[typo] AJAX comment spam

Kevin Ballard kevin at sb.org
Sun Mar 12 20:30:45 EST 2006


On Mar 12, 2006, at 4:50 PM, Trejkaz wrote:

>> You can get round CAPTCHAs too by re-serving the captcha images as
>> legitimate captchas on, say, your porn sites and feeding the punter's
>> response back to the spammed site. Even if you miss the timeout 9
>> times out of 10, there's always another punter.
>
> I'm not sure I follow you, but how does this allow a spammer to decode
> my CAPTCHA in order to successfully post a comment?

The spammer, who also runs a porn site, hits up your blog, sees your  
captcha, copies the image and re-serves it as the captcha for someone  
visiting his porn site. That unknowing person successfully deciphers  
the captcha, and the spammer takes the result and feeds it back to  
the blog.

-- 
Kevin Ballard
kevin at sb.org
http://kevin.sb.org
http://www.tildesoft.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2378 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/typo-list/attachments/20060312/cd4db1a9/attachment.bin 


More information about the Typo-list mailing list