One of the defenses against bots is the use of CAPTCHAs, or puzzles that "humans can solve, but computers can't". If you use the Internet much at all, you've seen, and solved, more than one. Unfortunately, CAPTCHAs are easily solved by scripts and online users. The people who produce web products like email, online forums, and blogging platforms may not yet realise that detail, however.
This is not an academic issue, it's commercial, and it's very real. Here's the specifications for a commercial product used to manage attacks against online forums, and place spam posts there. I've viewed an online movie which showed XRumer in action (movie since removed), and my computers haven't been attacked, but I would still visit that web site only from a computer carefully protected with a good layered security strategy.
Let's "make a new project".
Having setup the content and style of the attack, let's see what it will look like when placed in a typical forum.
Posting to multiple forums, simultaneously, is the key here. We need the ability to determine how many forums to attack, simultaneously. Here, we see hundreds of forums under attack.
Here we have a very matter of fact demonstration of how useless captchas are. Note the log entries "captcha recognized", showing that the forums in use asked for captcha entries, which were simply resolved by the XRumer script. Not even worthy of a feature balloon in the demo.
This product, XRumer (note "Version 3.0"), appears to be a Windows XP application. It's well designed, with plenty of features that make it persistent, robust, and versatile. It's apparently designed for placing spam posts into online forums. Note that the demo doesn't show us any detail about posting into any one forum, it simply shows the spam posts being placed to the forums. This is simply an advertising demo, for a mature and probably popular product.
And the individual forum postings are being processed, simultaneously, by bots. Presumably "one thread" = "one bot". Note the URL: www.botmaster.net.
I have no doubt that similar products are marketed, to generate and deliver spam through email, to register and generate splog farms in the Blogger world, and even to send comment spam to blogs and web sites. Note that this demo is several years old - surely shinier, more robust, and more versatile products are available today. And just as surely as "Coca-Cola" has a competitor "Pepsi-Cola" (with neither outshining the other for very long), "XRumer" has competitors too.
This is why you see spam in online forums, spam in your email box, and spam blogs on the Internet. It's a commercial process, with automated tools.
>> Top
No comments:
Post a Comment
Welcome to Nitecruzr Dot Net, and PChuck's Network. If this is your first visit here, please help me to help you, and read my commenting policy. Please, don't post anonymously, asking questions that should be asked in my forum Nitecruzr Dot Net - Networking.