[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?

[Sylvain Beucler]

Follow-up Comment #38, sr #106304 (project administration):

We just got a great deal of spam. One of the spammers 1) found he needed to
type "451" and 2) was greedy enough to spam a lot of items at once.

I just changed the question, let's see if this works.

At my day job, I recently implemented TextCHA-based solutions for MediaWiki
and MoinMoin. On most websites spam stopped (can't tell for those that
restricted anonymous edits though). However, one of them continued to receive
spam, but much less. AFAICS one spammer is sending a mass-posting from
multiple IP sources at once, and succeed depending on which TextCHA is asked.
Since the questions were asked in French, I assume that there's one
French-speaking human in the spammer's team that answered at least one of the
questions I had setup. It still spammed the website after I changed the 2
questions (though most of the posts were blocked). I just switched to an
unguessable question (i.e. a password), and the spam stopped, which means it's
not a flaw in the MoinMoin antispam.

One counter-measure that spammers might use would be to present the questions
to normal web users in exchange of porn material (this is not new, that also
worked for Captchas).

Multiplying the questions, and ask them at random, might help fighting
spammers, because they'll have a hard time listing all the possible TextCHA
questions (especially if not all of them are asked on any given day).


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?106304>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.gnu.org/