TOPIC: Spam getting through

Thanks Daniel, you are the champ!
I'm on it now...

I still wonder how your captcha is broken.

I believe you can only use the image once? there is an old trick, solve it once and post spam until session expiry...

Here is a simple explanation:
www.puremango.co.uk/2005/11/breaking_captcha_115/

For anybody having problems with Spam. I highly recommend the use of sh404SEF - it provides interfacing for anti-flood security and also supports Project Honey Pot blacklisting.

Project Honey Pot is a web based honeypot network which uses software embedded in web sites to collect information about IP addresses used when harvesting e-mail addresses for spam or other similar purposes such as bulk mailing and e-mail fraud. The project also solicits the donation of unused MX entries from domain owners
(...)
Project Honey Pot is an initiative aiming at protecting web sites from spam robots. It provides a database to check a visitor IP address against known robots. Using this database requires an access key (free) you will have to obtain from the project web site
(You must create an account before requesting your access key - this is free as well).

...In simple terms, it is a definition-based spam blocker (by known IP's). In the event a user is mistakingly detected as a SPAM ip address, they can still get into the site after clicking "Continue" on a robot-trapper form.

have same problem with china & russian spammers. this spammers list Banned on My cite:
<Removed huge list of illicit IP's - JonusC>
only BAN helping. Captcha - not working.

Thanks for sharing your blacklist IcZin, but those are most likely in Akismet and/or Project Honey Pot already.

I removed that list because you kind of put a big-red-target on this website by doing that and we don't want CompoJoom to be attacked

If you would like to share it please paste it in a text file and upload it instead

Howdy
I've just recently installed Joomlacomment 4.0 RC1. (e-zigarette-test.de) Although I have inserted an Akismet-key and activated Captcha, one spammer with a zillion easily detectable spam-urls is always getting through. IP-banning is a nice option, but somehow they must have found out, that getting a new IP isn't all that difficult

The IP''s in question are the following: 123.161.76.219 - 123.161.70.111 - 123.161.76.121

I now have activated honeypot in sh404 - so let's see if that helps...

4.1 will come with recaptcha. If that doesn't solve the f.... spam problem then I don't know...

Well, yes, of course - this will aid in making it harder to post a comment. But - as far as my very limited knowledge on the subject goes - those entries are done by human aided bots. The humans only solving the captcha - the bots doing the rest.

What imho would do the trick, is a scan of the comment for multiple links. In my case, the guy leaves 50+ links per comment, and actually I don't understand why Aksimet doesn't get it? Maybe even an option to allow so and so many links per comment. As my site still is very young, neither comments nor spam is a real problem, but when and if it gets busy...

Thanks for your great piece of software anyways

Human? I thought it is a bot that recognize the letters in the captcha?
Do you have some more information on the subject? Perhaps links to detailed information for those kind of bot attacks?

Yes, but at the moment only stored in my memory: bots access the sites and serve a human the captcha who finalizes the entry. The bot populates all the fields + a zillion spam-urls. The humans usually sit in countries like China where man power is really cheap and do nothing all day long but solving captchas for 70 bucks per month - eyes squared inclusive.

So addressing the access might not be even half of the necessary action - IP-blocking is pretty useless. For one, IP's change frequently, two: sometime a college, university, a whole region share an IP. A spammer or troll will not be deterred.

So what needs to be done additionally is to scan the content of the comment for formal criteria such as multiple urls. I can conceive of a user leaving 2 or 3 urls for reference (though unusual) but more than that?

So I repeat my question: why doesn't Akismet catch the culprit? With a Wordpress blog, it surely would sort out these comments...

some quick googling:
ha.ckers.org/blog/20080311/human-captcha-breaking/
www.freelancer.com/projects/by-tag/human-captcha-break.html

en.wikipedia.org/wiki/CAPTCHA

"Human solvers

CAPTCHA is vulnerable to a relay attack that uses humans to solve the puzzles. One approach involves relaying the puzzles to a group of human operators who can solve CAPTCHAs. In this scheme, a computer fills out a form and when it reaches a CAPTCHA, it gives the CAPTCHA to the human operator to solve.

Another variation of this technique involves copying the CAPTCHA images and using them as CAPTCHAs for a high-traffic site owned by the attacker. With enough traffic, the attacker can get a solution to the CAPTCHA puzzle in time to relay it back to the target site.[20] In October 2007, a piece of malware appeared in the wild which enticed users to solve CAPTCHAs in order to see progressively further into a series of striptease images.[21][22] A more recent view is that this is unlikely to work due to unavailability of high-traffic sites and competition by similar sites.[23]

These methods have been used by spammers to set up thousands of accounts on free email services such as Gmail and Yahoo!.[24] Since Gmail and Yahoo! are unlikely to be blacklisted by anti-spam systems, spam sent through these compromised accounts is less likely to be blocked."