Copy link to clipboard
Copied
Captcha does not seem to be working on our blog. (http://www.waterthebamboo.com/_blog/Blog) We are receiving Spam comments multiple times per day. Shouldn't Captcha/Image Verification prevent Spam posts from being submitted via the Form? It's a real pain to have to dig through all these spam posts in the admin.
We are very much aware that spam engines become more and more sophisticated, and what's happening here is that they can actually read the captcha image and interpret it.
The engineering team is already looking into different solutions to get this fixed, and a fix should be available in the August 21st release.
- Bogdan
Copy link to clipboard
Copied
Captcha only eliminates bot spam, not human spammers who can bypass captcha. I haven't used the blog yet because our is set up elsewhere. We moderate comments there, but the drawback to that is that you will lose non-spamming commentors.
Copy link to clipboard
Copied
Sure seems like we're getting a lot of "human" spam then. Are we sure it's "human" or could it be some smart 'botting that is detecting/reading/inputing Captcha?
Copy link to clipboard
Copied
It's possible that there are OCR-capable bots hitting your blog. But there are also tons of people who do nothing more than post spam links on blogs all day long ("work at home" scam jobs, SEO scammers, etc.). If you comment section allows links to be followed by search engine bots you're gonna get hit hard with link spam, so make sure comments are set to "nofollow" and moderate them.
Copy link to clipboard
Copied
hi crafty alien,
how do you make sure comments have Nofollow set on?
Copy link to clipboard
Copied
Perhaps you could add this http://www.robotstxt.org/meta.html to your blog layout.
-m
Copy link to clipboard
Copied
But won't that prevent Search Engine robots from following the blog post URL too?
Copy link to clipboard
Copied
Form what I understand they should go as far as the detailed blog layout and not follow anything from there...
Copy link to clipboard
Copied
Hey Mario - Hey ya i know long time No see!!!! how ya been ....
Thanks for this - The captcha settings wasn't set to enforce - so i ticked it for everything . Why would it not enforce though automatically?
Also - with that meta robots thing do i place it on the blot main layout? or just on the post? and what does this do - i tried reading that doco but it was a bit confusing.
so it doesnt stop regular search bots from following???
Copy link to clipboard
Copied
Heya, it's not forced automatically because some clients use V1 captcha and we can't break the backwards capability.
As for the meta noindex/nofollow, you can place it inside the overall blog layout.
Cheers,
-m
Copy link to clipboard
Copied
Thanks again for your help mario
I have tried the captcha thing (turning it on) but still getting some spam so I am looking into trying the No Index no follow
The thing is I was researching it and it looks like if I used the <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> that would stop search engine bots from indexing the blog posts?? Would that mean that the website would not get the SEO benefit from all posts? http://googlewebmastercentral.blogspot.com.au/2007/03/using-robots-meta-tag.html
I am not sure if I am correct on this does anyone have any feedback on this?
Is there any other way to try and stop bots from filling out the comments? seems these ones are either human or bypassing the captcha still ..... hmmmm
Copy link to clipboard
Copied
There have been several reports in past two weeks of the captcha being compromised. The dev team is currently looking at the fix. No ETA on it yet. Please PM me the blog URL though.
-m
Copy link to clipboard
Copied
I have clients coming at my left right and centre as there has been a massive amount of #paydayloans etc coming through, they don't end up in your unapproved ... it's a little odd. I have heaps on my own site too but they don't show on the blog, in the unapproved but do in the live feed. Is there anything happening at the moment to stop the blogs being exploited?
Copy link to clipboard
Copied
Thats the same with my clients blogs - its the Pay day loans - every day!!!!! sometimes twice!!
Copy link to clipboard
Copied
Yep, the payday loans are the most frequent blog spammers I'm seeing every day.
I would like to try removing the 'website' field from the comments form to see if deters them, but can't find any way to do this 😞
Copy link to clipboard
Copied
Same here Pay Day Loans has cracked the syetem and has done so for a long long time. I just deleted the comments code from yet another clients blog just this morning to stop it happening. They are not the only ones but one of the more common and it has been quite heavy in the lst few months.
We have also seen a lot of falsified System Messages made to look and feel like a message coming from the partner portal. Basically these false emails are trying to probe for access details and trying to get you to login into a false site. We reported this early last year but never got a response from BC about it. It has been a while now since we have seen one or had one reported by a client but I am sure they are still going on.
I do not think the setup of the BC addressing is very smart either. By having every site retain a public link being http://mybusinessname.businesscatalyst.com allows for spammers to very easily do a search for every site hosted in BC and then sytematically start hacking all. Try typing in .businesscatalyst.com into Goggle and see the scary listings start to appear.
I have heard of spamming farms being setup out of Asia so the cheap 'human' element just goes and spam by hand all day long (what a life).
Copy link to clipboard
Copied
I doubt anyone has to resort to a captcha farm to beat business catalyst. Just looking at the captcha they serve and comparing it to any other captcha currently in existence should make it obvious that the BC platform wasn't built with the intention of taking users' security seriously.
Matthew_Wooler wrote:
Same here Pay Day Loans has cracked the syetem and has done so for a long long time. I just deleted the comments code from yet another clients blog just this morning to stop it happening. They are not the only ones but one of the more common and it has been quite heavy in the lst few months.
We have also seen a lot of falsified System Messages made to look and feel like a message coming from the partner portal. Basically these false emails are trying to probe for access details and trying to get you to login into a false site. We reported this early last year but never got a response from BC about it. It has been a while now since we have seen one or had one reported by a client but I am sure they are still going on.
I do not think the setup of the BC addressing is very smart either. By having every site retain a public link being http://mybusinessname.businesscatalyst.com allows for spammers to very easily do a search for every site hosted in BC and then sytematically start hacking all. Try typing in .businesscatalyst.com into Goggle and see the scary listings start to appear.
I have heard of spamming farms being setup out of Asia so the cheap 'human' element just goes and spam by hand all day long (what a life).
Copy link to clipboard
Copied
Just how long should it take to replace the Captcha module with one that is harder to crack? This has been going on for SIX WEEKS.
Copy link to clipboard
Copied
We are getting lots of SPAM on this URL - http://www.theartofvacationing.com/_blog/Timeshare_Talk/post/When_is_Marriott%27s_Maintenance_Fees_N...
All posts.
Copy link to clipboard
Copied
Everyone, please make sure that you have this setting enabled:
Copy link to clipboard
Copied
Thanks Mario though the one that is getting the most payday loans spam already has that setting ticked ... can you help out with any other suggestion?
Copy link to clipboard
Copied
Then it must have been compromised and the bots have found a way around it. I know that the dev team is looking at the was of tackling this at the moment, so please followour blog for further announcements on this issue.
Cheers,
-mario
Copy link to clipboard
Copied
We are getting it as well from "cash advance loan".
Our site: www.lechameauUSA.com
The spammer's email: fkokooeelel@gmail.com. I can forward you the customer comment form if it would help.
Chuck
(And yes, I have CAPTCHA activated and the settings are enabled.)
Copy link to clipboard
Copied
in addition to a better captcha, how about access to a spam blacklist (like akismet?)
also is there an option to just filter out bbcode/html from comments by default?
Copy link to clipboard
Copied
We have had the same problem with all our sites and decided to change them to use the Facebook comment module. We are probably losing a few commenters, but most customers prefer genuine comments over trolls and spammers.