[typo] AJAX comment spam

Trejkaz trejkaz at trypticon.org
Sun Mar 12 19:50:33 EST 2006


Piers Cawley wrote:
>> The only other thing we can do is raise the bar some more,
>> e.g. require OpenID authentication for all comments.  But things
>> like that, a spammer can always work around.  Unfortunately, I
>> really, really, really hate CAPTCHA setups, but that's starting to
>> look like the only way to stop it.
> 
> You can get round CAPTCHAs too by re-serving the captcha images as
> legitimate captchas on, say, your porn sites and feeding the punter's
> response back to the spammed site. Even if you miss the timeout 9
> times out of 10, there's always another punter.

I'm not sure I follow you, but how does this allow a spammer to decode 
my CAPTCHA in order to successfully post a comment?

Ultimately it would surely come down to text recognition, and if the 
CAPTCHA is good enough (or if it's not even text, or does something 
really unique) then that would make it much harder for a bot to get a 
comment through.

Though of course, if they submit enough, then it comes down to 
statistics, and eventually something will get through.  But perhaps by 
then, their IP has been auto-blacklisted.

I still don't like CAPTCHAs though... at least not image-based ones. 
Perhaps I can follow the math problem route, or do something really 
unique.  I remember one blog where it only asked you to enter a very 
large number. :-)

TX



More information about the Typo-list mailing list