Seconding this. Many sites are broken or inaccessible to me in qutebrowser lately due to Cloudflare captchas. I'd rather allow some bots in than lose the ability to use the site my preferred way.
There are dozens, if not far more, of captcha solver API's for extremely cheap. Captcha is very shallow bot "security" theater, they just deter the cheapest attempts.
latest greatest versions of captcha are more resilient to these types of services, but it's a cat and mouse game. I would recommend that you, as a sysadmin, learn at least the most basic things about this stuff.
I think it depends on how determined the actor is. I see all the range from your simple scripts to full on mimicking real user behavior that I can only really spot from the honeypots they hit.
You'd probably catch most the low hanging fruit for sure, but you would cause friction for real users.
I say this as someone who has enabled captcha on some of our more critical endpoints, there's definitely a place for it.
My website's contact form has a reCAPTCHA and it still gets spam sent through it (though vastly less). They pass the reCAPTCHA somehow. My contact form literally only emails me and they still do it.
opan|1 month ago
gilrain|1 month ago
JohnMakin|1 month ago
latest greatest versions of captcha are more resilient to these types of services, but it's a cat and mouse game. I would recommend that you, as a sysadmin, learn at least the most basic things about this stuff.
properbrew|1 month ago
You'd probably catch most the low hanging fruit for sure, but you would cause friction for real users.
I say this as someone who has enabled captcha on some of our more critical endpoints, there's definitely a place for it.
fragmede|1 month ago
electroly|1 month ago