[Python-Dev] Summary of Tracker Issues

Talin talin at acm.org
Thu May 17 07:17:49 CEST 2007


Andrew McNamara wrote:
>> Typically spammers don't go through the effort to do a custom login 
>> script for each different site. Instead, they do a custom login script 
>> for each of the various software applications that support end-user 
>> comments. So for example, there's a script for WordPress, and one for 
>> PHPNuke, and so on.
> 
> In my experience, what you say is true - the bulk of the spam comes via
> generic spamming software that has been hard-coded to work with a finite
> number of applications. 
> 
> However - once you knock these out, there is still a steady stream of
> what are clearly human generated spams. The mind boggles at the economics
> or desperation that make this worthwhile.

Actually, it doesn't cost that much, because typically the spammer can 
trick other humans into doing their work for them.

Here's a simple method: Put up a free porn site, with a front page that 
says "you must be 18 or older to enter". The page also has a captcha to 
verify that you are a real person. But here's the trick: The captcha is 
actually a proxy to some other site that the spammer is trying to get 
access to. When the human enters in the correct word, the spammer's 
server sends that word to the target site, which result in a successful 
login/registration. Now that the spammer is in, they can post comments 
or whatever they need to do.

-- Talin


More information about the Python-Dev mailing list