In the past two days the site has suffered several attacks from spam bots. It seems like the bots discovered a way to solve the existing text in image captcha which we were using before. Upgrading to google’s reCAPTCHA ( https://www.google.com/recaptcha/intro/android.html ) kept them at bay.
Why not block the source ip?
It was impossible to block the bot’s ips since they were randomized and didn’t follow any noticeable pattern.
What if they solve reCAPTCHA?
ReCAPTCHA has been performing well at it’s purpose and there are few reports of it being bypassed.
Admin, you should do a thorough root cause analysis of the incident and put in place controls to prevent such attacks in the future and you should also enhance the security of this forum to protect the website and the villagers.
I have gotten this from the internet, hope it helps.
[I]- ensure they use GD (truetype) fonts
block the most common abused email domains used by the automated spammers (this is a bit older now) @5crafts.com@cashette.com .info .ru @web.de@gaweb.com@gawab.com
That will block most of the automated spammers.
The problem is spammers are starting out ‘outsource’ capcha recognition. They get the capcha… post it to some webpage… like a porn site… a human enters the result… its sent back to the bot… and the bot registers. There is also the manual way, but this is how they are defeating them large scale now. They also will use more common domains like yahoo.com now for email.
Hehe watume kakitu January imekuwa moto…on a serious note, hii website ikipata malware zianze kuaffect our phones and laptops inaweza kuwa a big problem so they should be very proactive with security issues.
Unfortunately the info you provided is valueless. @Deorro has a superior spam blocking technique that might or might not involve pressing a huge button labelled Spam Stopper. He was back in bed in five.