[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

> I added a simple Math Captcha to registration.
> That will likely suffice to mostly, if not entirely,
> stop spambots from registering.

Assuming it functions correctly as described, I'll bet good money it'll
_work perfectly_ -- in the sense that basically _nobody_ expends the
effort to code a totally site-specific comment-bot.  It's too much work
for too little gain, in world where so many ill-defended targets beckon,

Edge case:  If a specific combo of engine (e.g., WordPress) plus one
specific plugin (e.g., Math Captcha) hypothetically ever becomes
overwhelmingly popular, then it would be an economic proposition for
coders of comment-bots to code handling of the admin's artificial
obstacle to automated bulk-commenting.  I.e., at that point, overcoming
the roadblock is no longer a site-specific problem for them.

One of the implications of that is that small site-local variations can
be extremely helpful.  This is also true in SMTP antispam, e.g., if
using site-wide SpamAssassin (spamd), there's high value in altering the
default spamicity weightings for the various matching rules and
otherwise make your site's heuristics just a bit different from

Or to put it a different way, genetic diversity is good -- and avoids
the fate of the Gros Michel banana and the Irish Lumper potato.[2]

> We're at 113 "users" now - the rate seems to have dropped off, as
> most of the spam bots figure out they can't get their spam
> content posted.

Don't expect learning behaviour.  Don't forget, there's almost never
direct human supervision.  The same stupid comment bots persist
attempting the same stupid actions that no longer work.  The operators 
are not in the business of smart; they're in the business of blanketing
the Internet using overwhelmingly stolen machine resources (zombified
MS-Windows machines comprising botnets) to barrage all of IP space all
the time, in hopes that stuff gets through here or there.  The waste and 
lack of intelligence is inherent in the basic plan.

[1] As the old joke goes, you don't need to run faster than the pursing
bear, only faster than the other guy fleeing.

[2] After 170 years, the Lumper is being grown again, notably in County
Antrim, Northern Ireland -- but carefully not as a monocrop.

You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20190913213017.GF6980%40linuxmafia.com.