Solved

How did a spam bot decipher my captcha?

Posted on 2014-07-19
4
467 Views
Last Modified: 2014-07-19
I recently added a captcha field to my website's contact form, because the form was being abused by spam bots.  Today I got a spammed contact form, and I'd like to understand how a bot deciphered the captcha.

The contact form is at www.mauitradewinds.com/contact.htm    It requires typing the name of the island where I live into t text field.  Below, I've pasted the relevant section of my server's log file, which shows that the initial visit originated from a notorious forum-spamming IP in China, and a moment later, the site was accessed by a (probably-spoofed) Iraq IP address, also  reported as notorious for forum spamming.   The visitor only spent one second on each page of my site, including the contact form.  So I can't see that there was human intervention, and can't understand how the captcha was populated successfully.

61.50.245.133 - - [19/Jul/2014:20:49:48 -0400] "GET /IE8index.php HTTP/1.1" 403 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:51 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:53 -0400] "GET /IE8index.htm HTTP/1.1" 200 15974 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:55 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:56 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:57 -0400] "GET /IE8suite.htm HTTP/1.1" 200 25814 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:58 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:59 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:00 -0400] "GET /IE8StarWind.htm HTTP/1.1" 200 25817 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:02 -0400] "GET /viewtriage.htm HTTP/1.1" 200 1266 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:03 -0400] "GET /RezEasy/availability.html HTTP/1.1" 200 1078 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:04 -0400] "GET /location.htm HTTP/1.1" 200 6702 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:05 -0400] "GET /service.htm HTTP/1.1" 200 10047 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:06 -0400] "GET /hostess.htm HTTP/1.1" 200 6759 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:08 -0400] "GET /contact.htm HTTP/1.1" 200 8209 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:09 -0400] "POST /contact-form-handler.php HTTP/1.1" 302 - "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:11 -0400] "GET /thankyou.htm HTTP/1.1" 200 5752 "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:13 -0400] "GET /guestbook.htm HTTP/1.1" 200 8849 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:15 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:16 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:18 -0400] "GET /index.htm HTTP/1.1" 301 326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:19 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:20 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:22 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:23 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:25 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:26 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:32 -0400] "GET /links.htm HTTP/1.1" 200 10713 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
0
Comment
Question by:ddantes
  • 2
4 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40206853
For a Captcha to be effective, it has to require a different answer every time.  Your's does not so all they have to do it get it right once and they're in.
0
 

Author Comment

by:ddantes
ID: 40206866
OK.  But in the case of the question "which Hawaiian island are we located?"  how does a machine get it right once?
0
 
LVL 58

Accepted Solution

by:
Gary earned 250 total points
ID: 40206899
You will find that a lot of spam is not always a bot but a real person that finds out how to make a successful post and then adds the method to the bot.
0
 

Author Comment

by:ddantes
ID: 40206901
That makes sense.  Thank you both.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now