Tim Starling wrote:
Captchas could slow down the attack somewhat.
Let's say he uses 10 IP
addresses on 7 wikis. That means he would have to perform about 70
captchas. If each captcha takes 10 seconds, then it would require about
11 minutes of human time to perform the attack. Of course, he spent far
longer than 11 minutes developing the bot, but it does put a practical
limit on the scale and speed of the attack.
It also means that he has to display what's going on in a browser,
rather than doing the whole thing from a perl script for example. To
me, anyhow, that would be a daunting task, but then again, automating
a browser isn't something I know much about.
My thinking is just that when he sees the captcha and realizes that
his entire script has to be rewritten from scratch, he might just
realize that it's totally not worth it.
One good thing about spammers is that they are lazy and only in it for
the money, as opposed to an ideological opponent or random lunatic who
might spend a completely absurd amount of time trying to get around
something.
--Jimbo