Spam bot getting through?

We're also getting this on one of our sites after many months of spam-free operation.

We are using CAPTCHA 6.x-1.0-rc2, and reCAPTCHA 6.x-1.1.

We'll see several (say 4-5) comments added in the course of 2-3 minutes. This is happening several times a day.

In one burst, several may come from the same IP, but not all. However, in one burst all are added to the same post on our site, regardless of the originating IP.

The comments follow a similar format. The name and homepage are filled in to give a link, then the title and comment body are often quite sensible text. In some cases there is also a url at the end of the comment body.

A strange thing is that the url is either 'www.' followed by a single letter, eg www.s. Or, it is a link to a captcha-related page, eg http://drupal.org/project/egglue_captcha, or http://recaptcha.com/. Almost like someone wants to point out this is broken.

Is anyone else seeing this pattern of spam?

We've turned on comment approval for now, but I'd prefer to find out how they are getting around it.

Here's the log entry for one submission:

218.93.130.140 - - [14/Jul/2009:18:25:55 -0700] "GET /mydomain.com/comment/reply/3306 HTTP/1.1" 200 33114 "http://www.mydomain.com/comment/reply/3306" "Mozilla/5.0f (X11; U; Linux x86_32; en-US; rv:1.9) Gecko/2008061017 Firefox/3.0)"
218.93.130.140 - - [14/Jul/2009:18:26:57 -0700] "POST /mydomain.com/comment/reply/3306 HTTP/1.1" 302 - "-" "Mozilla/5.0f (X11; U; Linux x86_32; en-US; rv:1.9) Gecko/2008061017 Firefox/3.0)"

First, I'd like to note that it is not because you get spam content, that it is from a spam bot getting through. Some people get paid to post spam message all day. And unfortunately, CAPTCHA is ineffective against spam humans.
It's hard to determine if those spam messages you get are really from a CAPTCHA breaking bot or from a CAPTCHA solving human. You can indeed try to monitor the behavior and burst patterns, but it's still tricky to decide if it's an army of bot or humans, I think.

Second, the success rate of a spam bot for solving a CAPTCHA is not zero. It depends largely on the type of CAPTCHA. Take the simple match challenge for example: the answer is always between 1 and 20, so if the bot takes just a random guess, it will have a success rate of 5%. For an image CAPTCHA the success rate will of course be much lower. And for a CAPTCHA where the visitor has to pick the right word from a list of five, the success rate of random guessing will be 20%. So please also mention the CAPTCHA type you use.

Third, You could also try out the Mollom webservice (http://drupal.org/project/mollom), which is a smart combination of spam filtering and CAPTCHA.

I'm having some of the very same problems and I have been using Mollom. The patterns listed above are the same ones I'm seeing with Mollom. It has gotten so bad, I stopped allowing comments until I can find a module that works.

Actually, I had very much the same problem when I was using recaptcha. I then switched to egglue and the problem went away. I'm not sure what the bot was trying to tell me...

And if you're getting trojans just by following links on a site, I'd suggest getting some decent antivirus software asap!

I just got hit yesterday with about a dozen bogus posts. It does look a whole lot like the problem is a simple numbers game with CAPTCHA in general (for a spam bot, anyway), which doesn't have anything to do with the CAPTCHA module itself. Egglue does look a lot harder to crack, so I'm adding that as a CAPTCHA option, too.

http://drupal.org/project/spambot

marked duplicated #1935002: Image CAPTCHA no longer working