Am 17.03.2011 22:06, schrieb Platonides:
Daniel Friesen wrote:
The spammers haven't coded the bots to handle
QuestyCaptcha yet, but if
people start using it to stop them, then they will code it into the bot.
Questy captcha is a free form question. You can't learn how to bypass
any instance of it. Not even a human would be able to bypass it using
just generic knowledge (eg. a foreign speaker).
The most that bots could do is to try with common answers such as a the
wiki name, or domain. No bot would be able to solve all by itself "Who
is the current companion of Doctor Who?"*
OTOH it's highly annoying for those users which don't know about Doctor
Who, or that for some reason get their answer rejected. I was once
denied access by one captcha of that kind (naming the character of the
image) despite having found the correct answer, I don't remember exactly
what was the issue. So you may also want to provide some email address
for appealing.
*Once a human instructs it, they are able to use it multiple times at
that wiki, though.
In Germany, there's a fairy tale about a race between a hare and a
hedgehog; I just tried to translate it and found "hare and tortoise"
(<http://www.dltk-teach.com/fables/tortoise/tale.htm>)
We are the hare, but the hedgehog/tortoise is faster, it seems.
The only way out that I can think of is for us, to find those measures
that are easy to implement, and that raise the hurdle for the spammer
such that the programming effort deters them.
One way that I've been thinking of is to just block the outgoing emails
to addresses like shown by "grep gmail /var/log/maillog|grep to=",
namely fro.stc.h.r.i.st.i.an80(a)gmail.com,
e.u.g.eni.o.s.c.hmidt.1.0(a)gmail.com,
c.r.o.s.b.y.d.o.k.eocet.ua.n(a)gmail.com and so on.
So, a simple way is to use a one-liner for the sendmail and postfix
configuration files, which would ideally only affect *.*.*.*.*(a)gmail.com
addresses.
I found that
To:gmail.com REJECT
(with one or multiple tabs where the blank appears in the line above)
seems to work well when appended to /etc/mail/access which is used by
sendmail on my CentOS-5.5 machine. Nota bene: only wikis are on this
machine, so it's ok to not confirm account creation to gmail users -
they can be told to subscribe with different emails.
I have not yet been able to find out why on my SL-6 machines
gmail.com REJECT
as the last line /etc/postfix/access does not seem to work - at least I
see no "reject" message in /var/log/maillog.
thanks,
Kay