Spammers hack captcha to post blog spam comments?

Tom Keating : VoIP & Gadgets Blog
Tom Keating
CTO
| VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinions

Spammers hack captcha to post blog spam comments?

Either the spammers are either very stupid or they have figured out a way to hack the visual captcha plugin (created by James Seng) I installed in my Movable Type blog (sample image to right). The reason I say this is that my blog has been receiving spam comments over the past several months that are the exact same text and I've seen this exact text on other blogs as well.

The spam text reads:
I totally agree with what you're saying. I wish more people felt this way and took the time to express themselves. Keep up the great work.

<name>
<website>

The spam text is "generic" enough and even complimentary to the blogger that a naïve blogger that hasn't some across this spam may let the comment stay on the blog. In any case, it's always this exact text, but the IP address varies (could be open proxies) and the website is always different which indicates multiple spammers using the same script & text template. It could be one spammer with hundreds of domains, but it seems to me that this comment spam text is so common that there must be some sort of script out there that can get around the captcha. James Seng's captcha is pretty popular, so perhaps a hacker/spammer has devised an OCR (optical character recognition) algorithm to detect the numbers and created a script to automate this?

I Googled this spammy text with a portion of it in quotes (exact match) and found at least 114 results. A slightly less strict search reveals 765 Google results. Now granted, the spammers could be simply copy/pasting their script into the Comments body and then manually entering the random numeric captcha code. But if they are going to go through the effort of copy/pasting to dozens of blogs in hopes of raising their Google Page Rank, why not come up with 10 text templates instead of just 1 text template? (not that I should be giving them any ideas) Eventually, even the naïve blogger is going to catch onto this spam text and delete it. So why waste the effort? You'd think a spammer smart enough to hack the captcha code would modify his/her text template. Then again, if a script does exist to hack the captcha, it's probably script kiddies borrowing the hacker's original script and so damn lazy they don't even change the text.

Actually, I've also seen some slight variants on this spam such as these:
Hello! You have very interesting blog! I enjoy reading you blog... keep it up guys! Respect you. Good luck you!

This one is interesting, because if you Google it by clicking here, you will see the "variants" of the exact text with the only text changed being the part in RED. Could be one spammer with hundreds of domains, who knows?

Thanks for this great post. You've got some really good info in your blog. If you get a chance, you can check out my blog on {copiers} at http://www.XYZ.com.

Some of the "red" keywords include: free credit reports, inkjet printer ink, mortgage brokers, donate, and more.

You gotta love the poor grammar they use by the way. I actually find it
amusing to read such tortured English. Though I hope this isn't
Americans using such poor grammar. After all, isn't the controversial No Child Left Behind supposed to help with that? :D And yes, I know I used the word "gotta".

We have two possibilities here.
1) spammers are using a script that can visually see the numbers in the captcha code and the script automatically posts a comment using the same text template.
2) spammers aren't "hacking" the captcha but rather they are manually entering their crap on people's blogs and manually entering the captcha code (if installed) and using the same damn text template. My only question is "Is this one annoying spammer or dozens doing this?"

Either option makes these spammers (spammer?) look like the dumbest spammers that ever walked God's green Earth. Thankfully, spammers tend to be the bottom of the genetic gene pool and are more "lucky" than "smart" when it comes to making money on the Internet. Their "shotgun" approach to spamming the entire Internet as opposed to using a more refined "sniper rifle" attack just might be a blessing. Just imagine if they actually had some intelligence in their spamming methods. Might make spam filters irrelevant, which would really suck since I spend at least 30 minutes a day going through spam on my blog and email accounts.

That reminds me - you know those stats that tell you you spend X number of years sleeping, X number of years in a car, X number of years eating, etc.? I wonder how many years the average person loses dealing with spam. :@ I loathe spammers. Ok, I'll end my Friday morning rant against spammers.



Related Articles to 'Spammers hack captcha to post blog spam comments?'
movable-type-logo.jpg
post-office-20-plugin-settings.jpg
memo-plugin-movable-type-setting.jpg
mt-edit-widget-set-primary-sidebar.jpg

Featured Events