[dokuwiki] Re: Anti spam brainstorming
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Fri, 10 Nov 2006 10:09:38 +0100
On Fri, 10 Nov 2006 08:09:02 +0100
"Manni from chongqed.org" <manni@xxxxxxxxxxxx> wrote:
> Something like "Please type these three letters:
> XYZ". You can make those three letters random, but today, even three
> hard-coded letters will work.
I doubt that, it may work for general spam scripts which target the
wordpress blogging system or all forms they can find, but I think that
the current spammer uses a very fine tuned script.
Let me explain: a few weeks ago I had a lot of spam in my blog comments
despite using a CAPTCHA. I was very disturbed because my blog hasn't
enough readers to be worth OCR. Then I discovered a problem in my
CAPTCHA mechanism: it was prone to replay attacks. The captcha string
is put encrypted in a hidden field and on saving I check if the
encrypted string matches the one the user entered.
The spammer obviously manually filled one captcha, then always sent the
same encrypted string and the same answer to spam all my blog entries.
There your hard coded letters would have failed in the same way.
But you're right about not needing an image for an CAPTCHA. We could
use a random string and an input field to copy the string to the field.
We could even add some JavaScript to do this automatically, assuming
spambots don't have JavaScript (of course if my idea of a FireFox spam
extension proves true this won't hold).
> On the wiki.chongqed.org, we use the spamhaus sbl-xbl. It works really
> well and catches quite a lot of spam.
badbehavior uses spamhaus as well. It didn't catch yesterdays spam.
> You might also want to experiment with you own primitive version of
> bad behavior. Have you checked whether your spammers are actually
> only using those input fields that really are there?
This is a real interesting question. I simply don't know because POST
data isn't logged anywhere. I guess we really need to learn more about
the spammers. I will add a logging mechanism to log POST data on page
saves in my Wiki. Let's see if we can learn something here.
> The good
> thing is that spammers aren't specifically targeting dokuwiki sites.
I hope you are right.
Andi
--
http://www.splitbrain.org
- Follow-Ups:
- [dokuwiki] Re: Anti spam brainstorming
- From: Oliver Schulze L.
- References:
- [dokuwiki] Anti spam brainstorming
- From: Andreas Gohr
- [dokuwiki] Re: Anti spam brainstorming
- From: Manni from chongqed.org
Other related posts:
- » [dokuwiki] Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- » [dokuwiki] Re: Anti spam brainstorming
- [dokuwiki] Re: Anti spam brainstorming
- From: Oliver Schulze L.
- [dokuwiki] Anti spam brainstorming
- From: Andreas Gohr
- [dokuwiki] Re: Anti spam brainstorming
- From: Manni from chongqed.org