...so far it's stopped 10,000 spams while allowing 377 human comments. So why had this got through? The electronic trail explained: the "captcha" (Completely Automated Public Turing test to tell Computers and Humans Apart) had been filled in.Who dunnit?The captcha is the junk filter's last resort. Because it's easy and cheap to program machines to post any sort of junk on blogs, a captcha (which puts numbers or letters in an image, which a machine in theory can't read) shows whether you've got a real live person giving their thoughts, or just a dumb machine trying to up some spammer's search-engine ranking.
If the captcha was filled in, it must have been done by a person; if it had been done by a machine, the spammers would have cracked the problem of solving captchas and would be busily spamming every blog they could find.
The price of humans who'll spam blogs is falling to zero, Charles Arthur, The Guardian Thursday November 23, 2006
People working for a living did it:
So who had done this? The junk filter had recorded their IP (internet) address. It resolved to somewhere in India. Which rang a bell: earlier this year, I spoke with someone who does blog spamming for a living - a very comfortable living, he claimed. But he said that the one thing that did give him pause was the possibility that rival blog spammers might start paying people in developing countries to fill in captchas: they could always use a bit of western cash, would have the spare time and, increasingly, cheap internet connections to be able to do such tedious (but paid) work.The article goes on to note that Nigeria, home of the 419 scam, has plenty of people perfectly capable of posting blog comment spam, and for less pay than people in India.
Elsewhere this week, deliveries began of the hand-powered laptop, Nicholas Negroponte's computing gift to the developing world.I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam.
So how do you stop comment spam by human numerous enough and working cheaply enough to act as if automated? Humans who can probably also vary the content enough to make it hard to detect the bulk nature of their postings.
-jsq
PS: Thanks, Johnny.
Apparently some spammers have been using the lure of free porn to tap another source of cheap labor: bored American teens. Not to mention the commercial availability of Amazon.com Mechanical Turk, which aggregates humans to perform menial information tasks (I don't know what policies Amazon.com has in place, if any, to prevent its service from being misused by spammers.
Posted by: Fazal Majid | November 27, 2006 at 11:20 AM
Repeating the earlier comment, there are a lot of scams going in which humans are shown captchas supposedly to get at porn (and in fact sometimes a bit of porn is actually shown), but those captchas in fact originate at other sites and the humans are being scammed to fill them in on behalf of the spammers. This has been used to attack both blogs and various freemail services.
There are all sorts of derivative scams one can think of using these techniques...
Posted by: Perry E. Metzger | November 27, 2006 at 06:36 PM
Apparently some spammers have been using the lure of free porn to tap another source of cheap labor like the ones on:http://www.badspace.com
Posted by: Kassie trenton | June 29, 2007 at 03:35 PM