[Imc-web-editor] Cracked Captchas?

Mike Lehman rebelmike at earthlink.net
Sat Dec 29 14:59:55 CST 2007 

David,
Thanks for the update. That should help. I'm glad it seems to be a 
settings problem, rather than the spammers getting the technology to 
defeat our technology.

Dan,
Let's see it we can figure out how to get us back to the alphabetical 
word version of captchas in the new Drupal, as this will likely give us 
better security. Also, the way things are set now, an anonymous user 
gets a notice at the top of the page as if they already have answered 
the math problem incorrectly, even though they'be just gone to an 
article to read it.

As for unused user accounts, here's what I propose. Anything that looks 
like it might be a legit user name has one week after registration to 
log in. Anything that looks like random crap can be deleted after 24 
hours if not used. If this is OK with everyone, then we should post text 
about this on the new user registration page so that any whining about 
it can be dealt with by referring the complainer to the policy noted 
there. This will eliminate the random carping about this, like we had 
from IP.
Mike Lehman

David Gehrig wrote:
> Did I say Josh? I meant Dan.
>
> On Dec 29, 2007 2:27 PM, David Gehrig <gehrigspamtrap at gmail.com> wrote:
>   
>> Here's what's up.
>>
>> I've just hidden over a dozen spams.
>>
>> Josh switched us to the newest version of Drupal, a week or so ago (if
>> I rememebr right; he told me this Wednesday) and apparently the way
>> the captcha stuff is set up changed inadvertently. So that's what the
>> difference has been.
>>
>> I don't seem to be able to get it back to the way we had it before
>> with the "type in this word" bit. Right now it's on the "do a simple
>> math" version instead, which should stop the flow.
>>
>> There's also been a flow of fake registration of users; if it's all
>> right with everyone, I'd like to purge the database of users who never
>> got around to replying to their user confirmation letter.
>>
>> I'll see what I can find out about getting the captchas to act like
>> they used to, but at least for now the spam should stop.
>>
>> @%<
>>
>>
>> On Dec 28, 2007 6:47 PM, Mike Lehman <rebelmike at earthlink.net> wrote:
>>     
>>> OK, things are getting thick and nasty. I just did a mass delete of spam
>>> comments that added to the long string already present and hidden at:
>>> http://www.ucimc.org/node/1034
>>>
>>> These were all posted within about 20 minutes or so. Either the captchas
>>> have been cracked or someone is spending a lot of time manually entering
>>> them.
>>> Mike Lehman
>>>
>>>
>>> Mike Lehman wrote:
>>>       
>>>> The recent increase in spam postings has occurred repeatedly, for the
>>>> most part, made as comments to a select few stories. Is it possible
>>>> that someone has cracked the captchas on these few articles?
>>>>
>>>> Or is someone just anal about repeatedly hitting on the same few stories?
>>>>
>>>> Fact is, several of them are among the controversial ones that were
>>>> hot news -- just before my house was set on fire. Is someone simply
>>>> trying to call attention to themselves by doing so? Call me paranoid,
>>>> but it is rather strange.
>>>> Mike
>>>> _______________________________________________
>>>> Imc-web-editor mailing list
>>>> Imc-web-editor at lists.chambana.net
>>>> http://lists.chambana.net/cgi-bin/listinfo/imc-web-editor
>>>>
>>>>         
>>> _______________________________________________
>>> Imc-web-editor mailing list
>>> Imc-web-editor at lists.chambana.net
>>> http://lists.chambana.net/cgi-bin/listinfo/imc-web-editor
>>>
>>>       
>
>

More information about the Imc-web-editor mailing list