Sunbeltblog comments
Assuming they've built that CMS themselves, it will work against spammers, unless someone finds the time to write a comment-spam-bot for that site only. Having said that, assuming that no spammer will be bothered to write something to attack your hand-written CMS, something much simpler would probably suffice. Like 'tick this box if your message isn't spam'.
Martijin... I don't know. It certainly seems ironic that in an article about preventing spam they use such a bad example of comment spam "captcha substitute". It took me less than 3 minutes to write a simple unix shell script that bypasses that thing.
This is particularly bad. I've seen similar implementations where the questions would rotate -- other than math problems, there would be questions like, "What month comes after June?" But of course this brings in several issues, including the need to know the English language to properly answer, and the fact that bots can be programmed with static answers, or just reload the page until they get a math problem. As someone said, in a custom CMS this might be OK, but in a commercial implementation it wouldn't be. Then again, Yahoo's graphical CAPTCHA has been broken recently (http://network-security-research.blogspot.com/), so who knows what works best.
I think I've seen something like that at bleepingcomputer.com's file database. I think that one also showed problems such as six multiplied by 9, which would probably be harder to bypass.
We went from 20-40 spam comments a day to about 1 a week since installing this same module.
When I looked at it, I thought it would be easy for the spam bots, but the proof is in the results. So for us, the system works...also all comments are moderated anyway, so it serves the purpose of alleviating the administration time.
Graphical capture modules can also be extremely difficult to get right if you're slightly colour blind like myself.
However, apparently you need to be cautious about placement of the question mark if using a math question, as we did receive a complaint about that.
[quote]
Math Question:
You need a space between the last digit and the ? mark.
If this is not done 4 + 3? = EITHER 3? or 4? depending on the value of ?. If the value of ? is 5 or less the answer is 3? if the value of ? is 6 or greater, the answer is 4?.
[/quote]
That's a real head scratcher....
@Chris: How do you get those 1-a-week comments? Do you suppose a small amount of bots are able to bypass your CAPTCHA or is it done manually? As an aside: I've started using Akismet (http://akismet.com/) on my blog and haven't received a single spam comment since. So, perhaps CAPTCHA isn't the way to go at all, or perhaps it should only by a piece of the solution.
I would say it's manual spam, the spam comments we do get don't share much in common when compared to the ones we were getting hit with previously. Because it seems manual too it makes it easier to just ban the IP addresses from making further posts.
Chris, sorry, the module IS easy for the "spam bots". The real reason why the didn't bother to bypass it is that nobody uses it apart from your site. Sorry if I sound cynical, but that's how it is.
As I said, it took me less than 3 mins to write a simple bash script to bypass it. In fact, it's so easy it can be done with one line of code.
check this one 
http://random.irb.hr/signup.php
now that i call math questions (refresh multiple times some are easy some are quite harder
No need to apologise TNT
It's a fairly standard Drupal module, so it's used by whoever has chosen to install.....there are plenty of other modules available for use as well.
I would agree that it's not a smart choice if your comments aren't moderated, as it will only take a single flood of spam to cause a lot of mess, but as all our comments must be approved first we have that as a fall back when the attack eventuates.
No, this is a bad captcha
http://www.cyberciti.biz/faq/bas...iple-line-code/
what is this?
sniff.visistat.com/tm.php?r=0.8224648053292185&
DID=13759&pw=1024&ph=25128&msx=206&msy=4214&
mspage=/
what are you doing?
where did you see that?
Commenting by HaloScan
