Serendipity Forums

I've just come to an discovery. Why i was deleting about 12/15 spamcomments on one of my older articles. i realized "wtf how did this happen anyway "

It seems captcha is NOT blocking spambots... I checked and as not logged on user i have to use captcha to comment on that article and yet the bot did too...

disturbing or am i using the wrong plugin?
I dont use other spam plugins as i dont want it to be overprotected and therefor scare people away (not that anyone ever posts on my site but thats another thing)

i tried posting without the captcha string this didnt work...
but how did the bot manage to bypass it?

Did you delete comments or TRACKBACKS? Because trackbacks cannot be checked with captchas.

Also, if a comment is marked as spam because of text/url/author name filtering, the captchas are not checked, because it is already marked as spam by a previous method.

Best regards,
Garvin

i dont think someone posts 15 exact the same post withing 10 seconds....
i mean 15 times interpreting the captcha and typing it can be done quick but not withing a timespan of 10 seconds.

And indeed it are comments and not trackbacks

So you mean the comments you deleted were not moderated? And they were made to entries where captchas are definitely enabled?

I have never heard from anyone that the s9y were broken, so I assume that it was another problem, or maybe your comments were trackbacks or they were moderated because of other reasons? Did you check a spamblocklog, if enabled?

Basically, s9y captchas could be broken; nowadays tools exist to break most existing captchas. Like phpBB and other systems are already cracked.

Best regards,
Garvin

the comments were placed in the moderation qeue.

captchas are enabled. i double checked that from 2 computers.

but what i wonder about is how the bot got past captcha

Well, then everything is in order! See above, some other rule before captchas set a comment to moderation, so everything is alright!

They might have been blocked because if IP blocking or because of their authorname! Those come before the captcha is even checked.

Regards,Garvin

ah, hmm that sounds logical...

is there a way to change that behaviour?
to filter the crap better i think captcha as very first could be usefull? or not.

Just curious... I was looking around in phpmyadmin and was cleaning out a bunch of old comment spam and see that the spamblocklog in my db is 5.5 mb. Is that common? That is the largest table in my db with exits next at 1.1 mb. All others look reasonable. Would it hurt to just dump those tables?

i have no idea, i dont log it at all

You can safely delete the spamblocklog table every now and then. It's just for logging purposes in case you want to wade through all your spam

Regards,
Garvin