This is fascinating... I looked for captcha solving plugins for chrome
and holy shit are there many. However there are two types of services.
Manual solvers which automate captcha solving by letting third world
users do it and automated solutions using OCR.
Both seem not to match the logs you have.
The leading manual solution seems to be anti-captcha.com which say
their average resolving time is 8.2 seconds. But there's only one
second between the img.php request and the following post. Too fast
for an API roundtrip with a human at the other end of the world
involved.
For automated solutions there's solvecaptchas.com who list their
success rates and for our captcha it should be at 80% maximum. That
means there should be logs of posts that do not result in spam.
If both solutions are not possible it would point to some kind of flaw
in the captcha that is exploited by your spammer.
1. Your spammer always requests the image. Does he always request it
with the same secret? Or is it a new one each time?
It is new always. I couldn't find duplicate secrets in the log from the
spammer. But I think it is possible to use the same secret multiple times.
This is a misunderstanding. Accidentally I deleted the spam post from the
last log entries I sent. My fault. At the moment there are 2 small spam
posts visible at my page. If needed I can send the corresponding log
entries. The spam comes in in waves. Yesterday the attacks slows down a bit.
Some numbers from today until round about 9:30am:
528 "GET img.php" from 46.161.9.2
581 "GET img.php" from 46.*
672 "GET img.php" overall (includes me)
I'll try to not point out senseless suggestions :). But I still think the
issue is about the call of img.php. The spammer uses it by a way beside the
usage through a browser. The cookie is a good idea, but not enough at the
moment. Something else have to be checked before img.php runs.
I wondering if I'm the only one with this issue.