SPAM on PLUGSITE
Lisa Kachold
lisakachold at obnosis.com
Wed Dec 15 15:42:24 MST 2010
On Wed, Dec 15, 2010 at 3:36 PM, Carlos Macedo Gomes <
powerofprimes at gmail.com> wrote:
> Unfortunately, attacks against CAPTCHAs aren't limited to sw bots:
> http://www.technologyreview.com/blog/mimssbits/25594/
> <snip from above>
> "How Spammers Use Low-cost Labor to Solve CAPTCHAS
> Workers in Russia, Southeast Asia, and China are paid a pittance to solve
> millions of CAPTCHAS.
> CHRISTOPHER MIMS 08/11/2010"
> </snip>
>
> ymmv,
> C.G.
>
> On Wed, Dec 15, 2010 at 3:27 PM, Lisa Kachold <lisakachold at obnosis.com>
> wrote:
> >
> > On most of my production Drupal sites, I CANNOT even enable comments.
> It's a sad day when one cannot have a login based access that is not hit by
> SPAM bots?
> >
> <snip>
>
OMG, surely you realize that most of the "free" php captcha tools contain
web layer write or sql injection exploits?
Many can also be broken:
http://www.puremango.co.uk/2005/11/breaking_captcha_115/
Google your script (that's what the script kiddies do)!
SEC CHECK your installation; DMZ exclude all web systems from internal
networks.
--
(503) 754-4452
(623) 688-3392
http://www.it-clowns.com | http://www.obnosis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20101215/f7576036/attachment.html>
More information about the PLUG-discuss
mailing list