Spam Bots and CAPTCHAs

Sometimes there is nothing more satisfying than giving a bad guy a dose of his own medicine. That was undoubtedly the idea behind the “Spamper” phpBB2 MOD that was ultimately removed from the phpbb.com and phpbbhacks.com sites shortly after it was posted by its author.

The theory behind this part honey pot, part distributed denial of service attack (DDOS) plug-in was that it flooded the links that spam robots placed in comment forms with the ultimate goal of bringing the spamertized web sites down to their knees.

The key to the whole thing was the fact that the MOD hides the field “website” on the registration form. Therefore, if a website is given, it means the registration came from a spambot, which can “see” hidden fields, and not from a human.

The MOD was designed to reject the application and add URL found in the website field to a special blacklist.

From then on, whenever a user loaded any page of the forum, the MOD selected a random URL from the blacklist and loaded that page. If the MOD was installed on enough forums, the end result could be devastating for the sites being promoted by the spammers who got trapped by Spamper.

Fortunately or unfortunately, too many people saw Spamper as a bad idea that was fraught with legal liability for the good guys who were only trying to teach spammers a lesson. Score one for the bad guys.

You can still find Spamper if you look hard enough, but you need to ask yourself this:

“Is it worth the risk of losing your site, your reputation, or your savings account because someone, somewhere, ends up making a criminal complaint against you for instigating a DDOS attack?”

If the answer is no, here’s a safer and more effective way to combat SPAM.