Advertisements

Gift From a Spammer: Captcha Cracking Data

Although I’d prefer open commenting, that just isn’t practical: spambots manage to create WordPress.com user accounts and post about 300 spams per day, of which I see perhaps a dozen false positives. Asking you to either sign in or provide some details helps slow the torrent.

Another inept spammer recently posted Yet Another un-expanded comment template, but the bungled script added some interesting information to the bottom. Here’s the last few lines from several pages of raw comment gibberish, with the URLs snipped out to protect the innocent:

{number|quantity|amount|range|variety|selection|multitude|wide variety|phone number|figure|telephone number} {=|Equals|Equates to|Is equal to|Means|Implies} {price|cost|value|price tag|selling price|amount|expense|rate|total price|charge|fee} {return|come back|go back|give back|returning|gain|profit|yield|revisit|bring back|keep coming back}).

[Generic URL snippage] Result: chosen nickname “ronalngh”; captcha recognized; success;
[Asian URL snippage] Result: chosen nickname “ronalvzo”; captcha decoded (4 attempts); success – posted to first encountered partition “理桁桊钼囗睇?钺铊”;
[Russian URL snippage] Result: SERVER ERROR (host dpk-svetlana.ru); chosen nickname “tomsckt”; registered (100%); logged in; success (profile was registered successfully, but there is no permissions for creating new topic);

Thus confirming that even captchas don’t pose much of a challenge these days…

Advertisements