<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">One thing I have done is a simple
module to capture all the $_POST and $_SERVER variables, along
with the new $user object and log them on a user registration
submit. Just did it to a simple text file located in a directory
that isn't in the web root. That gives a lot of good information
to look through and determine certain signatures of spammers. One
of the big ones is the presence of Firefox 24, 17 or 8. Those are
Firefox versions that Tor is built on, and spammers seem to love
Tor. <br>
<br>
It seems tedious, but actually it's kind of fun, making you feel
like you're playing detective. <br>
<br>
<pre class="moz-signature" cols="72">Jamie Holly
<a class="moz-txt-link-freetext" href="http://hollyit.net">http://hollyit.net</a></pre>
On 4/5/2014 12:30 PM, MBR wrote:<br>
</div>
<blockquote cite="mid:53402FA9.2090008@arlsoft.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<font face="Times New Roman, Times, serif">It's been reported that
the bad guys have set up CAPTCHA-breaking networks that
distribute the CAPTCHA to people in third-world countries who
get paid a small amount for each CAPTCHA they solve. It's
looking like CAPTCHA is no longer effective.<br>
<br>
I had to solve this problem for a site that was getting hit by
about 15 bogus account-registrations per hour, even though
CAPTCHA was enabled. The most effective approach I know of at
present is to install a module that does reverse-CAPTCHA - i.e.
instead of asking the human to prove he's human, it tricks the
malware that's trying to pretend to be a human into
demonstrating behavior that proves it's just a dumb piece of
software. It does this by adding additional <input> tags
to every <form> and making them invisible with CSS. A
human won't fill in these fields because they won't be
displayed. But software that's just parsing HTML will find these
fields and fill them in, thus allowing the code on your server
to distinguish between responses from humans and responses from
machines.<br>
<br>
Among the modules that implement this approach are Honeypot,
Botcha, and Spamicide. I tried Botcha, but I ran into
installation problems. I didn't try Spamicide because it had a
critical bug report claiming that the installation erased the
default/files directory. Honeypot installed without problems
and instantly cut the rate of bogus registrations dramatically.
It didn't cut it all the way to 0 as I'd hoped it would, but the
rate dropped from about 15/hr. to about 3/day.<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">Mark
Rosenthal</font><br>
<font face="Times New Roman, Times, serif"><a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:mbr@arlsoft.com">mbr@arlsoft.com</a></font><font
face="Times New Roman, Times, serif"> </font><br>
</blockquote>
<div class="moz-cite-prefix">On 4/5/14 8:51 AM, Walt Daniels
wrote:<br>
</div>
<blockquote
cite="mid:CALZ-9dX5ANepeMJ=ND_hoEK4dYfrAm13awv7G6M_RaXO0xFSqw@mail.gmail.com"
type="cite">
<div dir="ltr">I get them to, but it is not mollom's fault. They
are actually registering and typing the captcha just like a
legitimate user. In our case they even have to use a
legitimate email as they cannot do anything more than an
anonymous user until the verify their email. I don't see any
pattern I could apply to the user names that would distinguish
them from our valid users who have some pretty weird
usernames. You could find or right a module that enforced
using "real names", i.e. John Doe. But I even got some like
that that turn out to be spammers.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Apr 5, 2014 at 8:13 AM, Linda
Romey <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:lromey@gmail.com" target="_blank">lromey@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I am having the same issue. Have you
contacted Mollom? That's on my to-do list. I'm not sure
of the value of the monthly fee if I still have to
continually monitor my site and delete spam accounts
manually.</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Apr 5, 2014 at 8:09
AM, James Rome <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jamesrome@gmail.com"
target="_blank">jamesrome@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"> I have Mollom
installed, but yet a handful of account
applications<br>
escape their captcha/analysis each day. The
problem is that the only<br>
obviously wrong field is the username, which is
not listed as a field in<br>
the Mollom configuration. I get names such as:
qropspension_5362<br>
<br>
Is there any other way to get rid of these
would-be spammers?<br>
<span><font color="#888888"><br>
--<br>
James A. Rome<br>
<br>
<a moz-do-not-send="true"
href="http://jamesrome.net"
target="_blank">http://jamesrome.net</a><br>
<br>
--<br>
[ Drupal support list | <a
moz-do-not-send="true"
href="http://lists.drupal.org/"
target="_blank">http://lists.drupal.org/</a>
]<br>
</font></span></blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
--<br>
[ Drupal support list | <a moz-do-not-send="true"
href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a>
]<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>