[Mediawiki-l] spam attack avoids captcha

Kay Diederichs Kay.Diederichs at gmx.de
Fri Mar 18 14:48:08 UTC 2011 

Am 17.03.2011 22:06, schrieb Platonides:
 > Daniel Friesen wrote:
 >> The spammers haven't coded the bots to handle QuestyCaptcha yet, but if
 >> people start using it to stop them, then they will code it into the bot.
 >
 > Questy captcha is a free form question. You can't learn how to bypass
 > any instance of it. Not even a human would be able to bypass it using
 > just generic knowledge (eg. a foreign speaker).
 > The most that bots could do is to try with common answers such as a the
 > wiki name, or domain. No bot would be able to solve all by itself "Who
 > is the current companion of Doctor Who?"*
 > OTOH it's highly annoying for those users which don't know about Doctor
 > Who, or that for some reason get their answer rejected. I was once
 > denied access by one captcha of that kind (naming the character of the
 > image) despite having found the correct answer, I don't remember exactly
 > what was the issue. So you may also want to provide some email address
 > for appealing.
 >
 >
 > *Once a human instructs it, they are able to use it multiple times at
 > that wiki, though.

In Germany, there's a fairy tale about a race between a hare and a 
hedgehog; I just tried to translate it and found "hare and tortoise" 
(<http://www.dltk-teach.com/fables/tortoise/tale.htm>)

We are the hare, but the hedgehog/tortoise is faster, it seems.

The only way out that I can think of is for us, to find those measures 
that are easy to implement, and that raise the hurdle for the spammer 
such that the programming effort deters them.

One way that I've been thinking of is to just block the outgoing emails 
to addresses like shown by "grep gmail /var/log/maillog|grep to=", 
namely fro.stc.h.r.i.st.i.an80 at gmail.com, 
e.u.g.eni.o.s.c.hmidt.1.0 at gmail.com, 
c.r.o.s.b.y.d.o.k.eocet.ua.n at gmail.com and so on.

So, a simple way is to use a one-liner for the sendmail and postfix 
configuration files, which would ideally only affect *.*.*.*.*@gmail.com 
addresses.

I found that
To:gmail.com REJECT
(with one or multiple tabs where the blank appears in the line above) 
seems to work well when appended to /etc/mail/access which is used by 
sendmail on my CentOS-5.5 machine. Nota bene: only wikis are on this 
machine, so it's ok to not confirm account creation to gmail users - 
they can be told to subscribe with different emails.

I have not yet been able to find out why on my SL-6 machines
gmail.com REJECT
as the last line /etc/postfix/access does not seem to work - at least I 
see no "reject" message in /var/log/maillog.

thanks,

Kay

More information about the MediaWiki-l mailing list