I've just come to an discovery. Why i was deleting about 12/15 spamcomments on one of my older articles. i realized "wtf how did this happen anyway "
It seems captcha is NOT blocking spambots... I checked and as not logged on user i have to use captcha to comment on that article and yet the bot did too...
disturbing or am i using the wrong plugin?
I dont use other spam plugins as i dont want it to be overprotected and therefor scare people away (not that anyone ever posts on my site but thats another thing)
i tried posting without the captcha string this didnt work...
but how did the bot manage to bypass it?
captcha not stopping spambots
captcha not stopping spambots
My kingdom For i am king of my heap of trash
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: captcha not stopping spambots
Did you delete comments or TRACKBACKS? Because trackbacks cannot be checked with captchas.
Also, if a comment is marked as spam because of text/url/author name filtering, the captchas are not checked, because it is already marked as spam by a previous method.
Best regards,
Garvin
Also, if a comment is marked as spam because of text/url/author name filtering, the captchas are not checked, because it is already marked as spam by a previous method.
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
i dont think someone posts 15 exact the same post withing 10 seconds....
i mean 15 times interpreting the captcha and typing it can be done quick but not withing a timespan of 10 seconds.
And indeed it are comments and not trackbacks
i mean 15 times interpreting the captcha and typing it can be done quick but not withing a timespan of 10 seconds.
And indeed it are comments and not trackbacks
My kingdom For i am king of my heap of trash
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
So you mean the comments you deleted were not moderated? And they were made to entries where captchas are definitely enabled?
I have never heard from anyone that the s9y were broken, so I assume that it was another problem, or maybe your comments were trackbacks or they were moderated because of other reasons? Did you check a spamblocklog, if enabled?
Basically, s9y captchas could be broken; nowadays tools exist to break most existing captchas. Like phpBB and other systems are already cracked.
Best regards,
Garvin
I have never heard from anyone that the s9y were broken, so I assume that it was another problem, or maybe your comments were trackbacks or they were moderated because of other reasons? Did you check a spamblocklog, if enabled?
Basically, s9y captchas could be broken; nowadays tools exist to break most existing captchas. Like phpBB and other systems are already cracked.
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
the comments were placed in the moderation qeue.
captchas are enabled. i double checked that from 2 computers.
but what i wonder about is how the bot got past captcha
captchas are enabled. i double checked that from 2 computers.
but what i wonder about is how the bot got past captcha
My kingdom For i am king of my heap of trash
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Well, then everything is in order! See above, some other rule before captchas set a comment to moderation, so everything is alright!
They might have been blocked because if IP blocking or because of their authorname! Those come before the captcha is even checked.
Regards,Garvin
They might have been blocked because if IP blocking or because of their authorname! Those come before the captcha is even checked.
Regards,Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
ah, hmm that sounds logical...
is there a way to change that behaviour?
to filter the crap better i think captcha as very first could be usefull? or not.
is there a way to change that behaviour?
to filter the crap better i think captcha as very first could be usefull? or not.
My kingdom For i am king of my heap of trash
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
i have no idea, i dont log it at all
My kingdom For i am king of my heap of trash
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
Developing code on:
Workstation: Windows 2000 sp4, TSW webcoder 2005
Server: fedora core 4 amd64, apache 2.0.54, php 5.0.4, mysql 4.1.11.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
You can safely delete the spamblocklog table every now and then. It's just for logging purposes in case you want to wade through all your spam
Regards,
Garvin
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/