[typo] AJAX comment spam

Trejkaz trejkaz at trypticon.org
Sun Mar 12 21:05:44 EST 2006

Daejuan Jacobs wrote:
>> The spammer, who also runs a porn site, hits up your blog, sees your
>> captcha, copies the image and re-serves it as the captcha for someone
>> visiting his porn site. That unknowing person successfully deciphers
>> the captcha, and the spammer takes the result and feeds it back to
>> the blog.
> Getting the image doesn't do much without the session ID. You should
> destory the session anyway.

I see.  This is like using Google Answers, Yahoo Answers, or any given 
clone thereof.  All the bot has to do is make a call-out to some 
abstract service which answers the question, and that service just 
uploads the image to practically anywhere they can find someone to 
decipher it.

A porn site could host the same service, but of course, this assumes the 
porn site has enough traffic for there to be a user online who would be 
willing to do this for free.  As soon as you start paying someone money, 
then it costs to spam, and that's probably against most spammers' ethics.

It would work though, assuming such a bored user exists.  And I mean, 
any user with more than 10,000 kills on The Kill Everyone Project 
probably fits into this category.  Gives me a neat idea for a new web 
site which does nothing but feed the users images to decode.  Of course, 
I wouldn't do it for cracking other CAPTCHAs, purely to see just how 
bored users get.  ;-)


More information about the Typo-list mailing list