[support] Many false applications for accounts
MBR
mbr at arlsoft.com
Sat Apr 5 16:30:33 UTC 2014
It's been reported that the bad guys have set up CAPTCHA-breaking
networks that distribute the CAPTCHA to people in third-world countries
who get paid a small amount for each CAPTCHA they solve. It's looking
like CAPTCHA is no longer effective.
I had to solve this problem for a site that was getting hit by about 15
bogus account-registrations per hour, even though CAPTCHA was enabled.
The most effective approach I know of at present is to install a module
that does reverse-CAPTCHA - i.e. instead of asking the human to prove
he's human, it tricks the malware that's trying to pretend to be a human
into demonstrating behavior that proves it's just a dumb piece of
software. It does this by adding additional <input> tags to every <form>
and making them invisible with CSS. A human won't fill in these fields
because they won't be displayed. But software that's just parsing HTML
will find these fields and fill them in, thus allowing the code on your
server to distinguish between responses from humans and responses from
machines.
Among the modules that implement this approach are Honeypot, Botcha, and
Spamicide. I tried Botcha, but I ran into installation problems. I
didn't try Spamicide because it had a critical bug report claiming that
the installation erased the default/files directory. Honeypot installed
without problems and instantly cut the rate of bogus registrations
dramatically. It didn't cut it all the way to 0 as I'd hoped it would,
but the rate dropped from about 15/hr. to about 3/day.
Mark Rosenthal
mbr at arlsoft.com
On 4/5/14 8:51 AM, Walt Daniels wrote:
> I get them to, but it is not mollom's fault. They are actually
> registering and typing the captcha just like a legitimate user. In our
> case they even have to use a legitimate email as they cannot do
> anything more than an anonymous user until the verify their email. I
> don't see any pattern I could apply to the user names that would
> distinguish them from our valid users who have some pretty weird
> usernames. You could find or right a module that enforced using "real
> names", i.e. John Doe. But I even got some like that that turn out to
> be spammers.
>
>
> On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com
> <mailto:lromey at gmail.com>> wrote:
>
> I am having the same issue. Have you contacted Mollom? That's on
> my to-do list. I'm not sure of the value of the monthly fee if I
> still have to continually monitor my site and delete spam accounts
> manually.
>
>
> On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com
> <mailto:jamesrome at gmail.com>> wrote:
>
> I have Mollom installed, but yet a handful of account applications
> escape their captcha/analysis each day. The problem is that
> the only
> obviously wrong field is the username, which is not listed as
> a field in
> the Mollom configuration. I get names such as: qropspension_5362
>
> Is there any other way to get rid of these would-be spammers?
>
> --
> James A. Rome
>
> http://jamesrome.net
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/dfdd77ee/attachment.html
More information about the support
mailing list