I don’t like most current CAPTCHA techniques. There is nothing that frustrates me more than trying to use a web site and being presented with this:

Yes, that is an actual CAPTCHA image that I was presented with. If anyone can figure out what that one is supposed to be saying, you have better eyes than I do. More…

After just cleaning up yet another gmail spammer (I so love the Spammer Hammer™ MOD, is one of my favorites ) tonight I found myself wondering: Is it worth setting up an extra activation step for gmail.com accounts? More…

It has been a while since I visited my honeypot board. I decided to have a look today…

Our users have posted a total of 385789 articles
We have 43968 registered users

And when I logged in, I had 33 unread PMs as well.

Bots have been busy. I intend to go back and see what additional patterns I can get from the data. In light of one of my recent posts about gmail being the most abused email domain, here are some stats that speak for themselves. These are the top ten email domains in use on my honey pot board:

+-----------------+----------+
| email_domain    |  users   |
+-----------------+----------+
| gmail.com       |    11323 |
| mail.ru         |     6034 |
| meltmail.com    |     1179 |
| gawab.com       |      859 |
| getciallis.info |      855 |
| spambox.us      |      479 |
| serpdomains.com |      449 |
| atlantaclubs.cn |      282 |
| coolgwen.cn     |      274 |
| coolsanta.cn    |      255 |
+-----------------+----------+

More…

Not too long ago I participated in a topic at phpbb.com where the author was asking about blocking gmail email addresses. The general consensus from the community was that the board owner should not block gmail but instead rely on some other methods for blocking spammers. I don’t block gmail, but sometimes I would like to. In this post I think I summarized it best, saying:

hotmail, yahoo, gmail… any free email account is subject to abuse. Spammers are using the fact that board owners are, as you are, reluctant to ban gmail outright because it does have so many legitimate users.

Having said that, I decided it was time to go back and work through some numbers. Instead of guessing how bad the problem is, I wanted to get actual statistics to back up my claims. Anyone can say anything they want. Having numbers makes the claims more substantial. And graphs. Pictures are always good. The data used for this post is available as an Excel file for anyone to download and review (link at the end of the post). Here’s the summary:

Google: Your gmail system is borked. Fix it or risk it becoming irrelevant. More…

Anyone want to bet how long it takes the automated posting bots to infect twitter?

Will the battle never end?

Apparently not.

I have seen a new style of spam coming in on another blog that I have. Based on past experience, I normally expect the spam to include links to various sites that I have no interest in. These sites will normally promote things like products I don’t want (or need).

Lately, however, I have been getting spam comments that include links to “linked in” or other social networking sites. What’s the point of that? <sigh> The comments include anything along these lines (these are actual spam comments)

After reading through the article, I just feel that I really need more information on the topic. Can you suggest some resources ?

The style of writing is quite familiar . Have you written guest posts for other bloggers?

The topic is quite hot in the net right now. What do you pay the most attention to while choosing what to write about?

My friend on Facebook shared this link with me and I’m not dissapointed that I came here.

… and many more like this. The good news is that the comments were held in the moderation queue. The bad news is that these comments were all made on a blog that is protected by the checkbox challenge code that I use here. I have plans to go out and analyze the server logs to see if the comments were made by a human or a bot, based on time spent on the various pages.

A few weeks ago I posted about increasing the flood interval on my honey pot board. My theory was that since bots seem to have a fairly regular posting process I could cut down on the number of spam posts simply by changing the flood interval.

It didn’t seem to work.

More…

Today I decided to check in on my “honey pot” board that I have running. I haven’t been there in a week or so but things were still humming along last time I looked. This time when I logged in I got a warning from my pop-up blocker. My initial reaction? I’ve been hacked.

PM Spammers

It turned out that the real answer was much more benign… it was the notification of new private messages popping up. More…

Today I got my first spam that successfully navigated the Checkbox Challenge. It was caught by Akismet, which shows the power of a layered defense. On phpBB2 boards we have seen an increase in manual spam. Manual spam is really hard to defeat because it’s done by humans. On the other hand, it’s more expensive for the spammers too. I will be watching this closely to see how things trend over the next few months.

Google has a big challenge. Their blogger service is overrun with splogs. (And they don’t make it very easy to report them either.) Their web site search results have become polluted with people playing keyword and page rank games. And now their gmail service is being used to register spam accounts on phpBB boards. As of last month gmail is in second place for spammer registrations blocked by my Checkbox Challenge on one particular board. If I use only 2008 data gmail is essentially in a tie with mail.ru for most spam registration attempts.

More…