Quote:

i agree there. I have seen some captchas that are now created on the fly in 3D Stereographic form. great for stopping OCR, but hell a nightmare for the user to get past just in order to post.. lol

thanks for the replies.

i almost thought the captcha feature will free me from the spam nightmare. never knew they can be that sophisticated to have an OCR.

What I want to know is, how do the spammers (and spam-bots) know where to post spam?

I have a site that is set up for a few people to discuss an upcoming project. It doesn't have a domain name as such, isn't registered at any search engines, and only 4 or 5 people even know about it. Yet we have 170 "members" who have signed up, and until recently, we had 20 spam posts a day, posting the usual stuff - porn links, viagra, etc. The only way we have stopped the spammers (sofar) is to have admin approval for new accounts. But how do they find the site in the first place?

BTW it's not a XOOPS site, it's just a PHPBB forum.

Somehow they find out. If there is any email sent to and fro from the forums, then even though there is no domain name, then maybe the IP address you are using (or sub-domain ??) is being picked up somewhere, as any emails go through a number of servers, as I understand it.

As for spammers, my email address was added to Skype recently (not be me, but by someone I know), and I had absolutely no spam at all on that email address beforehand. But after Skype got it, I now get 2 or 3 spams to that email address, and when I use a tool to see where they are coming from, they are all from Germany. :(

HTH

Other's debate the relative merits of Captcha systems in this thread. I use the hacked Liaise module that incorporates duGris' SecurityImage captcha class onall my sites.

I also use the spambot protection afforded by the NetQuery module. SImply don't allow users to see any of teh other (fine) fatures of that module but include teh spambot block in every page. It works a treat.

Of course like any good xoopster I also use Protector.

I have some good results with XoopsCare :
http://xoops.instant-zero.com/modules/pages/index.php?pagenum=10

I'm using the anti spam feature.

Each time I have a spam on a site, I add the spam words in the censor part of XOOPS (in the XOOPS preferences) and XoopsCare will remove the spamed comments.

Plus, I have added the XoopsCare block on each page (with a cache of 1 day), like this, each day, XoopsCare does its job.

It's one additional anti spam feature.

These are all methods for "SPAM filtering", or trying to "close the door after the horse has bolted", so to speak. The email has already been accepted by the email server, Spamassasin, and most of the other tools are simply content filters, and the user will still probably have to view all the spam, to make sure that there isn't any 'legitimate' email.

There has been a lot of talk lately about ASSP - Stop spam with the Anti-Spam-SMTP-Proxy (ASSP)

Quote:

Try and convince your hosting provider to use ASSP.

Does anyone know how a spam-bot works, I mean, exactly how it works?. Does it look for a PHP mail class file with a known vulnerability and then seek out any web form that might use it?.

I'm just guessing that entering malicious code in a form may reach the file and send the spam even if the form returns an error because of a captcha.

Xoops really needs a white hat on the dev team.

well 1st off, i'm not sure if it was intentional, but i think there was a slight misunderstanding in Peterr's 2nd post as it referred to SMTP which basically would mean he is referring to email spam.

the spam we were discussing in regards to captcha is not email spam.

email spam is where somebody (and the vast majority of email spam is done from companies/individuals *buying* email lists), of course there are also bots that search round and harvest email addresses from websites, but that is all those bots usually do. they gather a list of email addresses, and then use those addresses to send out unsolicited emails..

now I definitely agree there needs to be a world-wide discussion and structure in dealing with those kinds of spammers, and indeed there are many ways that ISP's can block spam emails & also detect spam emails. but yes the occasional legit email can sometimes be misread as spam.

the other type of spam that we were discussing is when a person or a spambot, registers on your site (or not if anonymous posting is allowed) and posts various links & sales/marketing promotions etc blatantly in your forms etc.. there are also other kinds of spam (and sometimes mainly they are actual humans) where you'll see someone post in a thread saying "thanks for this" etc or "this is great" etc and you'll see a link or 2 posted along with the message usually in the signature. now these kinds of posts are also classed as spam (we sometimes refer to those people as signature spammers) because they are posting irrelevant messages just in order to get their links viewed or clicked by a user or indexed by search engine bots to increase their page rankings etc.

but how bots work is another matter.. i would guess that most would not need to know a domain name, in fact I would say that they just scan IP block ranges till they find a hit.

I just wanted to say thank you everyone for the productive discussion in this thread. THIS is the XOOPS info I love to read -- intelligent and inquisitive. I've learned a lot by reading the back-and-forth. Security issues are way over my head so I'm glad that smart people are thinking about it and helping to make the sites of us regular users safer.

Sorry to go off topic. Now back to your regular discussion.... :)