reCAPTCHA Mailhide Google Dork

25 Jul 2011

I've always had this in memory but never use it for anything useful, however I thought I'd share with the world rather than keep it to myself. The impact is that a spammer can enumerate what should be hidden e-mail addresses with the aid of CAPTCHA cracking services such as deCAPTCHA.

Google Dork inurl:d?k

You can use this query, or scan the web yourself looking for these URLs. The best way would be to create your own e-mail hiding script, one that is unique, that way spam bots won't have a clue what they're doing.

Spamming users of recaptcha would be a waste of energy they are very unlikely to succumb to offers of cheap Viagra. However social engineering attacks would still be viable.