Welcome to WebmasterWorld Guest from 50.16.112.199

Forum Moderators: rogerd

Captcha monkeys thwarted, finally!

My best anti-forum spam measure yet

   
6:17 am on Mar 29, 2007 (gmt 0)

10+ Year Member



Exactly a year ago I implemented a captcha test on my forum sites. Comment spam plummeted with the exception of one type that I attribute to boiler-room captcha monkeys.. people who are presented with pre-filled forum post form after pre-filled forum post form with their sole job being to type in the captcha and click the Post button (no, I don't think my captchas are being programatically hacked).

So the monkeys were succeeding in posting 5-10 link filled comment spams -- despite my site adding rel=nofollow into every anchor tag for longer than my captcha test has been in effect -- per day. Many were objectionable porn-related sites and link keywords.

My latest countermeasure: Link URL blocking. I wrote a function that pulls the link domain name from a selected post (via my admin screens) and then saves them to a table. Any subsequent post that contains that domain name is simply ignored. So far it has been amazingly effective!

2:32 pm on Mar 29, 2007 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Sounds great, nathanso. Perhaps you should publish it as a hack for your forum software.
7:51 pm on Mar 29, 2007 (gmt 0)

10+ Year Member



rogerd, I don't sell forum software; I was simply trying to share a technique.
10:27 pm on Mar 29, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



nathanso - I think that's what rogerd meant. The function you wrote is probably specifically geared toward the forum program you use. Most types of software have user forums where you can post [publish] techniques like that for others to use. (Unless maybe you made your forum from scratch.)
1:32 am on Mar 30, 2007 (gmt 0)

10+ Year Member



Beagle, Yup.. I made mine from scratch in IIS/ASP. Been running 10yrs now. Not the flashiest forums on the Web but they have a certain charm that my members seem to appreciate.
5:35 pm on Apr 1, 2007 (gmt 0)

10+ Year Member



I don't think my captchas are being programatically hacked

Don't be so sure about that. Most captcha monkeys are "script" monkeys.

OCR reading is getting better, vbulletin AND phpbb captcha is routinely defeated with scripts out of the box...

Now, adding a humanizer question to the log in process (lots of hacks for boards do this) like: The sky is ____ (type the word blue)

The questions are easy and RANDOM. There is no scripting defeat for this so far.

I implemented the above when spammers were starting to filter through my captcha and it ended it stone cold dead.

I used to think like you, that these few that got through were manual entries, but they are not.

Spammers are inhertantly lazy. They will not lift a finger if a script will do the job. Your site to much hassle to script? They just forget you and move on. Their concern is to target and succeed with getting into the MAJORITY of the boards.

Blocking URLs is also a very good idea, congrats. The safest board from spammers are the boards that use multiple security measures. Combining captcha, humanizing questions and your URL hack will likely make your board spam free for many many years.

11:37 pm on Apr 13, 2007 (gmt 0)

10+ Year Member



MThiessen, Thanks very much for sharing your experience! I'll make some changes to my sites along those lines.
8:13 pm on Apr 14, 2007 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



how do you do a human-edited question in a php board? Do I have to actually hack the code that runs the board, or is there a nice plug-in somewhere?
10:13 pm on Apr 17, 2007 (gmt 0)

10+ Year Member



For phpBB search phpBB.com for "VIP Mod". This mod allows you to ask an additonal question on registration (the answer to which can be anywhere on your site). It took me about 10 mins to install and has eliminated all spam on my board.

Pete

[edited by: PeteM at 10:14 pm (utc) on April 17, 2007]

2:41 pm on Apr 19, 2007 (gmt 0)

10+ Year Member



For phpBB search phpBB.com for "VIP Mod". This mod allows you to ask an additonal question on registration (the answer to which can be anywhere on your site). It took me about 10 mins to install and has eliminated all spam on my board.

There is also one for phpbb called "The Humanizer" and there is a free one too for Vbulletin called "Nospam!" they both do it.

4:47 pm on Apr 19, 2007 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



brilliant! Thanks for this info, people.
8:42 am on May 1, 2007 (gmt 0)

10+ Year Member



I installed "The Humanizer" about a week ago, the amount of spam I got went up three-fold. It actually seemed to attract them! And they type of spam was far more sophisticated too... if my forum wasn't so new and with so few post, it would be far harder to spot.

Instead of user names like "dg749937" there are usernames like "Kathy_Sullivan".
Instead of Titles like "Buy Cheap Pills Here!", Titles like, "Hello www.my-forum-name.com, I'm new here!"

Mesage body would read something like:

"Hello, My name is Kathy and I'm a stay at home mum. I'm so glad I found www.my-forum-name.com and have had a lot of fun reading all the posts."

Individual letters within the post body link to about a dozen spam sites.

No doubt about it, spam is getting smarter.

2:55 pm on May 1, 2007 (gmt 0)

10+ Year Member



"I installed "The Humanizer" "

Trick is use it WITH captcha, not instead of. I find it hard to believe that adding yet another road block for them "increases" their activity, it defies logic and common sense. It may be that you recently got a tremendous surge in traffic and this is just a coincidence.

2:56 pm on May 1, 2007 (gmt 0)

10+ Year Member



one more thing, DO NOT use the humanizer questions stock out of the box, think up your own.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month