WordPress.org

Forums

How do the spam bots post messages even if I have a captcha code? (7 posts)

  1. Glen Charles Rowell
    Member
    Posted 1 year ago #

    I just updated my comment section with a captcha code field for posting but spam bots are still getting around that. How are they posting? Does WordPress have a security hole in it somewhere?

    http://a4jp.com/ That's the link to my site.

    Any help is greatly appreciated.

    Glen

  2. Andrew
    Forum moderator
    Posted 1 year ago #

    Captchas have always been useless from what I've heard, what is the argument they aren't?

  3. Glen Charles Rowell
    Member
    Posted 1 year ago #

    Do you know how the bots are posting? There must be some PHP exploit they are using to skip the field, captcha and send button. I don't expect real messages but would like to stop all the spam filling up the WordPress database.

  4. There must be some PHP exploit they are using to skip the field, captcha and send button.

    Probably not. CAPTCHAs have been ineffective for combating spam for a while now.

    *Does a quick search engine look*

    This write up is pretty good. My bet would be actual people getting copies of the CAPTCHAs as the spam bots hit them.

    http://programmers.stackexchange.com/questions/189455/how-can-robots-beat-captchas/189460#189460

    Aside from not being effective CAPTCHAs are not good for accessibility reasons too.

    http://accessibility.psu.edu/captcha

  5. Glen Charles Rowell
    Member
    Posted 1 year ago #

    I chose a math captcha to get around having annoying text that couldn't be read on the screen. I figure anyone in any country could use that. And now I'm trying a text field that users have to type in part of an equation. It's not stopping the bots either though...

    If anyone knows how the bots post, could you help explain what is happening? It would be nice to help WordPress get around all this spam. I'm willing to try ^^

    If your site is spam free please share your ideas.

    Thank you.

  6. If your site is spam free please share your ideas.

    It's spam free'ish. ;)

    Try these plugins.

    http://wordpress.org/plugins/akismet/
    http://wordpress.org/plugins/cookies-for-comments/

    That is a very effective combination.

    This one is also good and every time I recommend it I yell out it's name.

    http://wordpress.org/plugins/spam-destroyer/

    "SPAM DESTROYER!" Sounds cool. I blame Ryan Hellyer for that. ;)

  7. stepintothelightmin
    Member
    Posted 11 months ago #

    Strange thing for me is that I just get registrations from what I believe to be bots considering that the email combination is similar to the spam bots I see trying to relay through me mail server. But they don't ever do anything else after registration such as posts or comments. Nothing! I have my blog setup to allow guests to post comments but I have to approve it. I use the picture captcha for registration, which apparently allows for a few bots and once registered in order to login you have to check the email provided at registration. Once wordpress notifies me of a new registrant I send an email to them to verify they are human if the email address looks strange such as he4lup@yahoo.com and then delete the account after a while if they don't verify. That's the best I can come up with.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.