Spamflood even with captcha... (Bugs)

by Freddy ⌂ @, Germany, Wednesday, May 28, 2008, 10:43 (5806 days ago)

Hi everybody,

my mlf is getting into spam-trouble since last night. We have an open / anonymous forum. From time to time, spambots were crawling around, but never left mopre than 5 - 20 entries. Last night, that changed and we recieve now spam every 3-5 minutes! I just tried to block those nasty bots with captcha - the matchematical one wasn't enough and even the image-captcha seems not to work. Are spiders/bots smarter, than captcha can assume? Is there a bug, a mlf-wormhole, through which spambots can enter the matrix?

If anybody can help us out of trouble, we'd be very thankful!

Freddy

locked
9535 views
Avatar

Spamflood (v1.7 / captcha)

by Alfie ⌂, Vienna, Austria, Wednesday, May 28, 2008, 14:01 (5806 days ago) @ Freddy

Hi Freddy!

Since you are from Germany, questions concerning the 1.x-branch please to the German 1.x forum.

Graph CAPTCHAS are no more safe anyhow - in most of the cases (see the freeware pwntcha for examples and crack rates).
The one you are using is pretty easy to crack, because the bold sans serif font you are using sticks out from the background.
Actually you have some options in v1.7: increase the strenght of the captcha - use a serif font, rather a sans serif font - and try to create another background image which merges with the font.

The list of not accepted words may also help...

If you have access to the server-log, you may try to track down the spammer's IP and put him/her on the banlist. Hopefully he/she has a static IP - otherwise your odds are bad...
On the other hand if the the entries have the same origin - let's say throughout a couple of days - you may opt for rougher methods. You can deny access to the site based on the IP in your .htaccess-file. Just send the guy a HTTP-403 status code. Example (.htaccess):

# Block spammer-IPs
deny from xxx.xxx.xxx.xxx
ErrorDocument 403 /path/403_forbidden.html

If you want to block more than one IP, just add another line.
'/path' must lead from the document root to the directory containing the error-file '403_forbidden.html'. The error document must exist - otherwise a HTTP-404 (not found) is produced.
This method has the advantage that the forum is not involved at all - it simply blocks your site form any access. Testing is a little bit tricky - if you have a static IP yourself. :-D

If this does not help, most likely you would have to wait for the final 2 version of mlf. Though the CAPTCHA/IP bans/not accepted words are essentially the same - there's additional spam protection by Bad-Behavior and Akismet. Here we had some spam in the beginning, but right now we have about one entry/month with only the math-captcha active.

--
Cheers,
Alfie (Helmut Schütz)
BEBA-Forum (v1.8β)

locked
9756 views

Spamflood (v1.7 / captcha)

by Freddy, Wednesday, May 28, 2008, 15:47 (5806 days ago) @ Alfie

Thanks, Helmut.

I banned the IP and the flood stopped. Maybe the bot used a continuing session, which was still open. Since I don't like the image-captcha at all (making it less readable, the pic will drive human users crazy ;o) ), i'll return now to mathematical captcha.

As I've seen, V2 comes up with akismet & bad behaviour - akismet is a usefull thingie I had to notice, bad behaviour is new to me. We'll see.

Thanks once again for your feedback.

Freddy

locked
8802 views
Avatar

Spamflood (v1.7 / captcha)

by Alfie ⌂, Vienna, Austria, Wednesday, May 28, 2008, 20:37 (5806 days ago) @ Freddy

Hi Freddy!

Thanks, Helmut.

Welcome!

I banned the IP and the flood stopped. Maybe the bot used a continuing session, which was still open.

Strange; must have been a very dumb silicon-based life-form.

Since I don't like the image-captcha at all (making it less readable, the pic will drive human users crazy, i'll return now to mathematical captcha.

Yes, the image captcha is really debatable - at least from the standpoint of accessability. For me the math-captcha went very smoothly since 1.7.1.

--
Cheers,
Alfie (Helmut Schütz)
BEBA-Forum (v1.8β)

locked
8891 views

Spamflood (v1.7 / captcha)

by Nico Hoffmann @, Tuesday, June 03, 2008, 23:01 (5800 days ago) @ Alfie

If you have access to the server-log, you may try to track down the spammer's IP and put him/her on the banlist. Hopefully he/she has a static IP - otherwise your odds are bad...
On the other hand if the the entries have the same origin - let's say throughout a couple of days - you may opt for rougher methods. You can deny access to the site based on the IP in your .htaccess-file. Just send the guy a HTTP-403 status code. Example (.htaccess):

# Block spammer-IPs
deny from xxx.xxx.xxx.xxx
ErrorDocument 403 /path/403_forbidden.html

If you want to block more than one IP, just add another line.

works only, if the spammer is using always the same IP, isn't it?

'my' spammer is apparently testing whole IP ranges for open web proxies.
If an entry to my forum is possible, a working open web proxy is found -
that seems the strategy.
I.e., I got every spam from a different IP, and even from completely different
IP ranges. Bad :-(

If this does not help, most likely you would have to wait for the final 2 version of mlf. Though the CAPTCHA/IP bans/not accepted words are essentially the same - there's additional spam protection by Bad-Behavior and Akismet. Here we had some spam in the beginning, but right now we have about one entry/month with only the math-captcha active.

Sounds good. I activated also math captchas, so i will see...

regards,

N.

locked
8647 views
Avatar

Spamflood (v1.7 / captcha)

by Alfie ⌂, Vienna, Austria, Wednesday, June 04, 2008, 12:24 (5799 days ago) @ Nico Hoffmann

[...] track down the spammer's IP and put him/her on the banlist. Hopefully he/she has a static IP - otherwise your odds are bad...

works only, if the spammer is using always the same IP, isn't it?

Sure; what did I say? :-D

--
Cheers,
Alfie (Helmut Schütz)
BEBA-Forum (v1.8β)

locked
8860 views

RSS Feed of thread