Automated Bot Spam

Forum Moderators: phranque

Message Too Old, No Replies

Automated Bot Spam

roberthilley

6:17 pm on Aug 14, 2006 (gmt 0)

I am having a serious issue with spam coming in through out contact forms ... there are all automated bots filkling out the form ... I heard that CAPTCHA has been cracked ... is this true?

Does anybody have any suggestions on how stop this problem ... is CAPTCHA the best thing to try at first?

Frank_Rizzo

8:58 pm on Aug 14, 2006 (gmt 0)

Rename your form. Simple!

rocknbil

9:11 pm on Aug 14, 2006 (gmt 0)

That will last oh, about a day. :-D
Same is true of renaming your form processor (sever-side script.)

Captcha is a good place to start. The issue of spammers is one of degrees. Sometimes a simple rename will make them give up (or appear to.) Sometimes a Captcha will make them stop. Sometimes they will figure out how to get around this (I have seen it done, but have not figured out how they do it.) Sometimes simply changing the programming methods to make it more difficult will make them stop. So I'd say that is a good place to start.

I say "or appear to" because I've watched a few hundred domains over a period of a few years. They'll hit like crazy for a day, or even a few hours, then go away. You think you won. A month, two, as much as 6 months later, here we go again, from the same group of IP's. The only way to be sure is to watch them over time.

More of my ideas on this in this thread [webmasterworld.com]. Fighting this starts with a basic task: log all data being input to your scripts. If it accepts input data - log it.

roberthilley

3:49 pm on Aug 24, 2006 (gmt 0)

Thanks for the input and the link to the post you have discussed in the past! I am gonn agive some of them a try and then sticky you my results should they work.

jtara

4:06 pm on Aug 24, 2006 (gmt 0)

There are many different captchas. Some have been cracked, some haven't. Some are more difficult to crack than others. I'd suggest that you do some searchs and look for comparisons of captcha techniques before choosing one. There's a tradeoff, as, in general, the more difficult one is to crack, the more difficult it is for a human to read, as well.

MatthewHSE

11:16 pm on Aug 24, 2006 (gmt 0)

Seems to me I've heard something about OCR being used to crack CAPTCHA's. That seems like it would be a very resource-intensive procedure, but then when you have 2500 zombie PC's at your disposal, maybe resources don't matter so much...

Rosalind

9:40 pm on Aug 26, 2006 (gmt 0)

I heard that CAPTCHA has been cracked ... is this true?

Yes, image-based captchas can be cracked. They are beginning to be adopted more widely, because they do stop a certain percentage of spam. But as more websites adopt captchas, it becomes more valuable to spammers to be able to crack them.

g1smd

10:17 pm on Aug 26, 2006 (gmt 0)

Related thread: [webmasterworld.com...]