Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Spam Control isn't working

RaizeRaize ✭✭
edited March 2011 in Vanilla 2.0 - 2.8
I hate to say this, but I get spam through the recaptcha all the time on Vanilla 2. I didn't expect this, since recaptcha is such an industry standard, but maybe theres some sort of script being used?? There is even gibberish sentences in the descrption box of the application screen lol

Comments

  • UnderDogUnderDog MVP
    Is the spam coming from registered users or anonymous users?

    There was an error rendering this rich post.

  • tester13tester13
    First. reCaptcha had been solved recently using some software, so spam counts inreased 10x-20x on sites using it.
    Second. Use proprietary field named ala reg_name in registration form that will be specially fileld and hidden using JavaScript. And later check if it is filled with something else, with 99.9% it'll be bot.
  • vanillervaniller
    First. reCaptcha had been solved recently using some software
    Some more info and source of this news ??
  • tester13tester13
    http://www.allspammedup.com/2011/01/google-recaptcha-cracked/
  • dan39dan39 New
    edited March 2011
    There's a free plugin for WordPress (written by people who actually helped make WordPress) that fights spam in a very clever way:

    http://wordpress.org/extend/plugins/cookies-for-comments/

    The whole idea is that spam bots don't take cookies. So you need a cookie to comment. Perhaps Vanilla could do something similar (with a core or premium plugin) where you need to be able accept a unique cookie to register and and the same unique cookie to post a comment?
  • tester13tester13
    I have big doubts that spam bots do not accept cookies.
  • tester13tester13
    We need not some cheap methods, but complete system of spam prevention that'll consist of reCAPTCHA, Q&A option, hidden field, after this DNSBL and Stop Forum Spam databases check, and finally, bayes classifier upon each posing (that also takes into account number of messages and time from registration).
    Such system can reduct spam to almost zero. Without requiring from your ordinary users to do anything, all will work under the hood.
  • n4is3nn4is3n
    How about anti-bot questions? :-/
  • tester13tester13
    Q&A is exactly anti-bot questions :-)
  • dan39dan39 New
    edited March 2011
    I have big doubts that spam bots do not accept cookies.
    Uh, ok. Don't believe it. The plugin's author, Donncha, is only one of the leading WordPress developers — who works for Automattic (the creators of WordPress). And the other author, Automattic, is the company that controls WordPress and Akismet.

    The plugin allows you to choose set the cookie from a downloaded image file (recommended), or a CSS file — files which are often not downloaded by spam bots.

    Then you just add the following into your .htaccess:

    RewriteCond %{HTTP_COOKIE} !^.*UNIQUE-COOKIE-ID-GOES-HERE.*$ RewriteRule ^wp-comments-post.php - [F,L]

    and to prevent a bot from automatically signing up:

    RewriteCond %{HTTP_COOKIE} !^.*UNIQUE-COOKIE-ID-GOES-HERE.*$ RewriteRule ^wp-signup.php - [F,L]

    It makes the comment page and/or registration page invisible to bots that haven't downloaded the image and/or accepted the cookie. It also does a backup check by disabling submits that happen too quickly after a page loads (with an adjustable setting).

    But yeah, you're right. Let's do something much more complicated in the meantime.
  • morean51morean51
    There's a free plugin for WordPress (written by people who actually helped make WordPress) that fights spam in a very clever way:

    http://wordpress.org/extend/plugins/cookies-for-comments/

    The whole idea is that spam bots don't take cookies. So you need a cookie to comment. Perhaps Vanilla could do something similar (with a core or premium plugin) where you need to be able accept a unique cookie to register and and the same unique cookie to post a comment?
    thanks!!! for the info which helps to me
  • dan39dan39 New
    edited March 2011
    There's a free plugin for WordPress (written by people who actually helped make WordPress) that fights spam in a very clever way:

    http://wordpress.org/extend/plugins/cookies-for-comments/

    The whole idea is that spam bots don't take cookies. So you need a cookie to comment. Perhaps Vanilla could do something similar (with a core or premium plugin) where you need to be able accept a unique cookie to register and and the same unique cookie to post a comment?
    thanks!!! for the info which helps to me
    Uh oh. You're not a spambot coder are you? :(
  • vgv8vgv8 New
    edited March 2011
    Take a look at KeyCAPTCHA.
    It has never been passed by bot
    and even if it has,
    its pool or even type is easily changeable without plugin reinstall.

    Has a live demo at keycaptcha.com
Sign In or Register to comment.