Gossamer Forum
Home : Products : Links 2.0 : Customization :

Spammers getting around captcha code?

Quote Reply
Spammers getting around captcha code?
Has anyone else had problems with spammers getting around the captcha code that is featured below? I am now getting submissions to randomly generated URLs. I went into my log, and here's when it happened:

c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:36 -0700] "GET /captcha/d680cf28a49cae6b51f5766f4e12ba18.png HTTP/1.0" 200 6521 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4"
c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:57 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 13014 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4"
sd-11154.dedibox.fr - - [15/May/2008:22:23:36 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:44 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 8648 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:53 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 6011 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:00 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:12 -0700] "GET /cgi-bin/ HTTP/1.0" 403 - "-" "-"

It looks like they are using another computer to access the captcha image, and then this dedibox.fr machine to post the spam.

FWIW, I had this in my htaccess file:

# prevent perl user agent
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp
RewriteRule ^.*$ [R,L]

SetEnvIfNoCase User-Agent "libwww-perl/" bad_bot
SetEnvIfNoCase User-Agent "lwp::simple/" bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot

However, this didn't seem to stop it. I found this article though that may be what's going on in this particular case:

Quote Reply
Re: [dawgtoons] Spammers getting around captcha code? In reply to

How are the images shown? Are the obscured (i.e lines through it, and not all on just one line, but scattered instead)

If they all just show up on one line - then its entirly possible someones written something that gets around it - but TBH, I really don't think someone would go to that much effort. Its a *lot* of work, and their listings are only going to be deleted anyway in most cases Wink


Andy (mod)
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Quote Reply
Re: [Andy] Spammers getting around captcha code? In reply to
I'm using the script mentioned in this thread.

Here's my add.cgi page (which I suppose I can change the name of add.cgi as well):


Here's an example of what's getting through. As you can see, it's gibberish, which puzzles me why they would take the time to spam:
The following link is awaiting validation:

Title: GLZzwpPKE
URL: http://swoxfftbwapn.com/
Category: <input type=hidden name="Category" value="Western_Athletic_Conference/New_Mexico_State">Western_Athletic_Conference/New_Mexico_State
Description: qAnzIK <a href="http://hxtswcpmottm.com/">hxtswcpmottm</a>, [url=http://omsmzlemzopi.com/]omsmzlemzopi[/url], [link=http://puxjidtkqbym.com/]puxjidtkqbym[/link], http://jtyhtugzwegi.com/
Contact Name: pmmgkhyvjzx
Contact Email: guetnf@llcuwu.com

Remote Host: sd-11154.dedibox.fr