[thelist] tracking spammers
Bob Meetin
bobm at dottedi.biz
Sun Jul 10 07:57:17 CDT 2011
On 07/09/2011 11:58 AM, Simon MacDonald wrote:
> Hi Bob,
>
> Thats good feedback re the URL - I've had some minor spamming - I'll try the url route too
> Regards
>
> Simon
Just a little more regarding the hidden fields, etc.
IP: 178.73.17.204 (IP changes often)
Name: Diubbituams
Email: (the email changes regularly)
Username: Diubbituams (seems random but matches name)
Password: (thus far, always 10 random characters)
Joomla Option: com_ajaxregistration
Admin_only: (visible field, not getting filled in)
URL: http://www.whatever.pl
Website: http://www.whatever.pl
Link: http://www.whatever.pl
Whatever: (another hidden field, just wanted to see if the bot is addressing specific field names or all - this is 'not' getting filled in; there are probably one or two others we could add to the list)
Time 1: 01:44:05 (initial load of form)
Time 2: 01:44:07 (form processed; the first few times I was seeing 10-14 seconds, now commonly 2 seconds)
Summary: The always 10 randomly generated password string as well as speed of passing captcha makes me think it's bot-oid as opposed to humanoid, but the fact that it is clever enough to get through drag/drop captcha makes me think otherwise. I can switch to recaptcha and see what happens. Do we care?
Adding a probably changing URL to a deny list certainly means that you are potentially blocking a future real member, but doing some basic math with percentages would suggest that the probability of winning a lottery is higher, IMHO.
-Bob
More information about the thelist
mailing list