August 08, 2007

The spam arms race

You might have noticed that there's been a recent increase in spam getting through. I was a little worried, but a scan of the logs seemed to indicate that these spams were just as random as all the squillions that didn't get through. Then I noticed: all of them had gotten the "future/past" question. And it turns out that those were judged correct if the correct answer appeared anywhere in the response—which "past" in particular did, since the bots tend to just enter one of their spammy posts into that field.

So there's a new version of BotBlock up, the first in two and a half years, that fixes that. Dunno if anyone else uses it, but it's still the best tool I've seen in the escalating arms race on spam (though I do know it's a little buggy and occasionally rejects correct answers... sorry about that. Just try again!).

"Computer science is no more about computers than astronomy is about telescopes." --Edsger W. Dijkstra

Posted by blahedo at 2:54pm on 8 Aug 2007
Comments
I've mentioned your work every time I have come across the discussion of CAPCHAs, and have been quite surprised at the lack of enthusiasm others have greeted it with. I've implemented the idea in (highly-non-portable) PHP twice to serve my own needs, and was impressed both times with the effectiveness of the method. This is an elegant approach that just hasn't tipped yet. Posted by Brian at 6:49am on 9 Aug 2007
Actually. there is some irony here: the recent upsurge in spam seems to be utilizing this very idea to defeat filters. Anecdotally, I've had a number of junk messages show up in my Gmail account lately, which usually remains pristine. It looks like somebody is using the idea: the spammers! Posted by Brian at 7:29am on 9 Aug 2007
Post a comment









Write this number out in numeral form: three hundred and sixty one
 [?]

Remember personal info?






Valid XHTML 1.0!