[Python-Dev] Summary of Tracker Issues
Talin
talin at acm.org
Thu May 17 07:17:49 CEST 2007
Andrew McNamara wrote:
>> Typically spammers don't go through the effort to do a custom login
>> script for each different site. Instead, they do a custom login script
>> for each of the various software applications that support end-user
>> comments. So for example, there's a script for WordPress, and one for
>> PHPNuke, and so on.
>
> In my experience, what you say is true - the bulk of the spam comes via
> generic spamming software that has been hard-coded to work with a finite
> number of applications.
>
> However - once you knock these out, there is still a steady stream of
> what are clearly human generated spams. The mind boggles at the economics
> or desperation that make this worthwhile.
Actually, it doesn't cost that much, because typically the spammer can
trick other humans into doing their work for them.
Here's a simple method: Put up a free porn site, with a front page that
says "you must be 18 or older to enter". The page also has a captcha to
verify that you are a real person. But here's the trick: The captcha is
actually a proxy to some other site that the spammer is trying to get
access to. When the human enters in the correct word, the spammer's
server sends that word to the target site, which result in a successful
login/registration. Now that the spammer is in, they can post comments
or whatever they need to do.
-- Talin
More information about the Python-Dev
mailing list