[typo] AJAX comment spam
trejkaz at trypticon.org
Sun Mar 12 19:50:33 EST 2006
Piers Cawley wrote:
>> The only other thing we can do is raise the bar some more,
>> e.g. require OpenID authentication for all comments. But things
>> like that, a spammer can always work around. Unfortunately, I
>> really, really, really hate CAPTCHA setups, but that's starting to
>> look like the only way to stop it.
> You can get round CAPTCHAs too by re-serving the captcha images as
> legitimate captchas on, say, your porn sites and feeding the punter's
> response back to the spammed site. Even if you miss the timeout 9
> times out of 10, there's always another punter.
I'm not sure I follow you, but how does this allow a spammer to decode
my CAPTCHA in order to successfully post a comment?
Ultimately it would surely come down to text recognition, and if the
CAPTCHA is good enough (or if it's not even text, or does something
really unique) then that would make it much harder for a bot to get a
Though of course, if they submit enough, then it comes down to
statistics, and eventually something will get through. But perhaps by
then, their IP has been auto-blacklisted.
I still don't like CAPTCHAs though... at least not image-based ones.
Perhaps I can follow the math problem route, or do something really
unique. I remember one blog where it only asked you to enter a very
large number. :-)
More information about the Typo-list