Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spammers Learn to Outsource Their Captcha Needs

Zonk posted more than 7 years ago | from the hearing-some-ominous-muttering dept.

Security 221

lukeknipe writes "Guardian Unlimited reporter Charles Arthur speaks with a spammer, discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas. In his report, Arthur discusses Nicholas Negroponte's gift of hand-powered laptops to developing nations and the wide array of troubles that could arise as the world's exploitable poor go online." From the article: "I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business."

cancel ×

221 comments

Sorry! There are no comments related to the filter you selected.

I call job theft! (4, Funny)

hclyff (925743) | more than 7 years ago | (#16982630)

Damn those developing countries, stealing all the decent jobs from the hard working Americans.

Re:I call job theft! (1)

Adult film producer (866485) | more than 7 years ago | (#16982800)

>Damn those developing countries, stealing all
>the decent jobs from the hard working Americans.

Ya even in our own country they're screwing us. I remember a time when a person could make a good living framing houses, general contracting, drywall and plumbing work, etc. The union ruled, no question about it they were a bitch, but at the end of the day you could easily support a family on that kind of work, good honest work that americans would jump at in a heartbeat...

Good thing those days of decent wages are gone, who needs them anyways? The mexican immigrants will take the job for $9/hr and won't complain about not having insurance/benefits or when faced with glaring safety hurdles that just jumped all over nowadays.

Wow! $9 / hr? (1)

Clueless Nick (883532) | more than 7 years ago | (#16983074)

As a moderately successful finance professional, I make almost $33 per day. That is, 6 days per week, 9 hrs per day and no overtime pay. It rhymes, so it must be good.

As physical boundaries dissolve, equity will prevail increasingly. It is already making life harder (read: costlier) back here, with all the money flowing in to workers in call centres, BPOs and software.

Re:Wow! $9 / hr? (2, Insightful)

KillerBob (217953) | more than 7 years ago | (#16983286)

As a moderately successful finance professional, I make almost $33 per day. That is, 6 days per week, 9 hrs per day and no overtime pay. It rhymes, so it must be good


*blink* what country do you live in? In a 1st world nation, that's *well* below the standard minimum wage. Here in Ontario, for example, minimum wage is $6.85/hour. Even after taxes are taken off, that's about $45/day if you're working full time, and I think there's talk about raising the minimum wage to $7.40. Hell, an untrained private in the Canadian army, who has just come in off the street and has no education after Grade 10, makes almost 3 times what you claim, and he doesn't have to pay for room/board.

Re:Wow! $9 / hr? (1)

Eternauta3k (680157) | more than 7 years ago | (#16983868)

*blink* what country do you live in? In a 1st world nation, that's *well* below the standard minimum wage
You do realize life here is cheaper, right?

And it'll just get worse... (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#16982634)

when those $100 laptops arrive in great numbers.

These lead shoes (3, Informative)

future assassin (639396) | more than 7 years ago | (#16982636)

are nothing to do with business its just personal. I would be more more then happy to plead guilty if I ever got cought for beating the fuck out of a spammer.

Re:These lead shoes (1)

Panaqqa (927615) | more than 7 years ago | (#16982884)

Considering that most organized spam campaigns originate in Russia these days, and are run by Russian organized crime, then I would suggest that simply getting your day in court to plead guilty would be your best possible outcome. More likely, I suspect, is that beating up a spammer is likely to get you very dead very fast. Especially if it turns out to be one of their key technical people.

Re:These lead shoes (2, Informative)

SharpFang (651121) | more than 7 years ago | (#16982970)

Actually, Russia and China are far second behind USA which holds over 60% of spam market.

Re:These lead shoes (1)

dbIII (701233) | more than 7 years ago | (#16983764)

The thing that confuses the issue is those chinese domain names are cheap and spammers are buying them up in batches of a few hundred to use and throw away.

There are a surprisingly large numbers of spammers in Australia as well - I lost track of the one born in New Zealand that was trying to get people to do dodgy work for him on a promise of money in three months - funny thing is his last name really was "Fagin" ala the Oliver Twist crook. He wanted to employ people to write software to look for open relays.

I doubt you would, actually (5, Interesting)

Moraelin (679338) | more than 7 years ago | (#16983840)

Actually, I doubt you would actually beat one. Not meant as an insult, but I believe that you don't have what it takes. If you had, you'd already be either in jail, or a CEO, or chief of marketting or various other positions suited to people able to think "it's just business" when harming others. Or in his place making a good living sending spam and 419 mails.

See most people are quite able to speak/cheer about and for beating others up, killing others, war, etc, as long as it's just talking. They might even actually do it, if a fit of rage disables their sanity for long enough. But fits of rage aren't something you can plan and execute whenever you wish. And otherwise when you actually have to do it, there's this interlock against harming other humans. It's partially "what if it was me in his shoes" education (even if you logically know it would never be in his place spamming) and partially that interlock most animals have against harming their own more than strictly necessary. (Even when cats or dogs fight their own there is always a mechanism to signal "I give up" and the other _will_ cease.)

It's a strange world, really. The same people who could be shaking a fist and screaming for war against X at the top of their lungs, would actually have trouble looking one of X in the eyes and squeezing the trigger. A lot of PTSD cases in war aren't just people getting shocked by being shot at, but shocked by having shot other humans.

There is one cathegory that can cheerfully think "it's only business": the sociopaths. They live in a strange world in which the others are NPCs: the others don't matter, they're not the same, "it could be me in his shoes" doesn't apply, etc. They can lie, cheat, murder, torture, whatever, and be perfectly able to look themselves in the mirror after it. Because the other guy didn't matter.

And, sad to say, if you weren't born one, I doubt you could actually beat this guy up in cold blood. If anyone gave you a baseball bat and this guy tied to a chair, you just couldn't actually do it.

And it's probably better that way. I'm thinking we as a society would do better to just start recognizing sociopaths for what they are, and the damage they can do. This guy, for example, is a sociopath, plain and simple. He's not just "being smart", he's not "just doing business", he's not "just doing what's needed", or the other things these guys like to pose as. He's just someone who doesn't even see you as a human being, much less his equal.

A long-time problem (2, Insightful)

worb (935866) | more than 7 years ago | (#16982648)

I'm not sure if poor people filling in CAPTCHAs should be our biggest concern, when people are in fact dying all over the world from war, starvation, and so on (yes, I know that it's possible to focus on several problems at once). However, the problem with CAPTCHAs being worked around by real people (either by hiring people to do it or by luring porn surfers to fill it in for them) has been there for ages.

If I am not mistaken, there have been several stories on this kind of thing on Slashdot...

Ayway, the bottom line is that spammers have been doing this for a long time, and I'm not sure if the $100 laptops will make a difference either way. Will these $100 laptops all have internet access?

Re:A long-time problem (1)

cp.tar (871488) | more than 7 years ago | (#16982690)

Why, of course they will.

Developing countries all have broadband Internet access, even WiFi. And those who do not, well, the spammers will pay them enough for each solved captcha that they offset the surely insignificant cost of modem access.

Even if it does happen, though, it will only go to show that captchas aren't the way to get rid of spam, bots etc.
I would prefer it, though, if spammers learned to circumvent captchas automatically... can you imagine what it would mean for OCR?

Re:A long-time problem (2, Interesting)

FireFury03 (653718) | more than 7 years ago | (#16982740)

Even if it does happen, though, it will only go to show that captchas aren't the way to get rid of spam, bots etc.

I would certainly like to see the end of captchas, and I have resisted using them on my own sites. They are really bad for accessibility and therefore illegal in many situations and just generally unfair to anyone who can't solve captchas (whether that be by disability or browser choice). However, I have yet to see any other technology able to do the job.

Re:A long-time problem (1)

SharpFang (651121) | more than 7 years ago | (#16982980)

I, for one, found out I can't solve most captchas while being drunk.
Does that fall under any of 'unfair treatment' laws?

Re:A long-time problem (2, Insightful)

secolactico (519805) | more than 7 years ago | (#16983904)

Most of the time, I can't while sober. Is that a g or a 9? Does case matters? That kinda look like an S but could be a distortion...

Re:A long-time problem (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16983064)

The thing about these whingeing crips is that they already get a fucking fortune off the taxpayer and handouts from charities, and meanwhile it's the rest of us who have to suffer (think: fucking stupid unsightly ramps attracting brats on skateboards and roller saktes, crap push taps that piss excessive amounts of water to waste, and so forth). They should just quit whingeing and spend some of their\rieht/our money hiring some cunt to carry them up stairs / help them turn taps / read captchas / whatever.

Re:A long-time problem (2, Interesting)

arivanov (12034) | more than 7 years ago | (#16983882)

You are were joking, but in fact not that far from the truth.

I did DSL installs in an ex-soviet block backwater which is not even in the EU yet in 1998. At that time UK and the rest of Europe (except Scandinavia) was still wetting themselves over a second ISDN channel and 56K modems. In the same country ethernet to the home in big cities is the norm, not the exemption. The cable operators built bandit networks using twisted pair as far back as 1999-2000. So on, so fourth.

Similarly, I had to design, deploy and build QoS aware networks in 1998. UK and the rest of Europe is just about getting there in the last 2 years. US is not even close (regardless of how much noises does ATT make about net neutrality).

Similarly, VOIP was all over the place by 2000 up to an connecting SMEs and it is just about getting there now in EU.

Similarly...

Do not underestimate the effect of an incumbent monopoly on business and technology. In most 3rd world countries the local incumbent has been bypassed and regulation has been ignored. A few bribes here and there have been sufficient to effectively kill off any attempts by the incumbent to prevent the usage of "unallowed" technologies. As a result the deployment of many technologies is 5-6 years ahead of the "civilised world" where the incumbent can use the regulator and police to strangle any technological progress.

Re:A long-time problem (1)

darkain (749283) | more than 7 years ago | (#16982932)

Woah, that just gave me a heavily abusive idea.... What would happen if a "spam server" attempted to load a CAPTCHA page, and then streamed that CAPTCHA image to a different web server as part of a "login" system. Its own login system would just ignore the image itself, but take that user input for it and pass it along to the site it is spamming. This would be a piss poor easy way to get people to break CAPTCHA for FREE. Just shove this sort of bullshit into a popular porn web site, and you have hopeless geeks all day long filling in CAPTCHA information for your spam bots.

Re:A long-time problem (1)

SharpFang (651121) | more than 7 years ago | (#16982994)

Been on /. already, even easier. Want to access free porn? Solve this captcha. And the captcha image gets imported from Yahoo mail account creation page.

Re:A long-time problem (3, Interesting)

ajs318 (655362) | more than 7 years ago | (#16983204)

I'm sure there are ways of defeating that at the CAPTCHA server level. Generate a brand new image every time, and send it out along with a cookie. The cookie is a database key which refers to the CAPTCHA solution; the record also contains the timestamp when the image was generated and the IP address to which it was sent. (NOT the MD5 of the solution: anyone can generate an MD5 for any word and send that as the cookie contents with their word as the answer, effectively bypassing the image altogether.) The answer must not only be correct; it must also come from the same IP address that received the image, and within a reasonable time limit. IP addresses cannot be forged (or else the server would be speaking to the wrong client) and nor can timestamps (which come from the server anyway), so this ought to be fairly robust. Checking the referrer won't help, because referrers can be forged.

The CAPTCHA image and question themselves need some thought as well. Just having a person type some "distorted" text verbatim is a bit christian IMHO, because it's vulnerable to OCR. Insisting to change the order or capitalisation ("type this backwards in all lower case") would be a good start, but there are plenty more techniques involving pictures that only a human being will be able to use; and you can possibly even set a knowledge barrier (by using challenges that will be easy for people in your chosen field but not random idiots) to keep out undesirables.

Re:A long-time problem (1)

ikkonoishi (674762) | more than 7 years ago | (#16983452)

IP addresses cannot be forged (or else the server would be speaking to the wrong client)


Err... Wrong. All they would have to do is put a VPN client on the laptops, and run them through a NATing router on the spammers end (which would probably be necessary on the spammer's end anyway to get the images to the in the first place).

The word 'contact' in this post's captcha was farmed out to an Anonymous Coward

Re:A long-time problem (0)

Anonymous Coward | more than 7 years ago | (#16983532)

Hey retard, try starting your pathetic post with something besides "ummm" or "err." Just because you speak like a moron doesn't mean that you should write like one too.

Re:A long-time problem (2, Funny)

Don'tTreadOnMe (686201) | more than 7 years ago | (#16983526)

Just having a person type some "distorted" text verbatim is a bit christian...

Maybe it's just too early in the morning for me, but what does that mean? That typing distorted text is easy? That it's smart/dumb? That it makes you love your neighbor as you would have them love you?

"a bit christian" (0)

Anonymous Coward | more than 7 years ago | (#16983712)

Maybe it's just too early in the morning for me, but what does that mean? That typing distorted text is easy? That it's smart/dumb? That it makes you love your neighbor as you would have them love you?
Vanilla or white bread, I'm guessing. Oh, or LCD maybe?

I think you get where I'm going here.

Re:A long-time problem (4, Interesting)

user24 (854467) | more than 7 years ago | (#16983558)

this is exactly how most session-based CAPTCHAs work. The timestamp idea is unworkable - it doesn't take that long for data to be ferried half way across the world, so if you implement a timeout, you'll end up pissing off your legitmate users as well thwarting spammers, and if you make the timeout longer it'll render it completely ineffective - what I'm saying is that it takes as long for a spammer to type a captcha as it does a legitmate user.

Stuff like "type this backwards in lower case" won't help *in the least* - it'd be trivial to get past, as trivial as writing a bot to collect email addresses, and we know how many of those there are.

Checking the IP address won't work (unfortunately) because certain ISPs (*cough*AOL*cough*) use multiple outgoing IPs for the same user; it's ridiculous but there you have it.

In any case, IP addresses can be forged; the spammer doesn't need to receive a response, he just needs to send his CAPTCHA and spam message; if he's on 4.3.2.1 and needs to send from 1.2.3.4 then he will - the server's "yes you got it" response will be sent to 1.2.3.4 but the spammer doesn't care; his spam has got through.

In short, there is no serverside way of preventing a captcha from being relayed to/from a 'processor' be it OCR or human.

However, what needs to be remembered is that in 95% of cases, any type of captcha will stop 100% of spam. Most captchas out there are pitifully weak in terms of OCR resistance [ocr-research.org.ua] , have implementation bugs [puremango.co.uk] coming out of their *ahem* and 'in principle' offer no security whatsoever, but they work because most spammers only after the low hanging fruit.

Re:A long-time problem (1)

MickDownUnder (627418) | more than 7 years ago | (#16983624)

I'm sure there are ways of defeating that at the CAPTCHA server level. Generate a brand new image every time, and send it out along with a cookie. The cookie is a database key which refers to the CAPTCHA solution; the record also contains the timestamp when the image was generated and the IP address to which it was sent. (NOT the MD5 of the solution: anyone can generate an MD5 for any word and send that as the cookie contents with their word as the answer, effectively bypassing the image altogether.) The answer must not only be correct; it must also come from the same IP address that received the image, and within a reasonable time limit. IP addresses cannot be forged (or else the server would be speaking to the wrong client) and nor can timestamps (which come from the server anyway), so this ought to be fairly robust. Checking the referrer won't help, because referrers can be forged.

Already done I'm sure most implementations of CAPTCHA's use means to timeout a CAPTCHA and limit that CAPTCHA to one request.

As for the rest of your post as I've already said in this thread, false positives are not the biggest problem with CAPTCHA images, it is the false negatives. CAPTCHAs exclude the blind and visually impaired, people using CAPTCHAs for their site should be more concerned by this than the possibility of spammers circumventing their protection.

Re:A long-time problem (1)

Goaway (82658) | more than 7 years ago | (#16983738)

it must also come from the same IP address that received the image, and within a reasonable time limit.

You know, if you stopped and thought for half a minute, you would see how an IP check is completely useless.

Re:A long-time problem (1)

neoform (551705) | more than 7 years ago | (#16983898)

Locking the captcha to an ip address will cause problems for users who are accessing your site from services like AOL that cycle the user's ip address for every page request. every time i look at my logs and see an aol user, i see about 50 IPs for that one user.

Re:A long-time problem (1)

AngryNick (891056) | more than 7 years ago | (#16983810)

If I am not mistaken, there have been several stories on this kind of thing on Slashdot...

You are correct. For example,Will Solve Captcha for Money? [slashdot.org]

I wonder how much of this is due to forums like /. raising the media's awareness of the the next impending Internet-based doom?

Now what? (1)

Phroggy (441) | more than 7 years ago | (#16982652)

This is deeply troubling. What can be done to stop it?

Re:Now what? (3, Insightful)

cyberon22 (456844) | more than 7 years ago | (#16982818)

Hire someone in the developing world to monitor your blog and clear it of spam. If the cost is insignificant to them it is insignificant to you. And as the cost of labour rises with competition the problem naturally goes away.

Re:Now what? (1)

WolfWithoutAClause (162946) | more than 7 years ago | (#16982828)

A number of things:

  • get rid of corrupt American politicians that took huge backhanders during the CAN-SPAM fiasco
  • get the politicians to write legislation with real bite. It can take up to 15 seconds to delete an email e.g. so 15 seconds of prison time for every sent spam email sounds about right; i.e. 8 months in prison for a million emails. On second thoughts 60 seconds in prison, because they knew what they was doing was wrong, so 30 months in prison. A few spam runs, and it's essentially life imprisonment. Yay! (My heart bleeds, but essentially they kill person lifetimes every time they do a spam run).
  • work out how the spammers get paid, and freeze it out; no dosh, no dodgy email.

Re:Now what? (1)

Phroggy (441) | more than 7 years ago | (#16982928)

get rid of corrupt American politicians that took huge backhanders during the CAN-SPAM fiasco
To my great surprise, it looks like steps are being taken in this direction. Quite a few incumbents got tossed out in the recent election, and the Democrats now in charge are making a fuss about dealing with corruption. Of course I don't expect that to lead anywhere, but at least they're making a fuss.
get the politicians to write legislation with real bite. It can take up to 15 seconds to delete an email e.g. so 15 seconds of prison time for every sent spam email sounds about right; i.e. 8 months in prison for a million emails. On second thoughts 60 seconds in prison, because they knew what they was doing was wrong, so 30 months in prison. A few spam runs, and it's essentially life imprisonment. Yay! (My heart bleeds, but essentially they kill person lifetimes every time they do a spam run).
I'm not convinced that increasing the sentences will serve as a significant deterrent. Many spammers go to great lengths to avoid getting caught.

Also, I'm tired of people complaining that CAN-SPAM is worthless because spammers can easily exploit its loopholes and continue spamming. That simply isn't happening. CAN-SPAM isn't being enforced, so nobody's bothering to try to comply with it. This is an enforcement problem, not a legislative problem (although I would argue that the solution is legislative action to address the enforcement problem by allocating more funding). Once spammers actually start complying with CAN-SPAM, we can decide whether the law needs to be changed to close those loopholes, but until then, what's the point of toughening a law that's being ignored anyway?
work out how the spammers get paid, and freeze it out; no dosh, no dodgy email.
We know how the spammers get paid.

In the case of penny stock scams, the spammers pick some random company, buy a bunch of shares, spam the crap out of it, and unload. The company being advertised probably had nothing to do with the spam, so punishing them doesn't help. The only solution to this is to use technical means to track down the spammer, then sic the SEC on them.

In the case of most other spam, well, spammers lie, cheat, and steal. They find some shady company, and offer to "promote their business over the Internet using legitimate double-opt-in verified mailing lists" for a fee. They collect the money and send the spam. If all goes well, the client may be pleased enough with the additional revenue that they turn to the dark side and make the same deal again. If not, the spammer takes the money and runs... straight to the next client. Again, punishing the clients may not do much good, because many of them are victims of this as well.

Re:Now what? (1)

ajs318 (655362) | more than 7 years ago | (#16983382)

Just because they are victims, does not mean they are blameless. Anyone who hasn't been living in a cave knows this kind of shit is going on.

When a group of people borrow money from a bank, they are "jointly and severally liable" for the outstanding portion of the debt. If a husband and wife borrow £100 000, then the husband pays back his half, each of them is considered still to owe the bank £50 000. If the wife disappears of the face of the planet, well, the husband has 50 000 extra motivating factors to track her down.

Likewise, in some countries, junk food restaurants can be fined if their empty cartons are found littering the street. If a store hands out promotional leaflets and these are later found littering the public highway, the store and the manufacturers of the equipment advertised in the leaflet can be fined.

We should apply the same principle to spam, and make every link in the chain liable for the consequences -- not just the spammer. Any legitimate vendor using spam as a method of advertising should be hauled over the coals as an example to the rest of them. Any company whose shares are pumped-and-dumped should be tried as though they were accessary to the fraud. Any ISP whose equipment (including a user's compromised PC attached to one of their routers) figures in the path of a spam message, or even a response to a spam message, should be fined. The user whose PC got botnetted should be fined. And when the spammers are eventually caught, they should of course be held liable to compensate everyone who was fined for their actions -- with interest.

Maybe that way, somebody would actually be bothered to do something about the spam problem.

Re:Now what? (1)

name*censored* (884880) | more than 7 years ago | (#16983534)

Politicians rely on popularity. If they started promoting something that legally forced little-old-ladies to try and learn how to set up effective AV/firewalls, it would be worse than political suicide; it would be political genocide - especially considering how difficult it is to catch spammers to try and make them recompense the little-old-ladies, what with geopolitical borders/international diplomacy and spammers' tenacity. Although I do like your idea and wish it was enforced, you have to remember that the people with botnetted PCs are victims, not perpetrators - much like when terrorists use innocent people as human shields, it does not mean you can shoot THROUGH them. I'd say that in a perfect world we'd have that legislated, but in a perfect world we wouldn't have spammers to begin with..

Perhaps if someone created a terrible computer virus which could only be erradicated by setting up computer security at a level which would effectively deter spammers, (eg, EFFECTIVE FIREWALLS and CLEAN ISPs) then this would force people to upgrade their security; a little like how the Great Fire of London gutted all the filthy slums...

Re:Now what? (1)

ajs318 (655362) | more than 7 years ago | (#16983844)

I keep having to say this. Just because you are a victim does not mean that you deserve no blame. If you smoke 40 fags a day and die of cancer, it's your fault. If someone steals an axe from your garden shed because you didn't lock it properly and then uses it to murder someone, the fact remains that you -- albeit through negligence -- supplied the weapon. If a 15-year-and-364-day-old girl gets into an over-21s bar, and you take her home and have sex with her, you may be a victim of deception but you're still guilty of paedophilia (even by just one day). It's a little thing called taking responsibility for your own actions. I realise that ambulance-chasing lawyers have painted this concept as somewhat quaint and unfashionable; but such a situation can't last indefinitely, and the sooner it changes, the less it will hurt.

Playing the "Granny having to set up security software" card isn't really valid. Why isn't the software on Granny's computer secure-by-design in the first place? Allowing remote command execution without authentication is just wrong, and the little old ladies of the world should be mad as hell that anyone would let their computers get taken over in this way.

As for not shooting through human shields ..... that's the only thing that makes human shields effective in the first place! Do you really suppose they would use such a tactic if it patently didn't work? If the only thing between a bullet and some evil guy is the two helpless women he's clutching in front of him, well, so be it! Aren't a few innocent civilians a fair price to pay to bring down a terrorist? If someone hijacks a plane, no mucking about - just blow the fucker to smithereens in mid-air. Suddenly you've removed most of the point of hijacking planes (although it must be said, you've certainly created a new potential DoS .....)

Re:Now what? (1)

alexhard (778254) | more than 7 years ago | (#16982858)

What can be done to stop it?

We could always bomb them! :D

Re:Now what? (1)

Phroggy (441) | more than 7 years ago | (#16982956)

We could always bomb them! :D
Right, because that always results in the people in the bombed country wanting to stop doing anything we don't like.

Re:Now what? (0)

Anonymous Coward | more than 7 years ago | (#16982978)

Right, because that always results in the people in the bombed country wanting to stop doing anything we don't like.


No it doesn't. See Iraq.

Re:Now what? (0)

Anonymous Coward | more than 7 years ago | (#16983028)

Double-Whoosh :=)

Re:Now what? (0)

Anonymous Coward | more than 7 years ago | (#16983512)

and another woosh below! Yes ladies and gentlemen I think we have spotted the highly elusive triple-woosh!

n reasons why you are a doofus (1)

Clueless Nick (883532) | more than 7 years ago | (#16983178)

1. The spam did not originate from India. It originated from the US. Somebody, probably a US citizen paid Indians to do his dirty work. So it is a crime against your own people. Care to name it?
2. Indian citizens too are suffering from spam. Therefore, it is a crime against another sovereign nation.
3. The vast, vast majority of Indians have no part in, nor lend support to, this scam.
4. How many problems have you solved with bombing?
5. Vietnam
6. Korea
etc.
etc.
n-3. Iraq-I
n-2. Afghanistan
n-1. Iraq-II
n. Hiroshima and Nagasaki?

So whom should you bomb now?

Re:Now what? (0)

Anonymous Coward | more than 7 years ago | (#16982948)

This is deeply troubling. What can be done to stop it?


I think we'll have to bomb third world countries.

Re:Now what? (0)

Anonymous Coward | more than 7 years ago | (#16983154)

Just the same way I solve ALL spam until now,

Whenever I get spam, I'll blacklist IP (always), IP range (for dialups) and domain (dialups).

Well, my blacklists are at 24000 IPs, 800 domains, but I got almost no spam.

I also believe this could be applied to the captcha problem in some way.

So the question becomes (1)

JanneM (7445) | more than 7 years ago | (#16982666)

The question becomes if the spammers filling in captcha's for blog comments will win or lose over the spammers creating fake blogs. Will some spammers (not the sharpest knives in the drawer) end up paying one set of people doing captchas for new blogs and another set to junk their own blogs by choking them with fake comments?

In any case, the economy of spamming changes fundamentally once it's no longer cost free to do.

using porn to solve captchas (4, Interesting)

CandyMan (15493) | more than 7 years ago | (#16982668)

Cory Doctorow wrote some time ago about an umbeatable way to solve captchas: have a the captcha-circumventing bot connected to a free porn site [boingboing.net] , inline the images in the gateway pages to the photos and videos, and have the porn-seekers gain access by solving the images. They would have the same infrastructure that they would need if they used developing world click-workers, without the hassle of having to arrange payments.

Already done... (0)

Anonymous Coward | more than 7 years ago | (#16982964)

...and on crack/warez sites too. It's an easy win because it's easier to solve the captcha than finding another link, and it's still free as in beer. Still, I'd say the number of captchas would be far lower than just pumping out spam. Then again, in a crappy case of market economics if you block 95% of the spam the remaining 5% get much more valuable.

Re:Already done... (1)

Goaway (82658) | more than 7 years ago | (#16983768)

Where, exactly?

Re:using porn to solve captchas (0)

Anonymous Coward | more than 7 years ago | (#16983232)

Just what CAN'T pr0n solve?

Re:using porn to solve captchas (1)

MickDownUnder (627418) | more than 7 years ago | (#16983574)

Nice idea, but there are going to be problems with this. For starters most CAPTCHA images time out, the bot would need to get it solved by a horny porn dude within about 1min of it being served. Also you have the problem of actuall relaying the image to the horny porn dude. Most CAPTCHA images work by not allowing you to serve the image to more than one request, new request, new CAPTCHA. So they would have to capture the captcha. Tryin to pick the image from the download cache is going to be a little tricky for a single site, I think this gets exponentially harder if you try making a generic CAPTCHA breaking solution.

Most concepts are always easy to talk about. Actually getting these things to work in the real world is another matter. The approach I've taken with my CAPTCHA [mblmsoftware.com] solution is to make it adaptable so that any system someone develops out there to counter it can be quickly unravelled with a few configuration changes.

I think the real problem with CAPTCHA's is not the false positives, but the false negatives. CAPTCHA images exclude the blind and visually impaired, I think this is a bigger problem than horny porn dudes.

Re:using porn to solve captchas (1)

Goaway (82658) | more than 7 years ago | (#16983758)

Tryin to pick the image from the download cache is going to be a little tricky for a single site, I think this gets exponentially harder if you try making a generic CAPTCHA breaking solution.

What the hell are you talking about?

Re:using porn to solve captchas (1)

neoform (551705) | more than 7 years ago | (#16983908)

unbeatable? what's to stop you from putting hotlink protection on the captcha image?

This tell us two things (3, Insightful)

Dark Paladin (116525) | more than 7 years ago | (#16982672)

1. The cost of computing and Internet access have truly dropped to a point to where it is nearly "universal".
2. The Human solution sometimes is the best.

What's going to be interesting is threefold: how do we conquer this problem, and how long until "sweat spam shops" have opened up, and how long until the outsourcers become the main branches? Much like the Cory Doctorow story revolving around sweat shops of MMO players, it might not be long until automated scripts are combined with "sweat shop" style workers, who's only job it so enter in the proper "human" data to fill spam.

On the other hand, as outsourcing has taught us, it is only a matter of time before the outsourcees become the suppliers as they get the training they need. Once the "local guy" starts making up the scripts, it's only a matter of time before he/she goes to open up their own spamming sweat shop. Which is a good thing in a weird way as the article points out - it encourages new business at the expense of annoyance.

The next phase of solutions might have to focus on more detailed question/responses - but there's a danger in this in finding the "sweet spot". You want to make it as expensive as possible for spammers, but not so annoying for your "true customers". Much like my new bank's online service, perhaps, where they made me select my "security image" and more personal questions so I had to enter 2-3 things to truly "log in" the first time.

Re:This tell us two things (0)

Anonymous Coward | more than 7 years ago | (#16982726)

3. The cost of human labor has truly dropped to a point to where it is nearly "universal".

Re:This tell us two things (1)

Xemu (50595) | more than 7 years ago | (#16982868)

2. The Human solution sometimes is the best.

Indeed. So why not outsource the spam filtering, and have a human being in Nigeria read through your mails, and decide if they are spam or not. I am sure they would know if King Mukabuto really was that rich or not.

it is just business (2, Interesting)

PrinceAshitaka (562972) | more than 7 years ago | (#16982678)

I think people should not just be upset with the spammers, but those who buy from spammers. Spammers just fill a market need. If nobody was buying penis pills, you would never be spammed.

Re:it is just business (4, Insightful)

Anonymous Coward | more than 7 years ago | (#16982732)

The problem with this reasoning is that there is only a small group of people buying the pills, but the spam is received by a much larger group.

This is of course because spreading spam costs too little to be worried about pre-selecting the audience. When advertising on TV or sending info by post, companies usually try to match their audience to the product they are going to sell. I.e. they do not send adverts for luxury products to houses in poor neighborhoods, they try to weed their lists so that bouncing addresses are not kept on it forever, etc.
All this to maximize the return on the cost of sending the adverts.

Spammers don't have to do this, because they make money anyway.
When it would cost 1 cent to send a spam message, it would not be worthwile to send it to 100000 addresses and make 1 sale of a $25 product.

Re:it is just business (1, Funny)

Anonymous Coward | more than 7 years ago | (#16982794)

Heh. The other day I got a junk mail offering to help me sell my house. I talked to the landlord, but he assured me, I can not sell my apartment.

Re:it is just business (1)

FireFury03 (653718) | more than 7 years ago | (#16982806)

This is of course because spreading spam costs too little to be worried about pre-selecting the audience.

Whilest spam is by far the worst case, all direct marketting suffers from this problem to some extent. Very little of the crap that's shoved through my door, SMSed or telemarketted to me is actually relevent to me.

At least in the UK we have some of the direct marketting a little more under control (unsolicited SMS messages are illegal... although some do still get sent. Telemarketting to phones registered with the telephone preference service is illegal, not that this seems to stop some telemarketters).

Of course, if it were down to me, direct marketting of all forms would be completely illegal - it's of no benefit to the consumer, unlike things like TV advertising which benefit the consumer by paying for the TV channel.

So really, whilest increased cost would certainly reduce the problem to some extent, the other direct marketting methods show that it will by no means eliminate the problem of untargetted advertising.

Re:it is just business (2, Insightful)

Anonymous Coward | more than 7 years ago | (#16982870)

Whilest spam is by far the worst case, all direct marketting suffers from this problem to some extent. Very little of the crap that's shoved through my door, SMSed or telemarketted to me is actually relevent to me.

I can assure you that all direct marketing bureaus match the product and target audience. When living in a lower-class neighborhoud, you will find very few Mercedes or Jaguar flyers on your doorstep. It will not be perfect, but nobody is just throwing away money they know they can better spend elsewhere.

(maybe it also differs by country; I can assure in certain countries those bureaus have very detailed profiles they can use to target advertisements)

Re:it is just business (3, Funny)

Eggplant62 (120514) | more than 7 years ago | (#16982880)

Easier solution: Kill all those with tiny penes. Only the well-endowed should be allowed to live, thus no need for penis pills. QED.

Re:it is just business (1, Funny)

Anonymous Coward | more than 7 years ago | (#16982988)

Even easier solution: kill everyone with a penis. Never mind the spam; there would be no more violent crime, no more porn, no more rape, no more unwanted pregnancy.

Until we get enough cloning centres established, we could manufacture sperm by factory-farming boys in battery cages. Give them drugs to make them reach puberty sooner, and twist their necks once you've extracted a certain amount of semen from each one (and that's not much; each ejaculation could produce a few hundred million babies with more efficient logistics). Burn the corpses in power stations (it'd be the first time in history a man had done anything useful). Separate out most, but not all, of the Y-chromosome-carrying sperm; so most, but not all, of the babies born will be girls. If a woman is pregnant with a boy foetus, tell her it has a nasty defect and she needs an abortion; then induce it and raise it in an incubator until it's ready for independent existence. Keep the exact method of sperm production a secret. The sperm samples would be indexed by attributes; so when a couple seeking to have a baby went "to have one partner's DNA made into injectable form", in reality the nearest matching sperm would be chosen to inseminate the other partner's egg.

Re:it is just business (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16983048)

Even easier solution: kill everyone with a penis. Never mind the spam; there would be no more violent crime, no more porn, no more rape, no more unwanted pregnancy.

I'd say we'd nuke the entire site from orbit. It's the only way to make sure.

Well (1)

El Lobo (994537) | more than 7 years ago | (#16982696)

This rises some other problem I think. If there is people filling in captchas manually, the only think that could help to stop the madness is to ban the IPs or subnets where the person is working from. This is what I do in my server anyway. From time to time sombody just fills my captcha and spam my guest book. Not a big deal. i just ban the IP and sometimes he's whole subnet. But i see a problem if there are a million persons doing that. A million IP's or subnets banned is now kind of hard work to enter in my ban list :-)

would be happy to do this (0)

Anonymous Coward | more than 7 years ago | (#16982698)

If a spammer wants to pay me a few dollars a day to fill in thousands of words, where do I sign?

I couldn't give a shit if some fat, rich, American nerd who has to reallocate some time playing World of Warcraft gets more stressed over this than the way his government's lobbying of the WTO is retarding prosperity in my country. Let him cry like a little girl who has lost her lipstick thinks it's the end of the world.

Re:would be happy to do this (1)

ajs318 (655362) | more than 7 years ago | (#16983002)

It's more like a few cents a day than a few dollars. And they don't actually pay you anyway. There are enough desperate people in developing countries that it's a reasonable business model to rip them off like this.

Haha, what a clueless article (1)

Lazy Jones (8403) | more than 7 years ago | (#16982704)

Spammers with a brain display the captchas from the site they want to spam on another (fake or not) site and let real users solve them to gain access to pr0n or whatever. Then they can access the original site with the captcha solution. So, it's completely pointless to pay someone for it, I take it the author of this article was just guessing (and without much imagination).

or maybe... (3, Insightful)

idlake (850372) | more than 7 years ago | (#16982712)

It's pretty depressing when one of the primary worries of bringing the third world on-line is that it will drive the cost of breaking anti-spam measures to zero.

In fact, there is a lot of good, low-end on-line work low-skilled third-world labor can do once they are on-line. That's a good development: it gets work done that otherwise wouldn't get done, and it gets people jobs that beat the back-breaking, dangerous work they'd otherwise have to do (provided they aren't too old, weak or ill to do it in the first place).

Hey, maybe that third world labor can also do the spam classification, manually. I'd be willing to pay for that.

Re:or maybe... (1)

joe 155 (937621) | more than 7 years ago | (#16982768)

I agreee that it could be good to get people in the third world to do classification job, if we paid them $2 a day then that would be a really good wage for some of these kids. Unfortunately these computers aren't for the most in need, ironically if we gave the absolute poor who couldn't afford water these OLPC computers then they could do this and buy their own well/cows/goats, which would help with both self esteem and with living conditions (I guess that works as a good refutation of that old troll about them needing other things more...)

To tell you the truth I don't even mind if they pay people in the slightly better off countries who are getting this to break CAPTCHA, I'd rather needy people had it than some ass-hat spammer, and its going to get mechanically broke sooner or later anyway, it was never more than a patch which would never last

Re:or maybe... (1)

iDope (916846) | more than 7 years ago | (#16982786)

Hey, maybe that third world labor can also do the spam classification, manually. I'd be willing to pay for that.
You have no problem with another person reading all your emails?

Re:or maybe... (2, Insightful)

houghi (78078) | more than 7 years ago | (#16983026)

What if the result is an anti-spam sweatshop. Then we would have a REAL moral issue.
1) We boycot them, so the criminals who exploit them don't get any money
2) Keep using them, so the criminals who spam us don't get any money

Dupe/Oldnews (2, Informative)

Threni (635302) | more than 7 years ago | (#16982714)

Re:Dupe/Oldnews (2, Interesting)

MickDownUnder (627418) | more than 7 years ago | (#16983508)

I think this one is a little different, the other article was just a hypothetical, this is actually a real case of spamming occuring with a captcha image.

I also found his quotation from Bill Gates quite interesting...

Oh well. I guess I'll have to sit in the corner with Bill Gates, who declared in January 2004 that "spam will be solved in two years". After you with the pointy-D hat, Bill.

Perhaps Bill was thinking about his trusted/treacherous [slashdot.org] computing model (posted earlier today on slashdot) when he made this statement.

Anyhow old news is good news. It gives me a chance to plug my CAPTCHA solution [mblmsoftware.com] , which will take more than just a few seconds for a 3rd world data entry person to get past. I created this component mainly because I'm trying to make a site that adheres to accessibility standards, which of course is an impossibility if you use CAPTCHA images. The other reason I think CAPTCHA images are a bad idea is OCR. If there isn't already an OCR solution available today I think it is inevitable that there'll one day be one that can read any image that a human can read. But I guess this is one more thing to add to the list of reasons as to why CAPTCHA images are stupid - 3rd world data entry teams.

What I think (1)

iamdrscience (541136) | more than 7 years ago | (#16982730)

In his report, Arthur discusses Nicholas Negroponte's gift of hand-powered laptops to developing nations and the wide array of troubles that could arise as the world's exploitable poor go online."
If you see ten troubles coming down the road, you can be sure that nine will run into the ditch before they reach you.
-- Calvin Coolidge.

No no. Fight the source of the problem (0)

Anonymous Coward | more than 7 years ago | (#16982752)

Poor people filling in catchphas is not the problem.

Spam is the problem.
Why does spam exists? -> Because it works
Why does it work? -> Stupid people exist
Why do stupid people still exist? -> Not enough selection pressure.

So the real question is, how can we select against stupid people?

I suggest spamming a new miracle weight loss diet that calls for eating 2kg of sodium chloride per day.

Previous article (1)

Bogtha (906264) | more than 7 years ago | (#16982782)

Slashdot had an article [slashdot.org] about this a couple of months ago.

This is simply stupid (5, Insightful)

trojjan (994851) | more than 7 years ago | (#16982788)

The very point of spam is it is almost zero cost to the spammer. When you pay people to answer to captchas the zero cost factor disappears. I don't think cheap computers and internet will make the problem dangerous
Not everyone in the third world is going to get computers
Every computer is not going to get internet connected
Not everyone on the internet is going to be spamming
Also consider the fact how much can a single person spam. If the dude with the new cheap computer answers captchas for even 15 hours a day they would hardly generate over a 1000 spam messages which is likely to get the spammer one or two hits. Do you think the spammer is stupid enough to pay for this much profit?

I hope the spammer understands... (2, Interesting)

The Master Control P (655590) | more than 7 years ago | (#16982812)

When someone sets up a fund that pays out to the first person to brutally murder a spammer and hang his head on a lamp post using cat5, it's not personal... it's just business.

Spam will never be stopped as long as the perceived gains > perceived risks. Unless there is a holocaust of stupid people, there will always be people dumb enough to buy from spam, so you're not going to solve this equation by reducing the left side. So raise the right side... Put $10 million into ten Swiss bank accounts. Then get the message out: First ten times a known major spammer is brutally murdered, the first party to provide evidence of their involvement gets the location of a buried bank account key.

I don't usually believe in violence to solve problems, but when you're dealing with people who've demonstrated that there is nothing so depraved they won't do it, and the alternative is governments regulating the 'Net... *shudder*...

Now, speaking seriously (okay, more seriously - hearing that Alan Ralsky got brutally tortured to death on the evening news would KICK ASS), as long as everyone with a brain is absolutely determined to not respond to any spam the problem will never be solved. Why? Because as long as that is true, the S-N ratio at the spammer's inbox will be favorable, because you can never block 100% of spam, and unless you DO, idiots will get it and will click it.

So, e-mail clients should be programmed to automatically respond to EVERY message they get (or at the very least, every message flagged as spam) with an ad-libbed "O rly? tell me more", unless the e-mail came from a known-good mailing list or contact. Result: If even 1% of recipients responded and didn't buy, the signal-to-noise ratio at the bastard's inbox plunges by a factor of a hundred. Everybody responds, and spam-friendly ISPs implode under a digital tsunami of replies. The SOB pumping out 100 million messages can't possibly sort out the 1000 buyers from the 99,999,000 fakes.

And for spammers who use links to their websites: Users submit suspect sites to open database of spammer sites. Sites are voted on; After 100 votes, if the guilty verdict > 90% the site it put in the "to DDOS" list for a client script to retrieve and wget entries from. Certain disreputable hackers, whom the database operators want nothing to do with, unfortunately rent botnets and install this client program on millions of hacked windows boxes. Would that be an immoral action? Yes. Spammers have all the moral restraint of Nazis, and they're winning the spam war - playing nice is no longer an option.

Unfortunately, it won't happen. MS, Google, Yahoo, and Firebird need to incorporate this into all their clients, along with whitelisting utilities, all at once - NGH. Because of the sheep mentality, no one will want to be the first to stand up. In short, like the decay of diamond into graphite, it's *should* happen but has far too high of an energy barrier to actually happen.

Okay, I'm ready - someone ^C^V that stupid checklist.

Re:I hope the spammer understands... (1)

jrockway (229604) | more than 7 years ago | (#16982986)

This is pretty insane, and is not the proper solution. The proper solution is to stop using e-mail. A more workable solution is to setup something like OpenBSD's spamd white/black/greylist program. I use it on my mail server, and it kills about 99% of the spam that is being sent to me. Spamassassin does a pretty good job on the other 1%, and I see about 6-10 spams a week. Not perfect, but it doesn't cost me much in terms of resources, and it keeps e-mail useful for me.

And I don't even have to pay anyone to murder the spammers!

Follow the money (3, Insightful)

Attaturk (695988) | more than 7 years ago | (#16983010)

So, e-mail clients should be programmed to automatically respond to EVERY message they get (or at the very least, every message flagged as spam) with an ad-libbed "O rly? tell me more", unless the e-mail came from a known-good mailing list or contact. Result: If even 1% of recipients responded and didn't buy, the signal-to-noise ratio at the bastard's inbox plunges by a factor of a hundred. Everybody responds, and spam-friendly ISPs implode under a digital tsunami of replies. The SOB pumping out 100 million messages can't possibly sort out the 1000 buyers from the 99,999,000 fakes.
I don't think spammers read the replies - at least they'd be fools if they did. They don't typically expect any useful replies - they're simply acting on behalf of a third party either raising the profile of its brand or promoting some offer. I personally find it more fruitful to go after the organisation being advertised. If someone is touting Viagra, get in touch with the highest marketing authority you can at Pfizer. If someone is selling cheap watches, go to the website where you can buy the watch, go through the process and find out where your money would go and/or who owns the domains etc. Then follow the chain back up to someone who might give a damn and give them a really hard time. If everyone did that it'd be far more effective than replying to the spam mails. :)

Re:Follow the money (1)

pe1chl (90186) | more than 7 years ago | (#16983362)

Of course companies like Pfizer and Rolex are irritated by the spammers but there is not much they can do either.
They are the owners of the brand that gets pirated, but they have not asked the spammers to send the messages. They don't know more about who they are than you.

I think it is more promising to go after the stock spammers. It should be easy to find who is behind them.

r jobs! (1)

alexhard (778254) | more than 7 years ago | (#16982846)

They tk r jebs!

Money (1)

tuxish (1022783) | more than 7 years ago | (#16982852)

I always thought that there are many other ways we can help the poorer nations than giving them technology. With $100 you could almost feed a village for a year, so why waste that sum on a laptop? But now I see the laptop idea could actually work in solving poverty if the people are going to be paid to create havoc..... Obviously though, they're going to need an internet connection which is either going to be very difficult or very expensive in the poorer areas of Africa

I suggest death penalty to spammers! (0, Troll)

itz2000 (1027660) | more than 7 years ago | (#16982854)

I suggest death penalty to spammers!, I hope it will resolve all the spam problem! My Gmail has filtered 900 spam mails in my new account, and my inbox only contained 800 mails! I get more spam then emails! and that's my not published account! I suggest death to spammers, terrorists and bad people ;P

Re:I suggest death penalty to spammers! (1)

TheAlmightyChimp (939529) | more than 7 years ago | (#16982890)

roll them into a fire ants nest!

Blame gmail for spam in your spam folder... (0)

Anonymous Coward | more than 7 years ago | (#16983446)

The spam messages are messages that are sent to a gmail account that is close enough to the one you are using. Because these accounts do not exist, they end up in your spam folder.

Another way to make CAPTCHAs hard to outsource (1)

monkey23 (599166) | more than 7 years ago | (#16982892)

Instead of simple character recognition (which OCR will eventually evolve to beat) use culturally sensitive questions. Knowing the IP, and therefore the probable location of the request, show/display a series of items and have the user complete the sequence. In fact there are numerous variations on the theme: show a picture of cheney, bush, and rice and have the user enter the political party that ties them together. I realize most Americans are st00pid, but if they cant type republican (with liberal spelling variations) do you even want them on your site?

"As long as there's sex and drugs, I can do without the rock and roll"

Re:Another way to make CAPTCHAs hard to outsource (0)

Anonymous Coward | more than 7 years ago | (#16983352)

Maybe this would prompt some upgrades to American education, since this sort of information would actually have a practical use.

That's great! (1)

marcello_dl (667940) | more than 7 years ago | (#16982950)

I'll be able to help poor people in Africa just by putting a captcha controlled access to blogs and stuff, spammers will pay them.

Just business? (5, Funny)

Yaztromo (655250) | more than 7 years ago | (#16982968)

I'm currently hiring 3rd world citizens to kick spammers in the crotch.

To the spammers: it's nothing personal. You have to understand: it's just business.

Yaz.

"the possibility" has long been a reality (0)

Anonymous Coward | more than 7 years ago | (#16983090)

"discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas"

Who are you kidding? They ARE paying people to fill captchas. I have a business that runs large free e-mails systems, we have like 5 million users. About two years ago we started getting caught in RBLs. What happened? The spammers were getting through our captcha, which appears after the Nth email sent in a day.

Solution? Not one we liked, but we set out outgoing spam filters into paranoid mode, and still had to block whole netblocks from Nigeria and Israel because they were sending a surprising amount of custom-made spam.

It's almost unthinkable that people would have such jobs. I tell you, we are in the third world ourselves (living in a mud hut and drinking foul water, and being glad if we even have any, as we are happy to learn every time there's an OLPC story here on Slashdot), but even for our economy it's unthinkable there would be labor that cheap. I'm impressed with Nigeria. And I'm even more impressed with Israel.

It's not like captchas can't be beaten without (1)

Opportunist (166417) | more than 7 years ago | (#16983136)

Scenario: You're a spammer and want someone to fill in a captcha for you.
Solution: Offer a porn-page, where you can "unlock" a picture by filling in a captcha for you.

That captcha comes from a captcha-protected site, of course, and your user solves it for you to see his inspiration material.

I'd wager that would be even cheaper than paying $100 laptop users. I mean, people even pay money for porn, you'd probably have more people wanting to fill in captchas for you than your spam machine can handle.

root cause of spam .. (1)

rs232 (849320) | more than 7 years ago | (#16983250)

Do all those compromised Windows machines in use as spambot networks have anyting to do with the current spam infestation and not some people in developing countries.

Is this really about money? (1)

edxwelch (600979) | more than 7 years ago | (#16983396)

I've being wondering for a long time weither spammers actually make enough money to justify the effort. I'm sure some do, but the scams that they send are so obviously frauduent that there must be a lot of spammers that don't make any money at all. So, why do they do it? I think it's the same reason why people vandalise public property, just because they can, and they enjoy fucking things up for other people.
Basically, it's vandalism of the internet. Spamming isn't just e-mail you know, many wikis and forums are regularly spammed so much that they have become unusable.

Are humans even necessary? (1)

Serious Callers Only (1022605) | more than 7 years ago | (#16983436)

Software like this http://www.botmaster.net/ [botmaster.net] claims to decode many popular captchas anyway - do they need humans to do it for them? With tools like this even an idiot can spam sites protected with captchas, though they'd have to pay through the nose to do it (400 USD!!!). I'd love to see sites like this which profit from stupidity shut down, but as an individual it's hard to see how to do it.

This is just stupid (3, Interesting)

Vexorian (959249) | more than 7 years ago | (#16983460)

Come on!, Remember the usual "Don't teach the poor to read, that would make them a threat"? This all sounds as "don't give the poor any access to the internet, they could become a threat" . And for god's sake it is not like captchas are any difficult for just a program to beat.

I administrate a site with a vBulletin forum, and every once in a while a bot posts messages. Registration requires passing a captcha, in fact, I decided to just remove the captcha, it was seriously not helping stop the spam and was just making the registration harder FOR HUMANS.

BTW: I noticed that Russian bots are more likely to beat captchas.

Maybe a different solution (0)

Anonymous Coward | more than 7 years ago | (#16983644)

Maybe I'm totally stupid, but what if in your submit forms you add an invisible field named like "username" an make it hidden in a paragraph with css?
probably the spambots will fill it, then you check data from incoming form, if it's filled, it's spam.

kain
icoretech.org
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>