Gossamer Forum: Products: Links 2.0: Customization: Spammers getting around captcha code?

May 18, 2008, 6:47 PM

dawgtoons

Novice (18 posts)

May 18, 2008, 6:47 PM

Post #1 of 3

Shortcut

Spammers getting around captcha code?

Has anyone else had problems with spammers getting around the captcha code that is featured below? I am now getting submissions to randomly generated URLs. I went into my log, and here's when it happened:

Code:
c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:36 -0700] "GET /captcha/d680cf28a49cae6b51f5766f4e12ba18.png HTTP/1.0" 200 6521 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4" 
c-69-137-218-215.hsd1.mi.comcast.net - - [15/May/2008:22:05:57 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 13014 "http://www.collegeteamlinks.com/cgi-bin/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4" 
sd-11154.dedibox.fr - - [15/May/2008:22:23:36 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-" 
sd-11154.dedibox.fr - - [15/May/2008:22:23:44 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 8648 "-" "-" 
sd-11154.dedibox.fr - - [15/May/2008:22:23:53 -0700] "POST /cgi-bin/add.cgi HTTP/1.0" 200 6011 "-" "-" 
sd-11154.dedibox.fr - - [15/May/2008:22:24:00 -0700] "GET /cgi-bin/add.cgi HTTP/1.0" 200 9880 "-" "-" 
sd-11154.dedibox.fr - - [15/May/2008:22:24:12 -0700] "GET /cgi-bin/ HTTP/1.0" 403 - "-" "-"

It looks like they are using another computer to access the captcha image, and then this dedibox.fr machine to post the spam.

FWIW, I had this in my htaccess file:

Code:
# prevent perl user agent 
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^lwp 
RewriteRule ^.*$ http://127.0.0.1/ [R,L] 

SetEnvIfNoCase User-Agent "libwww-perl/" bad_bot 
SetEnvIfNoCase User-Agent "lwp::simple/" bad_bot 
Order Allow,Deny 
Allow from all 
Deny from env=bad_bot

However, this didn't seem to stop it. I found this article though that may be what's going on in this particular case:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9044779

May 18, 2008, 11:13 PM

Andy

Veteran / Moderator (18441 posts)

May 18, 2008, 11:13 PM

Post #2 of 3

Shortcut

Re: [dawgtoons] Spammers getting around captcha code? In reply to

Hi,

How are the images shown? Are the obscured (i.e lines through it, and not all on just one line, but scattered instead)

If they all just show up on one line - then its entirly possible someones written something that gets around it - but TBH, I really don't think someone would go to that much effort. Its a *lot* of work, and their listings are only going to be deleted anyway in most cases Wink

Cheers

Andy (mod)
andy@ultranerds.co.uk

May 19, 2008, 8:05 AM

dawgtoons

Novice (18 posts)

May 19, 2008, 8:05 AM

Post #3 of 3

Shortcut

Re: [Andy] Spammers getting around captcha code? In reply to

I'm using the script mentioned in this thread.

Here's my add.cgi page (which I suppose I can change the name of add.cgi as well):

http://www.collegeteamlinks.com/cgi-bin/add.cgi

Here's an example of what's getting through. As you can see, it's gibberish, which puzzles me why they would take the time to spam:

Code:

The following link is awaiting validation:

Title: GLZzwpPKE
URL: http://swoxfftbwapn.com/
Category: <input type=hidden name="Category" value="Western_Athletic_Conference/New_Mexico_State">Western_Athletic_Conference/New_Mexico_State
Description: qAnzIK <a href="http://hxtswcpmottm.com/">hxtswcpmottm</a>, [url=http://omsmzlemzopi.com/]omsmzlemzopi[/url], [link=http://puxjidtkqbym.com/]puxjidtkqbym[/link], http://jtyhtugzwegi.com/
Contact Name: pmmgkhyvjzx
Contact Email: guetnf@llcuwu.com

Remote Host: sd-11154.dedibox.fr
Referer: