[Python-Dev] Summary of Tracker Issues (original) (raw)
Talin talin at acm.org
Thu May 17 07:17:49 CEST 2007
- Previous message: [Python-Dev] Summary of Tracker Issues
- Next message: [Python-Dev] Summary of Tracker Issues
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrew McNamara wrote:
Typically spammers don't go through the effort to do a custom login script for each different site. Instead, they do a custom login script for each of the various software applications that support end-user comments. So for example, there's a script for WordPress, and one for PHPNuke, and so on. In my experience, what you say is true - the bulk of the spam comes via generic spamming software that has been hard-coded to work with a finite number of applications. However - once you knock these out, there is still a steady stream of what are clearly human generated spams. The mind boggles at the economics or desperation that make this worthwhile.
Actually, it doesn't cost that much, because typically the spammer can trick other humans into doing their work for them.
Here's a simple method: Put up a free porn site, with a front page that says "you must be 18 or older to enter". The page also has a captcha to verify that you are a real person. But here's the trick: The captcha is actually a proxy to some other site that the spammer is trying to get access to. When the human enters in the correct word, the spammer's server sends that word to the target site, which result in a successful login/registration. Now that the spammer is in, they can post comments or whatever they need to do.
-- Talin
- Previous message: [Python-Dev] Summary of Tracker Issues
- Next message: [Python-Dev] Summary of Tracker Issues
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]