What if every time you encountered a CAPTCHA, it’d be magically solved saving you time and headache? To some, captchas are just an annoying time sink. To others, it's all the rage, but most of us would agree that CAPTCHAs are one of the most hated things on the internet.

Captcha is a filter in the form of a challenge-response to distinguish genuine humans from bots. However, captchas are not designed to tell which specific human is behind the request, and they can only tell whether it's a human or an automated computer program (a bot). Some people figured that the captcha-solving process could be automated by employing real humans to solve captchas. There was enough demand from people who had a hard time deciphering captchas as well as black hat actors. At the same time, under-developed countries could provide enough supply in the form of cheap labor, thus creating the captcha-solving industry.

What is a CAPTCHA Farm?

CAPTCHA-solving service providers offer browser extensions and mostly support API integration, to detect and solve captchas automatically as you encounter them while browsing the web.

CAPTCHA farm is one of the captcha-solving methods, it refers to automated captcha recognition services where captchas are directed through an API to human workers who solve captchas remotely in exchange for a small income. It's popular in under-developed countries such as India and Bangladesh, where 50 cents per hour is considered a decent wage.

How do CAPTCHA Farms Work?

CAPTCHA farms can be in the form of online earning platforms where workers can directly register to the platforms or gather through freelancer websites where payments are usually made per 1000 captchas solved. After the workers have downloaded the necessary software, they will be presented with their work material, captchas.

There are also local groups that operate as CAPTCHA farms. A 20-year-old student in Bangladesh said to the New York Times that he has a team of 30 students who work for him filling in captchas to supplement their pocket money. At the same time, another operator stated that his firm has 30 computers and three shifts of workers that allow the operations to run 24 hours a day.

Dark Side of CAPTCHA Solving Industry

The Threat of CAPTCHA Farms

CAPTCHA is built to protect the ecosystem of the internet from automated programs, which can cause fraud and abuse. By providing an automated captcha recognition service at scale without any regulation over the customers’ identities, CAPTCHA farms inevitably become a tool that empowers black hat activities.

They are often used in bot attacks. Bot developers can query CAPTCHA farm services via an API to enlist humans to solve CAPTCHAs, making it as easy as calling a function in the bot’s code. With low service fees, CAPTCHA farms allow bot attackers to effectively reduce costs and scale up their attacks.

Popular captcha-solving services do not shy away from advertising their compatibility and integration with many black-hat SEO software. SEO is a massive market where the success of businesses and marketing agencies is mainly determined by their content creation and link-building efforts. Some firms use automated programs to gain an edge in the SEO game. Scraping web pages (often competitors’ content), publishing it on their platforms, then using automation to submit the content to other online platforms in an attempt to gain backlinks and resulting in a higher SEO ranking for the fraudsters while potentially damaging their competitors at the same time.

The first captcha was deployed by the search engine AltaVista, aimed to stop automated URL submissions (a type of black hat SEO) into its index.

CAPTCHA is used to prevent both web scraping and automated submission requests, yet when it is neutralized by captcha-solving farms, nothing is stopping black hats from getting their way. Without an effective way to distinguish automated programs from genuine humans, online polls can be deceived, account takeover attacks and scraping of online content couldn’t be effectively prevented, and spam would take over online platforms.

Legal Implications of CAPTCHA Farms

Neither CAPTCHA farms nor the act of CAPTCHA solving is illegal by law. However, it is evident that CAPTCHA farms are used for unlawful purposes by cybercriminals.

One such case is documented by a New York Attorney General’s office report in 2016 when criminals used captcha farms to allow their bots access to the ticketing sites. Then, these bots are used to collect tickets to plays, concerts, and other events, buying all the tickets within the second they became available, only to resell them for higher prices afterward.

The Bots transmit in real-time images of the CAPTCHAs they encounter on Ticketmaster and other sites to armies of “typers,” human workers in foreign countries where labor is less expensive.

According to the report, the criminals used captcha farms to allow their bots access to ticketing sites. These bots are then used to collect tickets to plays, concerts, and other events as soon as the tickets become available, only to resell them on the black market for higher prices.

Can CAPTCHA Providers Stop CAPTCHA Farms?

Cybersecurity is a cat-and-mouse game, and security solution providers have to be always up-to-date with their products against evolving and newly emerging threats. CAPTCHA farms are no different, in that they are a threat to the security of online businesses, and captcha solutions as a necessity for cybersecurity have to keep up with them.

Advanced captcha solution providers such as GeeTest, can mitigate CAPTCHA farms through environment and origin detection techniques to keep the internet safe and trusted for all enterprises.

Geetest Captcha: An Advanced Bot Management Solution Combating CAPTCHA Farms

In the early Internet, fraudsters utilized automated attacks on systems. CAPTCHA helped mitigate bot threats during that period. With the increasing sophistication of cyber attacks, traditional CAPTCHAs are inadequate in bot detection and mitigation.

Considering the complexity of configuration, internal coordination challenges, and high costs, many companies are reluctant to adopt complex management platforms. Instead, they prefer a comprehensive, easy-to-use tool to ensure network security. This is where Geetest Adaptive Captcha comes.

With over 12 years of bot management experience, Geetest launched the Adaptive Captcha as a superior alternative to traditional captchas for combating sophisticated threats such as CAPTCHA Farms.

Active and Dynamic Security Strategies

GeeTest Adaptive CAPTCHA can proactively defend before attackers with 7-layer dynamic protection and up to 4374 security strategies per cycle.

Unlike passive, static, and post-analysis captchas on the market, it actively updates and verifies, introducing labeled parameters captcha_token to flag suspicious users and continually monitoring abnormal behaviors to prevent sophisticated attacks such as CAPTCHA farms.

Real-Time Traffic Analysis Dashboard

GeeTest Adaptive CAPTCHA provides a reporting and analyzing service-GeeTest Traffic Analysis Dashboard. It equips a range of features to help you monitor and analyze traffic patterns, including setting up customizable detection alerts to deal with dirty IP requests, CAPTCHA farms, emulators, brute force attacks, and more.

Powered by Machine Learning and AI Training

It is powered by machine learning and AI training, which enhances security performance and continuous updates of the risk database by collecting data for its risk engine to identify malicious features precisely.

Easy Installation and Management

There are only three steps (register, activate, and integrate) required to install Geetest Adaptive Captcha. Each business event integration takes only half a day.

Regarding operations and maintenance (O&M), most upgrades can be handled independently by Geetest, without needing enterprise involvement. This streamlined O&M approach frees administrators from complex and time-consuming processes, thereby reducing costs.

If you are interested in an advanced, cost-effective, and fun captcha as a bot management tool to combat cyber attacks such as CAPTCHA farms sophisticated bots, register or try the Demo of GeeTest Adaptive CAPTCHA to protect your website, app, and APIs now!