This blog is retired.


Archive for September, 2007

Too Bad You Can’t Look Spammers Up In The Telephone Book Part II

Sunday, September 30th, 2007

In my last post I told you about some BB anti-spam protection schemes out there that rely upon third-party spam reports to build a list of know spammers who frequent the forum community and blogosphere. I also wrote about why this method of protecting your site from spam wasn’t as good an idea as it seemed from a technical point of view. Today I want to tell you about a few legal issues you may face if you choose to utilize a blacklist.

One of the biggest legal obstacles is that UK webmasters are subject to fines and penalties if they transmit sensitive user data to any organisation that is not subject to the UK Data Protection Act.

(more…)

Too Bad You Can’t Look Spammers Up In The Telephone Book

Wednesday, September 26th, 2007

Wouldn’t it be great if you could get access to an automatically maintained list of forum spammers and simply check each new member against it before you allowed someone to register or create a new post? Well you kind of can do that, to some extent, but you may not want to. Here’s why…

(more…)

How does Advanced Textual Confirmation work

Sunday, September 23rd, 2007

Many people, including me, believe that security by obscurity gives a false sense of security. Any security tool must be available in source code, even to bad guys. But Advanced Textual Confirmation (ATC) is encoded. Why?

It’s all about the business. If I deliver the tool as is, some “alternatively smart” programmer can copy/paste the code in a few minutes and start selling the clone. This is my worry: “alternatively smart” programmers.

To satisfy those who are against security by obscurity, I’m diclosing the ATC internals is this post. Warning: to understand the text in full, you have to be a web programmer.

(more…)

Evil Idea: Make money from spammers!

Sunday, September 16th, 2007

Last week I wrote about the “Spamper” phpbb MOD that used SPAM posts against the spammer. As I mentioned, the idea died because too many people thought that it amounted to a Distributed Denial of Service Attack (DDOS). No one wanted the legal liability that could result from what I believed was a great idea.

Well, I got to thinking… Maybe Spamper was a bad implementation of a good idea. So, I took the idea one step further. What do you think of this?

(more…)

The best defense is a good offense. Or is it?

Wednesday, September 12th, 2007

Sometimes there is nothing more satisfying than giving a bad guy a dose of his own medicine. That was undoubtedly the idea behind the “Spamper” phpBB2 MOD that was ultimately removed from the phpbb.com and phpbbhacks.com sites shortly after it was posted by its author.

(more…)

MOD Textual Confirmation Rises From Pit of Despair

Sunday, September 9th, 2007

True Story:

I became so irritated from using phpBB2 Advanced Visual Confirmation, which ended up causing me more trouble that it was worth, that I finally did something about it.

After thinking that I had wrapped a spammer-proof wall of security around my forum, I discovered that spammers were having an easier time decrypting my captcha images than my authorized members were. In fact, I often ended up having to manually register new users who I thought weren’t smart enough to decipher the image that was sitting right there in front of their face. It was only after I tried (and failed) to register one particular user 5 times that the truth hit me:

When it comes to default captcha decoding skills: Computers win, humans lose.

(more…)

OK, here’s a cool CAPTCHA tool I can actually get behind

Wednesday, September 5th, 2007

Every now and then a smart anti-SPAM solution comes along that’s actually worth taking a close look at. ReCAPTCHA™ is one of those tools.

Everyone who reads my blog already knows that standard CAPTCHA utilities have been hacked. And you already know that the best form-based anti-SPAM tools require a modicum of human intelligence to unlock the comments form and allow a comment to be posted.

And that’s why I’m so excited about ReCAPTCHA. Not only is it human intelligence-based, but it’s free as well. And to make it even better, if you use ReCAPTCHA, you’ll actually be helping to spread literacy around the world.

Here’s how it works:

(more…)

Hot captcha, or CAPTCHA with fun

Sunday, September 2nd, 2007

CAPTCHA or not CAPCTHA… Any anti-spam protection disturbs your visitors. But folks at HotCaptcha.com found a nice trick to compensate the irritating proof-you-are-a-human step. What they do?

(more…)