Solved

How did a spam bot decipher my captcha?

Posted on 2014-07-19
4
484 Views
Last Modified: 2014-07-19
I recently added a captcha field to my website's contact form, because the form was being abused by spam bots.  Today I got a spammed contact form, and I'd like to understand how a bot deciphered the captcha.

The contact form is at www.mauitradewinds.com/contact.htm    It requires typing the name of the island where I live into t text field.  Below, I've pasted the relevant section of my server's log file, which shows that the initial visit originated from a notorious forum-spamming IP in China, and a moment later, the site was accessed by a (probably-spoofed) Iraq IP address, also  reported as notorious for forum spamming.   The visitor only spent one second on each page of my site, including the contact form.  So I can't see that there was human intervention, and can't understand how the captcha was populated successfully.

61.50.245.133 - - [19/Jul/2014:20:49:48 -0400] "GET /IE8index.php HTTP/1.1" 403 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:51 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:53 -0400] "GET /IE8index.htm HTTP/1.1" 200 15974 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:55 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:56 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:57 -0400] "GET /IE8suite.htm HTTP/1.1" 200 25814 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:58 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:59 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:00 -0400] "GET /IE8StarWind.htm HTTP/1.1" 200 25817 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:02 -0400] "GET /viewtriage.htm HTTP/1.1" 200 1266 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:03 -0400] "GET /RezEasy/availability.html HTTP/1.1" 200 1078 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:04 -0400] "GET /location.htm HTTP/1.1" 200 6702 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:05 -0400] "GET /service.htm HTTP/1.1" 200 10047 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:06 -0400] "GET /hostess.htm HTTP/1.1" 200 6759 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:08 -0400] "GET /contact.htm HTTP/1.1" 200 8209 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:09 -0400] "POST /contact-form-handler.php HTTP/1.1" 302 - "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:11 -0400] "GET /thankyou.htm HTTP/1.1" 200 5752 "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:13 -0400] "GET /guestbook.htm HTTP/1.1" 200 8849 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:15 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:16 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:18 -0400] "GET /index.htm HTTP/1.1" 301 326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:19 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:20 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:22 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:23 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:25 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:26 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:32 -0400] "GET /links.htm HTTP/1.1" 200 10713 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
0
Comment
Question by:ddantes
  • 2
4 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40206853
For a Captcha to be effective, it has to require a different answer every time.  Your's does not so all they have to do it get it right once and they're in.
0
 

Author Comment

by:ddantes
ID: 40206866
OK.  But in the case of the question "which Hawaiian island are we located?"  how does a machine get it right once?
0
 
LVL 58

Accepted Solution

by:
Gary earned 250 total points
ID: 40206899
You will find that a lot of spam is not always a bot but a real person that finds out how to make a successful post and then adds the method to the bot.
0
 

Author Comment

by:ddantes
ID: 40206901
That makes sense.  Thank you both.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question