauds can be conducted using online programs such as chat rooms, e-mails, message boards or Web sites. In this post, I will discuss about some of the commonly conducted scams and frauds across the Internet.

1. Phishing Scam:

This is one of the most commonly used scam to steal bank logins and other types of passwords on the Internet. Phishing is fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging.

Example:You may receive an email which claims to have come from your bank/financial institution/online service provider that asks you to click a link and update your account information. When you click on such a link, it may take you to a fake page which exactly resembles the original one. Here, you’ll be asked to enter your personal details such as username and password. Once you enter your personal details on this page, they will be stolen away.

Such an email is more than likely to be the type of Internet scam known as “phishing”. Phishing is said to be highly effective and has proved to have more success rate. This is because, most Internet users are unaware of this type of attack and hence fail to identify the scam.

Most legitimate companies never request for any kind of personal/sensitive information via email. So, it is highly recommended that you DO NOT respond to such fraudulent emails. For more information on phishing visit my detailed post on How to identify and avoid phishing scams?

2. Nigerian Scams:

This type of scam involves sending emails (spam) to people in bulk seeking their help to access a large amount of money that is held up in a foreign bank account. This email claims that, in return for the help you’ll be rewarded a percentage of the fund that involves in the transaction. Never respond to these emails since it’s none other than a scam.

In case if you respond to these emails you will be asked to deposit a small amount of money (say 1-2% of the whole fund) as an insurance or as an advance payment for the initialization of the deal. However, once you deposit the amount to the scammer’s account you’ll not get any further response from them and you lose your money. In fact, “The large amount of money” never exists and the whole story is a trap for innocent people who are likely to become victims. The scammers use a variety of stories to explain why they need your help to access the funds. The following are some of the examples of them:

Examples:

• They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account.
• They may claim that the person is a minor and hence needs your help to access the funds.
• They may claim that your last name is the same as that of the deceased person who owned the account and suggest that you act as the Next of Kin of this person in order to gain access to the funds.

3. Lottery Scams:

This type of scam is similar to the one discussed above. In this type, you may receive an email saying that you have won a large sum of money in an online lottery scheme (ex. UK Lottery) even though you have not participated in any such schemes. The message claims that your email ID was selected randomly from a lagre pool of IDs.

When you respond to such emails they initially ask for your complete name and address so that they can mail the cheque accross to you. After getting those details they may also send you an image of the cheque drawn in your name and address so as to confirm the deal. But in order to mail this cheque they demand a small amount of money as insurance/shipping charge/tax in return.

However, if you send the money in a hope to receive the cheque, all you get is nothing. You’re just trapped in a wonderful scam scheme. That’s it.

4. Other General Scams and Frauds

The following are some of the other types of scams that you should be aware of:

In general, be aware of unsolicited emails that:

1. Promise you money, jobs or prizes.
2. Ask you to provide sensitive personal information.
3. Ask you to follow a link to a website and log on to an account.
4. Propose lucrative business deals.

It may seem to be a difficult task for the novice Internet user to identify such online scams. So, here are some of the common signs of such scam emails. By knowing them it may help you to stay away:

• All these scam emails never address you by your name. In turn they commonly address you something like “Dear User” or “Dear Customer” etc. This is a clear indication that the email is a fraudulent one.
• When you observe the email header you may notice in the “TO:” Field that, the same email is forwarded to a large group of people or the “TO:” field appears blank. So, this confirms that the email was not intended particularly for you. It was forwarded for a large group of people and you are one among them.

I hope this post helps. Express your opinions through comments.

Read More

What to Do When Your Email Account is Hacked?

It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out.

In this post, you will find the best possible ways to get back your hacked email account.

For Gmail:

It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try.

Step-1: Try resetting your password! This is the first step and probably the easiest way to get your account back in action. In this process, Google may ask you to answer the secret question or may send the password reset details to the secondary email address associated with your compromised account. You can reset you password from the following link

Gmail Password Reset Link

Update:

Gmail has now introduced a new feature wherein it is possible to reset your password using your mobile number. Once the reset process is initiated, Gmail will send new login details to your mobile number itself.

If you cannot find success from the Step-1, then proceed to Step-2.

Step-2: Many times the hacker will change the secret question and the secondary email address right after the account is compromised. This is the reason for the password reset process to fail. If this is the case, then you need to contact the Gmail support team by filling out the account recovery form. This form will ask you to fill out several questions like:

1. Email addresses of up to five frequently emailed contacts
2. Names of any 4 Labels that you may have created in your account
3. List of other services associated with your compromised account
4. Your last successful login date
5. Account created date
6. Last password that you remember and many more…

You need to fill out this form as much accurately as possible. It is obvious to forget the dates of last login, account creation and similar terms. However, you need to figure out the closest possible date/answers and fill out this form. This is your last chance!

The more accurate the information filled out in the recovery form, the more the chances of getting your account back. You may reach the account recovery page form the following link

Account Recovery Form

For Yahoo and Hotmail:

Unfortunately, for Yahoo/Hotmail there is no second option like filling out the form or contacting the support team. All you need to do is either answer the secret questions that you have setup or reset the password using the secondary email option.

To initiate the password reset process just click on the Forgot password link in your login page and proceed as per the screen instructions.

I hope this post will help you recover the lost account. I highly recommend that you also read my post on How to protect your email account from being hacked and Tips to find unauthorized activity on your Gmail account so that you always stay protected!

Read More

Find Unauthorized Activity on Your Email Account

Do you suspect that your email account is under attack? Do you want to maintain the security of your email account and make it 100 percent hack proof? Well, Some times our email account might have got hacked and we may not be aware of that. We may believe that our email account is safe, but in reality our private and confidential information may be falling into the hands of a third person.

In this post, I will you will find information on how to find unauthorized activity on your account if any and how to stop them.

Signs of  Unauthorized Activity on an Email Account:

1. Your new emails are marked as Read even if you’ve not read them.
2. Your emails are moved to Trash or even permanently deleted without your notice.
3. Your emails are being forwarded to a third party email address (check your settings-> forwarding).
4. Your secondary email address or mobile number is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

Additional Security Features in Gmail:

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you log in to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then there are chances of unauthorized activity.

Steps to Stop the Unauthorized Activity:

If you feel/suspect that your account is hacked, then you must immediately take the actions mentioned below:

1. Change your Password
2. Change your security question.
3. Remove any third party email address (if any) to which your account is set to forward emails.
4. Make sure that you can access the email account of your secondary email address.
5. Also change your secondary email password and security question.

This ensures that your account is safe from future attacks. But I strongly recommend that you read my other post on How to protect your email account? I hope you liked this post. Please pass your comments.

Read More

How To Protect Your Email and Other Online Accounts from Hackers

In this post I will teach you how to protect your email account from getting hacked, in a very simple and easy to understand manner. The tips provided in this post not only applies to your email account, but can also be used to protect any other online account such as your bank logins, Paypal or your social networking account. Nowadays, I get a lot of emails from people where most of them ask me for help on getting back their email accounts. This is because, they have simply fallen victims and have got their email accounts hacked!

Today, it is a common problem for many Internet users to have their email accounts compromised by hackers. But this arises one BIG question in my mind!

“Is it so easy to hack an email account? OR Is it so difficult for people to protect their email account from getting hacked?”.

The single answer to these two questions is “Absolutely NOT!“. It is neither easy to hack an email nor difficult to protect an email account from being hacked.

If this is the case, then what is the reason for many people to lose their accounts?

The answer is very simple. They do not know how to protect themselves from getting hacked! In fact, most of the people who lose their online accounts to hackers are not the victims of hacking but the victims of trapping. They get hacked not because they are hacked by some expert hackers, but because they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I will mention some of the most common pitfalls by which people often fall victims and get their accounts compromised. In addition to this, I will also give information on how to avoid these pitfalls and stay protected.

1. Website Spoofing (Phishing Scam)

Website spoofing, also known as phishing is the act of creating a fake website with the intention of misleading the visitors. The website will be created by a different person or organization (other than the original) especially for the purpose of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a spoofed website of Yahoo.com appears exactly same as Yahoo Website. So, most people would believe this as the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their login details. For this, the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail or Facebook. Since they resemble the original login page, people believe that it is true and give away their login details to the hackers by trying to login to their accounts.

Solution:

• Never try to login/access your online account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site. Do not click on a hyperlink to enter the site.

2. By using Keylogger (Spyware)

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. This is because the keylogger records each and every keystroke that you type on the computer’s keyboard.

Solution:

Protecting yourselves from a keylogger scam is very easy. Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. For more information, you may read my other post on How to Protect your Computer from keyloggers?

3. Accessing your Email from a Public Place

Do you access your email from public places like cyber cafes? If so, you are definitely under the risk of losing your password. In fact, many people lose their email account in cyber cafes. For the owner of the cyber cafe, it is just a cakewalk to steal your password. For this, all he need to do is install a keylogger program on his computers. So, when you login to your email account from this PC, you give away your password to the cafe owner. Also, there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for surfing the Internet. I know, not all the cyber cafe owners will be so wicked. However, it is recommended not to use public places for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own computer to login to my accounts so as to ensure the safety.

So with this I conclude my post and assume that I have helped my readers to protect their online accounts from being hacked. Please pass your comments.

Read More

How to Detect a Web Proxy

Using a web proxy (Anonymous IP) is the simplest and easiest way to conceal the real IP address of an Internet user and maintain the online privacy. However, proxies are more widely used by online fraudsters to hide their actual geolocation such as a city/country through a spoofed IP address.

As the fraudsters are now becoming more sophisticated in bypassing the geolocation controls by using a web proxy, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Following are some of the examples where the fraudsters use a web proxy to hide their actual IP address:

• Credit Card Frauds

  For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use geolocation to block orders from countries like Nigeria and other high risk countries.
  So, in order to bypass this restriction, the credit card fraudster uses a proxy to spoof his IP address so that, it appears to have come from New York. The IP address location appears to be a legitimate one as it belongs to the the same city as that of the billing address. In this case, a proxy check would be needed to flag this order.

• Bypass Website Country Restrictions

  Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So, a user from say China may use a proxy so as to make his IP appear to have come from United States so that he/she can earn from participating in the paid survey.

Proxy Detection Services:

In order to stop such online frauds, Proxy Detection has become a critical component. Today, most of the companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.

Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?

Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.

The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this, it would be possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Check whether a given IP is Real or a Proxy?

There are a few free sites that help you determine whether or not a given IP is hiding behind a proxy. You can use free services like WhatisMyIPAddress to detect IP addresses that are hiding behind a proxy. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.

So for all those who think that they can escape by using a web proxy, this post is the answer. I hope this information helps. Pass your comments

Read More

Tips to Avoid Getting Adware

Adware, malware, spyware and viruses can bring your system to its knees. They are detrimental, lowering the performance of your computer and as a result of which you may have to lose some important files. So, here is a way to keep the nasties away from your computer using these ten simple tips.

1. Use Firefox: Internet Explorer is the most popular browser on the market, controlling over 50% of the market share. The virus and adware creators specifically look for exploitable vulnerabilities within IE because they know that they will receive the best return on investment. Your switch to Firefox prevents some adware from infecting your machine.
2. Scan your PC once a week: Sometimes adware programmers take a sneaky approach. They will set up their programs to run quietly in the background to spy upon your activities. This once a week scan is necessary to remove any of those sneaky bugs.
3. Download from known sites: New sites for installing adware are popping up all the time. If you find something that you want to download, make sure that it is from a known site. A company like Amazon will not steer you wrong, but Bob’s House of Wares might be a little less trustable. If you are not sure whether you can trust a site, perform a quick search.
4. Install Adaware: Ad-Aware is the most popular free adware removal program on the market. It detects, quarantines and removes adware. It searches for other programs which may have been installed, highlighting them in an easy to use interface. This program does not have an anti-virus attached.
5. Do not click on unsolicited email: You are constantly receiving offers to increase this or improve that through unsolicited email. Your curiosity may be killing you, but don’t click on these emails. They accept your click as permission to install adware, spyware and malware on your PC.
6. Install Antivirus software: Installing two programs for virus and adware protection is a smart idea. It caters to the strengths of each program, increasing the overall strength of your antiadware and antiviral campaign. Some of the best antivirus software is free, providing real time protection. Programs to look at would be Avast Antivir and AVG.
7. Don’t install toolbars: Even some reputable sites install custom toolbars. They slow your system down and collect information about your surfing habits. While a toolbar might offer some perks, it may also diminish your experience by dragging your system to a halt. Toolbars from less reputable places install adware and sometimes infect your system outright.
8. Look at your task manager: If anything seems out of place with your computer, take a look at your task manager. This tells you about all of the programs and processes which are running on your computer. Examine the processes tab for anything which you don’t immediately recognize. Perform a web search for unfamiliar processes.
9. Do not click on popups: Clicking on a pop-up usually spells certain doom for your computer. It opens the door for the viruses and adware that want to infect your machine, telling these malicious applications to make themselves at home. Stay away from those constantly advertised screensavers and icons.
10. Trust your gut: If you don’t feel right about a site, don’t go there. If you are receiving warnings from the antivirus and antiadware programs which you’ve installed, don’t go there. If you don’t like the layout of a site, don’t go there. Trust your instincts about sites.

Be vigilant: With proper vigilance, you can keep aggravating adware, spyware and malware from your machine. Trust your instincts. Install Ad-Aware and an antivirus program. Play it safe. The care you spend in preventing adware from infecting your machine can save money and time.

Read More

How to Test the Working of Your Antivirus

Have you ever wondered how to test your antivirus software so as to ensure it’s proper working? Well, here is a quick and easy way to test your antivirus. The process is called EICAR test. This test is designed to work on any antivirus software and was developed by European Institute of Computer Antivirus Research.

This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer.

Here is a step-by-step procedure to test your antivirus:

1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.

   
   
   EICAR Test code
   
   X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
   
   

2. Rename the file from “New Text Document.TXT” to “virus-sample.com”.
3. Now run the antivirus scan on this “virus-sample.com” file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.

NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.

You can also place the “virus-sample.com” file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus while scanning this file should respond exactly as it will do for a genuine virus/malicious code.

This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence, it is the safest method to test the proper functioning of any antivirus.

How EICAR Test Works?

During the development of the antivirus software, the AV programmers flag the EICAR test code/string as a verified virus. This is a standard adopted by every AV company so as to make the testing process simple and risk-free. Therefore, every antivirus will respond to EICAR string in the same way it does for a genuine malicious code.

Read More

How to Protect Your Computer from Keyloggers

Keyloggers have been a major problem today as it does not require any prior knowledge of computers to use it. So, it is often used by hackers to steal passwords, credit card numbers and other confidential data from your computer. Below are some methods through which you can protect your computer from keyloggers:

1. Use a Good Antivirus

This is the first and the basic step that you need to take in order to protect your computer from keyloggers and other online threats. Use a good antivirus such as Kaspersky, Norton or McAfee and update it regularly.

2. Use a Good Antispyware

If you are a frequent Internet user, then you could be exposed to a number of spywares on a regular basis. Since keylogger is basically a spyware, it is better to install a good antispyware program. Make sure that the antivirus and the antispyware you use do not conflict with each other.

3. Antilogger can be Handy

Antiloggers are the programs that detect the presence of keyloggers on a given computer. Over the past few years, I have tested a lot of anti-logging programs and have found Zemana Antilogger as the best one.

Normally, a keylogger can easily be detected by a good antivirus program, but hackers may use some methods such as hexing, binding or crypting to make it harder for the antivirus program to detect it. In this case, Zemana Antilogger comes handy as this program is specially designed to protect your PC against harmful keyloggers.

4. Online Scanning

When ever you receive a suspicious file, you scan it with online scanners such as Multi engine antivirus scanner which scans your file with 24 popular antivirus engines and reports it back to you if the file is recognized as a virus or spyware. This ensures that none of the malicious programs can escape from being detected as there are 24 different antivirus engines involved in the scanning process.

5. Use Sandboxie

Sandboxie is another great program to help you protect your computer against harmful keyloggers and spywares. Sandboxie runs your computer in an isolated space which prevents your program from making permanent changes to other programs in your computer.

When ever you receive a file that looks suspicious, just run the program with Sandboxie so that, you can test it without the risk of making permanent changes to your computer.

To run a program in Sandboxie, follow the steps as mentioned below:

1. Open the Sandboxie tool and click on sandbox menu on the top.
2. Now go to Default sandbox.
3. Then click on run any program.
4. Now select the file you wish to run in sandboxie and click open.

6. Keyscrambler

Keyscrambler is one of the best program that offers protection against keyloggers. It is a small program which encrypts your keystrokes so that, even if your computer has a keylogger installed on it, only the encrypted keystrokes are captured by the keylogger and not the actual ones.

The free version of Keyscrambler currently supports Firefox, IE and a few other applications. However it’s premium version supports more than 160 applications.

Hope you liked my post! Pass the comments.

Read More

How to Trace Any IP Address ?

In my earlier post, I had discussed on How to find the IP address of a remote computer. But once you obtain this IP address, it is necessary to trace it back to the source. So, in this post I will show you how to trace any IP address back to it’s source.

In fact, tracing an IP address back to it’s location is a lot simpler than what many people imagine. There exists many online tools using which you can accomplish this job. One of my favorite site is IP2Location.com.

Just go to http://www.ip2location.com/demo.aspx and enter the IP address that you want to trace in the dialog box and click on “Find Location”‘. With just a click of a button you can find the following information for any given IP address:

• Country in which the IP is located
• City to which the IP address belongs to
• Latitude/Longitude of the IP’s location
• Zip Code of the region to which the IP belongs to
• Time Zone associated with the IP
• Name of the ISP to which the IP address belong to
• Internet Speed of the computer associated with the IP
• Weather Station associated with the region of the IP
• Domain name associated with the IP address

A sample snapshot of the results from ip2location.com is given below:

You can also visually trace route any IP address back to it’s location. For this, just visit http://www.yougetsignal.com/tools/visual-tracert/ and enter the IP you want to trace in the dialog box and hit the “Proxy Trace” button. Wait for few seconds and the visual trace route tool displays the path Internet packets traverse to reach a specified destination. Hope this helps. Please pass you comments.

Read More

How to Find the IP Address of a Remote Computer

Most of you may be curious to know how to find the IP address of your friend’s computer or the IP of the person with whom you may be chatting. If so, then this post will surely help you out.

In this post I’ll show you how to find the IP address of a remote computer in simple steps.

I have created a PHP script to make it easier for you to capture  the IP address of the any computer of your choice. Here is a step-by-step process to find out the IP address:

1. Download the IP Finder Script (IP_Finder.ZIP) that I have created from the following link:
   Download the IP-Finder-Script
2. Open a new account in X10Hosting (or any other free host that supports PHP).
3. Extract the IP_Finder.ZIP file and upload the two files ip.php and ip_log.txt into the root folder of your hosting account using the File Manager.
4. You can rename the ip.php to any name of your choice.
5. Set the permission to 777 on ip_log.txt.

Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of ip.php to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file ip_log.txt.

For your better understanding let’s take up the following example:

Suppose you open a new account in X10hosting.com with the subdomain as abc, then your IP Finder link would be:

http://abc.x10hosting.com/ip.php

You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the ip_log.txt file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.

To find the recorded IP address, check the logs using the following link:

http://abc.x10hosting.com/ip_log.php

The sample log will be in the following format:

79.92.144.237 Thursday 07th of May 2009 05:31:27 PM
59.45.144.237 Thursday 07th of May 2009 05:31:28 PM
123.92.144.237 Thursday 07th of May 2009 05:31:31 PM

NOTE: You have to replace abc with your subdomain name.

I hope this helps. Express your opinion and suggestions through comments.

Read More

Create a CON Folder in Windows

Have you ever tried to create folders with names such as “con”, “prn”, “nul” “com1″ “com2″ “lpt1″ etc. but failed? Is it impossible to create folders with such names in windows?

Well, the answer is NO and YES!

NO because, when create a new folder and try to rename it to any one of the above specified names, you know what happens! In Windows XP the folder name automatically changes back to “New Folder” no matter you try to renaming it any number of times. Where as in case of Windows Vista and Windows 7, when you try to rename the file you get an error message saying “The specified device name is invalid”.

What is the reason behind this? Simple, these names represent the internal devices of the operating system and hence we cannot create folders with the above names.

YES because it is still possible to create these folders using some simple methods as explained below:

1. Using Command Prompt:

Here is a step-by-step procedure to create the “con” folder using the command prompt:

1. Go to the command prompt:
2. Type in the command prompt (For ex. To create a folder in the E: drive by name: “CON”)
   C:\>md \\.\e:\con
   
   NOTE: “con” can be replaced by any other names such as “prn”, “nul” “com1″ “com2″ “lpt1″ etc.
3. In case if you wish to delete the folder, use the following command:
   C:\>rd \\.\e:\con
   

NOTE: This folder can only be deleted from the command prompt. You cannot remove it by right-click delete.

2. Using ALT Key and Numeric Keypad:

You can also use the Alt key and the Numeric keypad to accomplish the same job in a much easier way. Here is how you can do it:

1. Create a New folder (Right-click -> New -> Folder)
2. Once the new folder is created, right-click on it and select the option “Rename”.
3. Hold down the ALT key and type 0160 from the numeric keypad (ALT+0160) and release the ALT key.
4. Now, the folder name should go blank so that you can type any name of your choice such as “con”, “prn” “nul” etc. and press Enter. That’s it, you’re done!

Read More

What is CAPTCHA ? See His working

CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer.

In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.

Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So, in this post you will find a detailed information on how CAPTCHA works and why they are used.

What Purpose does CAPTCHA Exactly Serve?

CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans.

For example, while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

For many, the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of the automated software to generate a huge quantity of requests thereby causing a high load on the target server. This could lead to a degrade the quality of service of a given system, either due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.

Who Uses CAPTCHA?

CAPTCHAs are mainly used by websites that offer services like online polls and registration forms.

For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However, upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.

Designing a CAPTCHA System:

CAPTCHAs are designed on the fact that, the computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because, computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes, characters are stroked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.

Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.

Breaking the CAPTCHA:

The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images.

However, there is no universal algorithm that could pass through and break any CAPTCHA system. Thus each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to the spammers.

Read More