Andrew Lee wrote:I performed some experiments today. Thought you guys might find it interesting.
First I was wondering if there is a loop hole in reCaptcha, which is allowing the spammers to sign up easily.
So I switch over to Q&A format and entered some easy questions (eg. what is the color of snow?)
The spammers were still coming in.
Then I began to wonder if there is a loophole in the registration process of phpBB that is allowing the spammers to bypass the botcheck.
So I make the answer gibberish (eg. instead of "white", it became "aksdhka").
Not a single spammer came through this time.
So the answer is clear. Like the article I read in Wired, the spammers are definitely using low cost workers in India or elsewhere to solve the reCaptcha or Q&A. I guessed as much because the reCaptchas are OCR segments with no easy answer in the first place, and I'd be surprised if they didn't patch up any security holes.
Then I got curious and wonder what kind of trouble they'd go through to answer a question. How about one Google search? So I updated the questions with harder ones like "How many states are there in the US?", or "How many symphonies did Beethoven compose?"
The spammers were still coming in, but at a reduced rate this time. Unscientifically, it's about 30% reduction. So some of your low cost third world workers are still quite eager to earn their pay.
So now the questions have been replaced with more "personal" ones eg. "Who is the founder of TPFC?"
Since then, not a single spammer yet. Maybe it really is too much trouble this time.