ddantes
asked on
How did a spam bot decipher my captcha?
I recently added a captcha field to my website's contact form, because the form was being abused by spam bots. Today I got a spammed contact form, and I'd like to understand how a bot deciphered the captcha.
The contact form is at www.mauitradewinds.com/contact.htm It requires typing the name of the island where I live into t text field. Below, I've pasted the relevant section of my server's log file, which shows that the initial visit originated from a notorious forum-spamming IP in China, and a moment later, the site was accessed by a (probably-spoofed) Iraq IP address, also reported as notorious for forum spamming. The visitor only spent one second on each page of my site, including the contact form. So I can't see that there was human intervention, and can't understand how the captcha was populated successfully.
61.50.245.133 - - [19/Jul/2014:20:49:48 -0400] "GET /IE8index.php HTTP/1.1" 403 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:51 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:53 -0400] "GET /IE8index.htm HTTP/1.1" 200 15974 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:55 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:56 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:57 -0400] "GET /IE8suite.htm HTTP/1.1" 200 25814 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:58 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:59 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:00 -0400] "GET /IE8StarWind.htm HTTP/1.1" 200 25817 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:02 -0400] "GET /viewtriage.htm HTTP/1.1" 200 1266 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:03 -0400] "GET /RezEasy/availability.html HTTP/1.1" 200 1078 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:04 -0400] "GET /location.htm HTTP/1.1" 200 6702 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:05 -0400] "GET /service.htm HTTP/1.1" 200 10047 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:06 -0400] "GET /hostess.htm HTTP/1.1" 200 6759 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:08 -0400] "GET /contact.htm HTTP/1.1" 200 8209 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:09 -0400] "POST /contact-form-handler.php HTTP/1.1" 302 - "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:11 -0400] "GET /thankyou.htm HTTP/1.1" 200 5752 "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:13 -0400] "GET /guestbook.htm HTTP/1.1" 200 8849 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:15 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:16 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:18 -0400] "GET /index.htm HTTP/1.1" 301 326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:19 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:20 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:22 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:23 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:25 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:26 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:32 -0400] "GET /links.htm HTTP/1.1" 200 10713 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The contact form is at www.mauitradewinds.com/contact.htm It requires typing the name of the island where I live into t text field. Below, I've pasted the relevant section of my server's log file, which shows that the initial visit originated from a notorious forum-spamming IP in China, and a moment later, the site was accessed by a (probably-spoofed) Iraq IP address, also reported as notorious for forum spamming. The visitor only spent one second on each page of my site, including the contact form. So I can't see that there was human intervention, and can't understand how the captcha was populated successfully.
61.50.245.133 - - [19/Jul/2014:20:49:48 -0400] "GET /IE8index.php HTTP/1.1" 403 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:51 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:53 -0400] "GET /IE8index.htm HTTP/1.1" 200 15974 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:55 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:56 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:57 -0400] "GET /IE8suite.htm HTTP/1.1" 200 25814 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:58 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:49:59 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:00 -0400] "GET /IE8StarWind.htm HTTP/1.1" 200 25817 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:02 -0400] "GET /viewtriage.htm HTTP/1.1" 200 1266 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:03 -0400] "GET /RezEasy/availability.html
37.239.46.2 - - [19/Jul/2014:20:50:04 -0400] "GET /location.htm HTTP/1.1" 200 6702 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:05 -0400] "GET /service.htm HTTP/1.1" 200 10047 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:06 -0400] "GET /hostess.htm HTTP/1.1" 200 6759 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:08 -0400] "GET /contact.htm HTTP/1.1" 200 8209 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:09 -0400] "POST /contact-form-handler.php HTTP/1.1" 302 - "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:11 -0400] "GET /thankyou.htm HTTP/1.1" 200 5752 "http://www.mauitradewinds.com/contact.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:13 -0400] "GET /guestbook.htm HTTP/1.1" 200 8849 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:15 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:16 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:18 -0400] "GET /index.htm HTTP/1.1" 301 326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:19 -0400] "GET / HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:20 -0400] "GET /IE8index.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:22 -0400] "GET /suite.htm HTTP/1.1" 302 314 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:23 -0400] "GET /IE8suite.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:25 -0400] "GET /StarWind.htm HTTP/1.1" 302 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:26 -0400] "GET /IE8StarWind.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
37.239.46.2 - - [19/Jul/2014:20:50:32 -0400] "GET /links.htm HTTP/1.1" 200 10713 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That makes sense. Thank you both.
ASKER