[typo] AJAX comment spam

Daejuan Jacobs daejuan at gmail.com
Sun Mar 12 20:53:21 EST 2006


Getting the image doesn't do much without the session ID. You should
destory the session anyway.

On 3/12/06, Kevin Ballard <kevin at sb.org> wrote:
> On Mar 12, 2006, at 4:50 PM, Trejkaz wrote:
>
> >> You can get round CAPTCHAs too by re-serving the captcha images as
> >> legitimate captchas on, say, your porn sites and feeding the punter's
> >> response back to the spammed site. Even if you miss the timeout 9
> >> times out of 10, there's always another punter.
> >
> > I'm not sure I follow you, but how does this allow a spammer to decode
> > my CAPTCHA in order to successfully post a comment?
>
> The spammer, who also runs a porn site, hits up your blog, sees your
> captcha, copies the image and re-serves it as the captcha for someone
> visiting his porn site. That unknowing person successfully deciphers
> the captcha, and the spammer takes the result and feeds it back to
> the blog.
>
> --
> Kevin Ballard
> kevin at sb.org
> http://kevin.sb.org
> http://www.tildesoft.com
>
>
>
>
> _______________________________________________
> Typo-list mailing list
> Typo-list at rubyforge.org
> http://rubyforge.org/mailman/listinfo/typo-list
>
>
>


--
Man Wit Da Plan.
http://d-jacobs.com



More information about the Typo-list mailing list