Has anyone else had problems with spammers getting around the captcha code that is featured below? I am now getting submissions to randomly generated URLs. I went into my log, and here's when it happened:
c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:57 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 13014 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4"
sd-11154.dedibox.fr - - [15/May/2008:22:23:36 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:44 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 8648 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:53 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 6011 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:00 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:12 -0700] "GET /cgi-bin/ HTTP/1.0" 403 - "-" "-"
It looks like they are using another computer to access the captcha image, and then this dedibox.fr machine to post the spam.
FWIW, I had this in my htaccess file:
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp
RewriteRule ^.*$ http://127.0.0.1/ [R,L]
SetEnvIfNoCase User-Agent "libwww-perl/" bad_bot
SetEnvIfNoCase User-Agent "lwp::simple/" bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot
However, this didn't seem to stop it. I found this article though that may be what's going on in this particular case:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9044779
Code:
c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:36 -0700] "GET /captcha/d680cf28a49cae6b51f5766f4e12ba18.png HTTP/1.0" 200 6521 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4" c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:57 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 13014 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4"
sd-11154.dedibox.fr - - [15/May/2008:22:23:36 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:44 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 8648 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:23:53 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 6011 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:00 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-"
sd-11154.dedibox.fr - - [15/May/2008:22:24:12 -0700] "GET /cgi-bin/ HTTP/1.0" 403 - "-" "-"
It looks like they are using another computer to access the captcha image, and then this dedibox.fr machine to post the spam.
FWIW, I had this in my htaccess file:
Code:
# prevent perl user agent RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp
RewriteRule ^.*$ http://127.0.0.1/ [R,L]
SetEnvIfNoCase User-Agent "libwww-perl/" bad_bot
SetEnvIfNoCase User-Agent "lwp::simple/" bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot
However, this didn't seem to stop it. I found this article though that may be what's going on in this particular case:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9044779
Spammers getting around captcha code?