Static in the Ether » spam http://lair.moria.org/blog Unix, Information Security & Systems Administration Wed, 11 Nov 2009 09:14:29 +0000 en hourly 1 http://wordpress.org/?v=3.0 Implementing Captchas http://lair.moria.org/blog/archives/110 http://lair.moria.org/blog/archives/110#comments Sun, 24 Aug 2008 10:35:24 +0000 Barry Irwin http://lair.moria.org/blog/?p=110 With the comment spam continuing to pour in I caved in a and implemented captchas for comments.  While a solution using mathematical computation such as that offered by the match captcha plugin for wordpress, since the are only host defendant (rather than having to rely on some other 3rd-party service), this particular plugin was only certified to 2.3.1, and I could not get a working download.  I capitulated to the web 2.0 way and installed WP-recaptcha, which provides a nice wrapper around the recaptcha.net service.

Installation was simple, with registration required in order to obtain two APi keys for use with the service. What interesting about this solution is that rather than just mutating words, a two phrase system is sued. One of the phrases is a known word, and th eother is a word that is taken form a ocr scan of the NYT or Internet Archive, ans has not been correctly identified by the ocr software. Thus there is a bit of community mindedness involved as well, as these words are interpreted. More on the gory details can be found here.

What does interest me tho is that this will not offer any protection from ‘pingback’ spam whihc is being submitted via the xmlrpc interface, but should still at another layer to the security onion.

]]> http://lair.moria.org/blog/archives/110/feed 1 Wierdo comment spam http://lair.moria.org/blog/archives/82 http://lair.moria.org/blog/archives/82#comments Tue, 19 Aug 2008 12:03:16 +0000 Barry Irwin http://lair.moria.org/blog/?p=82 The last few weeks has seen a deluge of comment spam, which mostly is the run of the mill bot based stuff advertising ‘cheap hosting’ , porn and other such sites.  a couple tht cought my attention were simple posts of urls with the following sort of format:

  • http://www.google.com/search?q=rxbcrobh
  • http://www.google.com/search?q=frhlrxca
  • http://www.google.com/search?q=omihinga

Searching on google with these links, surprisingly turns up nothing. I was expecting to find lists of malware infected sites similar to the SQL injection attacks seen in the last few months. Does anyone have any insight into these ? Sources appear to be geographically dispersed, and scattered across a variety of blog entries, old and new?

]]> http://lair.moria.org/blog/archives/82/feed 0