Jump to content
Unibet Home
Poker Community

Captcha situation ?!

theStranger1

By theStranger1
in General Poker

 Share

Recommended Posts

Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
1 hour ago, z555 said:

First, let's have a moment to appreciate the surreal situation. Humans are now using automated batch scripts to avoid bot detection. 

On a more serious note, we could ask ourselves. Why?  Why is the captcha there in the first place?  It's placed after we type in the "password and user" but before we send that data to the server. 

In this spot, the captcha protects against two distinct threats,  Brute Force Attacks (BFAs) and Automated-Login-Threats (ALTs).

A Brute Force Attack is a hacker trying to guess your login and password. An Automated-Login-Threat is more related to people deploying poker bots or collusion software. 

Captcha has at least two mechanisms of protection delaying tactics and intelligence detection.  Delay tactics render brute force attacks impossible.  Intelligence detection mainly hampers ALTs. 

 

Captcha technology is useful in protecting client accounts and the poker environment. So why are we celebrating that Captcha can be circumvented with a single line in a .bat file? Don't get me wrong; solving a captcha before (re)entering the client is hugely annoying. And that's the reason why I stopped playing. 

But seeing a possible security vulnerability glorified as a workaround is mind-blowing. The workaround shows how easy it is, and was, to bypass Captcha challenges. Deleting one file is enough. I'm no expert in cybersecurity, but this looks clumsy. There may be deeper safety checks in the (login)-system; in that case, I'm worrying over nothing. 

You've misunderstood a few different things. Most importantly, deleting the cookie file doesn't disable the captcha solution; it just means it won't trigger when it shouldn't. It will still trigger when it's an actual bot.

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites
  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

theMachine
theMachine

THIS_IS_OUTRAGEOUS 

Purps
Purps

Cookie method seems to work. But indeed it has to be done every time you want to login.   If you want to make it as easy as possible, you can make a simple batch-file to do the clearing for

z555
z555

My workaround for this moment.  Make a partypoker account, make a 500€ transaction and play without any hassle.       

Posted Images

Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
6 hours ago, mafiaboyXXX said:

clean the PC with CCleaner and reinstall unibet by deleting the history from the computer to get rid of cookies and errors...

That will not work.

The release yesterday had a temporary workaround, so you shouldn't se captchas on new client launch. Still working on a proper solution and you can of course still get the captcha if Google are giving you a low score regardless of this issue.

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites
z555 Rank 4

z555

Posted
Posted
6 hours ago, mafiaboyXXX said:

reinstall unibet by deleting the history from the computer 

Should I install a new future on the disk drive? 


In my opinion, 99% of all Cleaner programs are viruses. They work like this: 

A website will fake a virus using some harmless JS/HTML code. This might look scary, but it's confined to the browser sandbox. At this point, nothing is compromised, but it spooks the uninformed user to install a PC cleaner program. Cleaner programs are .exe files. These are installed outside the browser sandbox and have full access to all the computer resources.  


To be clear.

I don't fear for my computer's safety. Deleting that cookie from the poker client isn't harmful to my computer. However I still remain critical towards workaround. 
 

 

Link to comment
Share on other sites
z555 Rank 4

z555

Posted
Posted

1. A login can only be done through the poker client.
Encryption protocols are secret and safely tucked into the poker client. So all attacks have to happen through the client. This is good because the client is always between the attacker and the server. 

2. Every installed poker client should be uniquely identifiable.  
As any poker player has a unique login name, a poker client should have a unique client-id. This client-id is set during the first client-server interaction after installation. In principle, it is set once and remains the same forever. The server will request a new captcha token from Google to be used with this poker client. This means all login attempts from a poker-client are linked to a single captcha-token. This is the way it should be. 

3. The problem.
Deleting the cookie-file fools the client into thinking this is a new installation. It will contact the server claiming it is a new installation.  The server believes the client and grants a new poker-client-id every time. The server also requests a new captcha-token from Google. This means every login from the same poker-client uses a different captcha-token.  

 


@Stubbe-Unibet I don't know how to manage a large product like a poker site. It requires a lot of skills that I don't possess. However, my skills include SQL , C++ , and JS. It's hard to be sure who misunderstood who. 

 

Link to comment
Share on other sites
Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
1 minute ago, z555 said:

1. A login can only be done through the poker client.
Encryption protocols are secret and safely tucked into the poker client. So all attacks have to happen through the client. This is good because the client is always between the attacker and the server. 

2. Every installed poker client should be uniquely identifiable.  
As any poker player has a unique login name, a poker client should have a unique client-id. This client-id is set during the first client-server interaction after installation. In principle, it is set once and remains the same forever. The server will request a new captcha token from Google to be used with this poker client. This means all login attempts from a poker-client are linked to a single captcha-token. This is the way it should be. 

3. The problem.
Deleting the cookie-file fools the client into thinking this is a new installation. It will contact the server claiming it is a new installation.  The server believes the client and grants a new poker-client-id every time. The server also requests a new captcha-token from Google. This means every login from the same poker-client uses a different captcha-token.  

 


@Stubbe-Unibet I don't know how to manage a large product like a poker site. It requires a lot of skills that I don't possess. However, my skills include SQL , C++ , and JS. It's hard to be sure who misunderstood who. 

 

Not sure how your post could be misunderstood:

"But seeing a possible security vulnerability glorified as a workaround is mind-blowing. The workaround shows how easy it is, and was, to bypass Captcha challenges. Deleting one file is enough."

I replied to the above. Again, it's not a security vulnerability. It's not bypassing the captcha solution

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites
Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
17 minutes ago, z555 said:

Deleting one file fools the system enough to provide a new ID for captcha purposes. making cross-session evaluation impossible for the captcha. That seems like a bypass.

No, it's not a bypass that results in a potential security vulnerability. Let's leave it at that 🙂

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites
z555 Rank 4

z555

Posted
Posted
2 minutes ago, Stubbe-Unibet said:

No, it's not a bypass that results in a potential security vulnerability. Let's leave it at that 🙂

Yes, it's a bypass that almost certainly has no further significant security implications. 

  • Haha 1
Link to comment
Share on other sites
Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
25 minutes ago, z555 said:

Yes, it's a bypass that almost certainly has no further significant security implications. 

No 😅  reCAPTCHA is not that basic and the cookie file for the client is not as critical is you seem to believe - there's a reason I suggested to delete this one initially.

Even if we said the cookie file is fundamental, it wouldn't be a bypass as no history is not exactly = high trust. Quite the contrary.

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites
mafiaboyXXX Rank 6

mafiaboyXXX

Posted
Posted
On 4/19/2023 at 8:32 AM, z555 said:

Should I install a new future on the disk drive? 


In my opinion, 99% of all Cleaner programs are viruses. They work like this: 

A website will fake a virus using some harmless JS/HTML code. This might look scary, but it's confined to the browser sandbox. At this point, nothing is compromised, but it spooks the uninformed user to install a PC cleaner program. Cleaner programs are .exe files. These are installed outside the browser sandbox and have full access to all the computer resources.  


To be clear.

I don't fear for my computer's safety. Deleting that cookie from the poker client isn't harmful to my computer. However I still remain critical towards workaround. 
 

 

erasing the history is good and for trojans, viruses and worms I use SuperAntiSpyware...

Link to comment
Share on other sites
GothMoth Rank 21

GothMoth

Posted
Posted

Countries.thumb.png.d33367714798ff19b4c2d396d117783a.png

No captchas since I tried UK instead of English(intl), now with English(intl) no captchas too.

It shouldn't work as a solution and is not an option for everyone.

 

I wonder why every time when I open the client the country/language screen is still present and if it's a common thing now and is there any option to simply skip it? I haven't deleted cookies or anything which might be related to it.

 

 

Link to comment
Share on other sites
SShcherbyna Rank 25

SShcherbyna

Posted
Posted
52 minutes ago, GothMoth said:

I wonder why every time when I open the client the country/language screen is still present and if it's a common thing now and is there any option to simply skip it? I haven't deleted cookies or anything which might be related to it.

This is for this reason:

Screenshot_20230422_150703_Discord.thumb.jpg.a679f2e82915e523b76ceb13558b5a38.jpg

And the choice of country should not affect the captcha, because it does not affect your IP and bot rating in the eyes of google. Probably just a coincidence. I also don't get a captcha every time and I can't find any pattern.

  • Thanks 1
Link to comment
Share on other sites
  • 2 weeks later...
WaitButWhy

WaitButWhy

Posted
Posted

Deleting the cookie file works for me most of the time, but not always. e.g today Captcha still appeared right after deleting cookies & launching client. I  don't mind solving a couple of puzzles , but more than 10 seems excessive. 

Really wanted to play on the site today as it was the last day I could clear a bonus. Oh well.  Please get this fixed asap,

Link to comment
Share on other sites
  • 4 weeks later...
  • 3 weeks later...
MarkinBristol

MarkinBristol

Posted
Posted

My heart sinks every morning when I know that I have to sign on to Unibet to place bets and I'm confronted with the dreaded reCaptcha screens. The other day I counted 41 screens before I was allowed in (I did report it but had no reply). No other website I use has such a stringent sign on process - the only other one that even uses reCaptcha currently is Sky Sports that I can watch via my Virgin Media account, which presents 2 or 3 reCaptcha screens at most. I think I'm developing an aversion to fire hydrants, buses, bicycles, motorbikes, pedestrian crossings, stairs, traffic lights. taxis and even tractors. This is a relatively recent problem but given the number of adverse comments, isn't it time that Unibet resolved this issue?

  • Sad 1
Link to comment
Share on other sites
Stubbe-Unibet Rank 40

Stubbe-Unibet

Posted
Posted
18 hours ago, MarkinBristol said:

My heart sinks every morning when I know that I have to sign on to Unibet to place bets and I'm confronted with the dreaded reCaptcha screens. The other day I counted 41 screens before I was allowed in (I did report it but had no reply). No other website I use has such a stringent sign on process - the only other one that even uses reCaptcha currently is Sky Sports that I can watch via my Virgin Media account, which presents 2 or 3 reCaptcha screens at most. I think I'm developing an aversion to fire hydrants, buses, bicycles, motorbikes, pedestrian crossings, stairs, traffic lights. taxis and even tractors. This is a relatively recent problem but given the number of adverse comments, isn't it time that Unibet resolved this issue?

@MarkinBristol Now I noticed you reference bets and can see you never had the issue in the poker client. There's no issue with captcha on the website, in the sense there's no known bug. 

Also had a look at the logs and can only see one login where captcha was triggered the last two weeks. Got the impression you're getting it more often?

Check the latest poker release notes. Have a look at our poker promotions

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
Gambling can be addictive. Play responsibly.

Copyright 2021, Unibet. All rights reserved.

"UNIBET" is a registered trademark. UNIBET is not affiliated or connected with sports teams, event organisers or players displayed in its websites. UNIBET is not affiliated or connected with any mobile brand

This website is operated by Trannel International Ltd whose registered office is Level 6 - The Centre, Tigne Point - Sliema, TPO 0001 - Malta

The official number and date of issue of the license is MGA/B2C/106/2000 issued on 1st August 2018 valid until 17th July 2028.Trannel International Ltd is licensed by the Malta Gaming Authority (MGA). This public regulatory body is responsible for the governance of all forms of gaming based in Malta. Find out more about the MGA at www.mga.org.mt

Gambling can be addictive. Play responsibly.

×
×
  • Create New...