I have two live sites hosted at Hostgator.com and one development site. All 3 are drupal7 sites and all webforms, forms of any kind are set up with Captcha 7.x-1.0-beta2; Image Captcha 7.x-1.0-beta2.
All 3 sites's domains are registered at GoDaddy, the 2 live sites have the name servers pointing to Hostgator. The dev site is under Hostgator's "domain" ie the numerical URL and "~/pia". The domain name is live and an old site is still up there.
One live site uses email addresses in a combination, some ending in ".net" which are processed through Godaddy; the ".com" processed by Hostgator.
The sites were previously hosted at GoDaddy and had no issues with spam. Since hosting with Hostgator there is an ongoing issue with Spam. Even though the forms are **all** have Captchas enabled, submittals of the form are happening and I am getting floods of spam telling me that gibberish so and so has applied for an account. Occasionally, I get a filled out actual form where the different fields are filled out with gibberish or URLs pointing, mostly, to pornographic sites.
How is this happening? I have been told that robots are not capable of deciphering an image but possibly math. That's why I have changed every single one to image captchas.
I have talked with Hostgator numerous times, but so far they have not been able to solve this. I have even been warned by them of all the spam!
URLs HeavenSentDesserts.com RandallHouseRareBooks.com
thanks,
Pia
On 29/05/13 01:59, Pia Oliver wrote:
How is this happening? I have been told that robots are not capable of deciphering an image but possibly math. That's why I have changed every single one to image captchas.
Capcha just requires OCR capabilities, if it's important enough someone will do it.
It also drives legitimate users away. I rarely fill in capchas.
My D-Link wireless router defends itself (from internal users, why? I ask) using a capcha. It's validated in javascript. I nearly returned it for a refund, but first tried making an HTA (on Windows) based on the login form ant that works fine. So I figure that some capcha might by bypassed by anyone who knows what data to post to a form. For example, maybe I can configure a webform on testserver.example.com (it exists, it's on my LAN) to post the login data to my bank. It's not a lot different from what anonymous proxy servers do.
A technique I have seen recommended, but have not tried for myself, is to create a field in each protected form that is invisible but a bot would complete. It wouldn't bypass humans paid to bypass your antispam measures though.
In my particular case, I have a site for people in my area. If you're not located in Australia, you cannot register. If you're registered, you can login.
https://drupal.org/project/spamicide
A technique I have seen recommended, but have not tried for myself, is to create a field in each protected form that is invisible but a bot would complete. It wouldn't bypass humans paid to bypass your antispam measures though.
On 8 June 2013 05:23, John Summerfield summer@js.id.au wrote:
On 29/05/13 01:59, Pia Oliver wrote:
How is this happening? I have been told that robots are not capable of deciphering an image but possibly math. That's why I have changed every single one to image captchas.
Capcha just requires OCR capabilities, if it's important enough someone will do it.
It also drives legitimate users away. I rarely fill in capchas.
My D-Link wireless router defends itself (from internal users, why? I ask) using a capcha. It's validated in javascript. I nearly returned it for a refund, but first tried making an HTA (on Windows) based on the login form ant that works fine. So I figure that some capcha might by bypassed by anyone who knows what data to post to a form. For example, maybe I can configure a webform on testserver.example.com (it exists, it's on my LAN) to post the login data to my bank. It's not a lot different from what anonymous proxy servers do.
A technique I have seen recommended, but have not tried for myself, is to create a field in each protected form that is invisible but a bot would complete. It wouldn't bypass humans paid to bypass your antispam measures though.
In my particular case, I have a site for people in my area. If you're not located in Australia, you cannot register. If you're registered, you can login.
-- [ Drupal support list | http://lists.drupal.org/ ]
Am 08.06.13 23:33, schrieb Mutuku Ndeti:
https://drupal.org/project/spamicide
A technique I have seen recommended, but have not tried for myself, is to create a field in each protected form that is invisible but a bot would complete. It wouldn't bypass humans paid to bypass your antispam measures though.
the honeypot module mentioned in other posts uses this method too, I guess thats part of its success
Servus Franz
-
Franz Iberl -
John Summerfield -
Mutuku Ndeti -
Pia Oliver