[Full-disclosure] Comment Spam: new trends, failing counter-measures and why it's a big deal
Gareth Davies
gareth.davies at mynetsec.com
Mon Feb 13 05:29:51 GMT 2006
php0t wrote
>
> Yep.. I repeat. 'Big part of the problem'. Which is nowhere near
> 'singularly successful solution'.
>
> Let's suppose 20% of that spam you see is posted by people doing this
> all day, getting paid for it. It's probably much less, but this is all a
> guess, nothing more. Would it not be a solution for the other 80% ?
> Of course, if you have some statistics that tell me I terribly
> underestimated that overestimation of 20%, or just introduce new
> elements that I did not consider, do not hesitate to show it to me, I'm
> happy with accepting facts.
>
> php0t
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
And a friend of mine has already written a PHP class using GD that can
beat 80-90% of common CAPTCHA implementations.
It's not a particularly complex algorithm.
What's to stop the spammers investing a little more money.
Anyway I have a high traffic blog and I have found since the advent of
Wordpress 2.0, Akismet has been extremely successful against even the
latest most human like spam.
Spam Karma 2 before that was of course the king.
--
Gareth Davies - BS7799 LA, OPST
Manager - Security Practice
Network Security Solutions MSC Sdn. Bhd.
Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara,
Mont’ Kiara, 50480
Kuala Lumpur, Malaysia
Phone: +603-6203 5303 or +603-6203 5920
www.mynetsec.com
Full-Disclosure is hosted and sponsored by Secunia.