[support] Many false applications for accounts

Philip_Wetzel at nhd.uscourts.gov Philip_Wetzel at nhd.uscourts.gov
Mon Apr 7 11:28:40 UTC 2014 

The CAPTCHA code has been broken a number of times and they've
re-engineered it.    If it's not currently effective, they'll probably come
up
with a fix.  The game goes on.



From:	MBR <mbr at arlsoft.com>
To:	support at drupal.org, wdlists at gmail.com,
Date:	04/05/2014 12:31 PM
Subject:	Re: [support] Many false applications for accounts
Sent by:	support-bounces at drupal.org



It's been reported that the bad guys have set up CAPTCHA-breaking networks
that distribute the CAPTCHA to people in third-world countries who get paid
a small amount for each CAPTCHA they solve. It's looking like CAPTCHA is no
longer effective.

I had to solve this problem for a site that was getting hit by about 15
bogus account-registrations per hour, even though CAPTCHA was enabled. The
most effective approach I know of at present is to install a module that
does reverse-CAPTCHA - i.e. instead of asking the human to prove he's
human, it tricks the malware that's trying to pretend to be a human into
demonstrating behavior that proves it's just a dumb piece of software. It
does this by adding additional <input> tags to every <form> and making them
invisible with CSS.  A human won't fill in these fields because they won't
be displayed. But software that's just parsing HTML will find these fields
and fill them in, thus allowing the code on your server to distinguish
between responses from humans and responses from machines.

Among the modules that implement this approach are Honeypot, Botcha, and
Spamicide. I tried Botcha, but I ran into installation problems.  I didn't
try Spamicide because it had a critical bug report claiming that the
installation erased the default/files directory.  Honeypot installed
without problems and instantly cut the rate of bogus registrations
dramatically.  It didn't cut it all the way to 0 as I'd hoped it would, but
the rate dropped from about 15/hr. to about 3/day.
      Mark Rosenthal
      mbr at arlsoft.com
On 4/5/14 8:51 AM, Walt Daniels wrote:
      I get them to, but it is not mollom's fault. They are actually
      registering and typing the captcha just like a legitimate user. In
      our case they even have to use a legitimate email as they cannot do
      anything more than an anonymous user until the verify their email. I
      don't see any pattern I could apply to the user names that would
      distinguish them from our valid users who have some pretty weird
      usernames. You could find or right a module that enforced using "real
      names", i.e. John Doe. But I even got some like that that turn out to
      be spammers.


      On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com> wrote:
        I am having the same issue. Have you contacted Mollom? That's on my
        to-do list. I'm not sure of the value of the monthly fee if I still
        have to continually monitor my site and delete spam accounts
        manually.


        On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com>
        wrote:
         I have Mollom installed, but yet a handful of account applications
         escape their captcha/analysis each day. The problem is that the
         only
         obviously wrong field is the username, which is not listed as a
         field in
         the Mollom configuration. I get names such as: qropspension_5362

         Is there any other way to get rid of these would-be spammers?

         --
         James A. Rome

         http://jamesrome.net

         --
         [ Drupal support list | http://lists.drupal.org/ ]


        --
        [ Drupal support list | http://lists.drupal.org/ ]



--
[ Drupal support list | http://lists.drupal.org/ ]

More information about the support mailing list