Skip navigation

Captcha is not preventing spam comments from being submitted

May 26, 2012 1:37 PM

Tags: #business_catalyst_blogs
  Latest reply: DragosMan, Dec 10, 2012 12:48 AM
Replies 1 2 3 Previous Next
  • Currently Being Moderated
    Jul 17, 2012 9:26 AM   in reply to ChrisBartell

    We are very much aware that spam engines become more and more sophisticated, and what's happening here is that they can actually read the captcha image and interpret it.

     

    The engineering team is already looking into different solutions to get this fixed, and a fix should be available in the August 21st release.

     

    - Bogdan

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 18, 2012 2:43 AM   in reply to Bogdan Ripa

    Hi Bogdan

     

    This is very good news, thanks for letting us know.  We'll inform our clients the same.

     

    Kind regards

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 18, 2012 6:06 AM   in reply to Bogdan Ripa

    That's great news, Bogdan. Thanks!

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 18, 2012 6:01 PM   in reply to Vincent-1

    Same here Pay Day Loans has cracked the syetem and has done so for a long long time. I just deleted the comments code  from yet another clients blog just this morning to stop it happening. They are not the only ones but one of the more common and it has been quite heavy in the lst few months.

     

    We have also seen a lot of falsified System Messages made to look and feel like a message coming from the partner portal. Basically these false emails are trying to probe for access details and trying to get you to login into a false site. We reported this early last year but never got a response from BC about it. It has been a while now since we have seen one or had one reported by a client but I am sure they are still going on.

     

    I do not think the setup of the BC addressing is very smart either. By having every site retain a public link being http://mybusinessname.businesscatalyst.com allows for spammers to very easily do a search for every site hosted in BC and then sytematically start hacking all. Try typing in .businesscatalyst.com into Goggle and see the scary listings start to appear.

     

    I have heard of spamming farms being setup out of Asia so the cheap 'human' element just goes and spam by hand all day long (what a life).

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 18, 2012 6:27 PM   in reply to Matthew_Wooler

    I doubt anyone has to resort to a captcha farm to beat business catalyst. Just looking at the captcha they serve and comparing it to any other captcha currently in existence should make it obvious that the BC platform wasn't built with the intention of taking users' security seriously.

     

    Matthew_Wooler wrote:

     

    Same here Pay Day Loans has cracked the syetem and has done so for a long long time. I just deleted the comments code  from yet another clients blog just this morning to stop it happening. They are not the only ones but one of the more common and it has been quite heavy in the lst few months.

     

    We have also seen a lot of falsified System Messages made to look and feel like a message coming from the partner portal. Basically these false emails are trying to probe for access details and trying to get you to login into a false site. We reported this early last year but never got a response from BC about it. It has been a while now since we have seen one or had one reported by a client but I am sure they are still going on.

     

    I do not think the setup of the BC addressing is very smart either. By having every site retain a public link being http://mybusinessname.businesscatalyst.com allows for spammers to very easily do a search for every site hosted in BC and then sytematically start hacking all. Try typing in .businesscatalyst.com into Goggle and see the scary listings start to appear.

     

    I have heard of spamming farms being setup out of Asia so the cheap 'human' element just goes and spam by hand all day long (what a life).

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 20, 2012 7:56 AM   in reply to Bogdan Ripa

    This problem is getting to be a huge hassle. I hope that you are taking this seriously. I too am having serious doubts as to whether to choose Business Catalyst as a platform for new customers. I just started a new business and don't know if I will choose BC as a platform for its website—even though I know it well and it would be time effective for me to do so.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 20, 2012 9:00 AM   in reply to Bogdan Ripa

    Late August? We are getting up to a dozen of these payday spam commments per day! Any way to accelerate a solution? Has anyone else figured out a way to beat this thing?

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 20, 2012 5:06 PM   in reply to ChrisBartell

    My clients are getting dozens of these a day. Needless to say they are PISSED OFF. Just remember, **** flows downhill.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 20, 2012 5:09 PM   in reply to mario_gudelj

    Just how long should it take to replace the Captcha module with one that is harder to crack? This has been going on for SIX WEEKS.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 20, 2012 5:17 PM   in reply to raysanford

    Ditto I have had to rip comments out of every website and replace with facebook comments because the lack of action is terrible. Still getting heaps through contact us forms and that has to be fixed because I can't rip those out ... sadly you have wasted so much of my time having to maintain sites when I shouldn't have to.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 21, 2012 5:25 PM   in reply to stp-sarahp

    Just to add my name to the list I have had this happen a few times. Glad to see the update coming. =>

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 23, 2012 9:13 AM   in reply to Lynda Spangler

    Hi all,

     

    we are integrating Akismet in BC. It seems to be the de facto anti-SPAM solution for blogs and forums worldwide

    The current CAPTCHA feature will still be present but we believe that the Akismet integration will make the need for CAPTCHA tools obsolete.

    Also, for any comment that is detected or marked as SPAM (by Akismet or manually by the site owner), the related CRM entry will be automatically deleted so there shouldn't be any effort on your side to manually delete CRM contacts related to spam.

     

    From the time frame perspective, we are considering the release for this feature (as stated above) for late August. Should any change in the release date occur (earlier release), we'll let you know on this thread.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 23, 2012 10:19 AM   in reply to DragosMan

    Glad to hear that Dragos.

     

    From my understanding this will cover blog comments which seem to be the majority of spam. But what about the CPATCHA with other areas like web forms?  While I have not seen spam there if they are bypassing comment CAPTCHA they could bypass the other. (Correct me if I am wrong.) One thought I have had is allowing the use of third party CAPTCHA systems (with an option to use BC's built in CAPTCHA if wanted). I know services like reCAPTCHA are available if you have server side access. I do not know the technical requirements to implement 3rd party CAPTCHA but I would love to see this feature.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 23, 2012 12:49 PM   in reply to DragosMan

    That's good to hear.

     

    @Lynda they do make a recaptcha api for active server, of course. Almost anything would be better than they one they have.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 23, 2012 2:09 PM   in reply to DragosMan

    Thanks for the update Dragosman, that sounds very reassurring. This is something I can explain to my clients and gain their confidence again.

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Jul 23, 2012 8:19 PM   in reply to scratchmybrain

    Tip for people with the issue at the moment:

    IF you have the website URL field - remove it from the form. You should see your spam either stop or vastly reduce. They think they can get their link appear through that so without it, it should reduce the spam.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 30, 2012 9:21 PM   in reply to DragosMan

    Another one here who has seen a sudden spike in spam comments on a blog; currently getting a few dozen a day! Will be very glad to see this improvement made asap.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 1, 2012 6:10 PM   in reply to DragosMan

    It has come to a point where I feel this blog spam issue is at an intolerable state. Yet again for the 4th time in as many weeks I have had a request by yet another a client to remove all ability for the blog to allow comments in order to simply stop the rate of spam comments coming through. Even though the comments were initially moderated in this case to try and stem it, it still meant every day trawling through the comments and deleting all the spam by Payday Loans.

     

    Not only has it totally removed the ability for my clients to even work on a social media level anymore but it makes myself (and I am sure any other partner with the issue) look like idiots for ever recommending this system.

     

    This issue has to be addressed NOW. BC may not care as there is plenty more fish in the sea but for our business a few clients are now speaking about seriously moving and that means we are also looking at other CMS's.

     

    If BC needs volunteer sites to test Akismet I am more than willing to volunteer a few blogs right now.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 1, 2012 6:19 PM   in reply to Matthew_Wooler

    I agree. I'm having to spend several hours a day just helping my clients delete spam comments.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 1, 2012 6:55 PM   in reply to Liam Dilley

    Hi Liam,

    I can't see how I am able to edit the Blog Comment form to remove the URL field. I have inserted the tag {tag_fullname_nolink} in place of {tag_fullname} within the Comments Layout Template in the hope this will help.

    Any help gratefully accepted.

    Cheers

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Aug 1, 2012 8:36 PM   in reply to PeteFaulkner

    In the comment form itself, remove the field asking for website and its label. Seems to have reduced spam on some sites because the temptation of the ability to have a link posted is removed.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 2, 2012 8:51 AM   in reply to Liam Dilley

    Hi all,

     

    we are having this feature for the August release (as announced earlier).

    The Akismet integration will be applied to

    • Blogs
    • News
    • Catalogs
    • FAQ
    • Products
    • WebApps
    • WebPages
    • For forums there will be a different integration

     

    Later on (next release), we are planning some improvements that will make the integration complete.


    Thanks a lot for your patience guys.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 2, 2012 8:59 AM   in reply to DragosMan

    Good news! Thanks.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 7, 2012 1:14 AM   in reply to raysanford

    We're having the same issues as well with tons of spam comments each day. Is there any way to delete them all at once, without having to click on "Delete" one by one?

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Aug 7, 2012 2:05 AM   in reply to Mad Mochi

    Not until they update things Mad

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 10, 2012 4:48 AM   in reply to Liam Dilley

    Hi all,

     

    bulk actions will also be included in this release (e.g. - mark as spam, move in pending, delete). We realized that it is an important feature for sites who receive lots of spammy comments.

    CRM fields related to comments will be managed in the following release.

     

    Thank you for your patience and we're looking forward to releasing this feature at the end of this month.

     

    Dragos Manescu

     

    Product Manager

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 14, 2012 2:57 PM   in reply to DragosMan

    This can't come soon enough. My clients are freaking out more and more every day... Unfortunately, they end up taking out their frustrations on us. Very much looking forward to the update!

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 14, 2012 8:08 PM   in reply to DragosMan

    We have had to disable comments on several client blogs and both they and us are feeling extremely frustrated by this issue. 21st August  can't come soon enough for the new release as the whole thing is costing us time, money and goodwill. As designers and marketers rather than programmers we rely on BC to keep things running smoothly hence our investment in the system. Being made to look like complete 'wallies' in the eyes of our clients is not helpful. Your efforts to resolve this asap are most welcome....

     

    This morning's email from a client

     

    How are you progressing on spam. It is appalling today.

      Deirdre

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 4:48 AM   in reply to saneearthweb

    Hi all,

     

    I wanted to reassure you that we are working at the integration as we speak. Please view these mocks to understand how this will work in the back-end of the website: http://www.businesscatalyst.com/mocks/001%20-%20Akismet.pdf

    For Admin V2 this is quite similar.

     

    Also I want to make it clear that you will not have to delete comments one by one (hence spending a couple of hours everyday - as rayasnford and Mad Mochi were suggesting earlier in this thread) due to the bulk actions feature that we are introducing to comments (please check screens 1,2 and 3 from the mocks). This may happen if spam comments pass through the Akismet filter, or if you just want to mark as SPAM manually some comments.

     

    We still need to run some more feasibility and reliability tests on the integration itself (as we are talking about a sensible integration with a  3rd party provider here),hence we are pushing the entire release (not only for Akismet) for the Monday, the 27th of August.

     

    We definitely understand your pain and your customers' and we are inspired by it to have this integration as reliable as possible.

     

    Next, in September we will be building a few enhancements as mentioned earlier ( the most important being related to CRM fields deletion).

     

    Thanks for your patience,

     

    Dragos M.

     

    Product Manager

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 7:58 AM   in reply to DragosMan

    This looks good Dragos. Can't wait!

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 3:03 PM   in reply to DragosMan

    It is great there is progress shown here but people should not be put off posting complaints about what is happening. My exprience with BC is if things are not complained about openly and somewhat agressively the fixes are always pushed back or not taken seriously. Name and shame is a tried and true method and one of the main reasons I made sure never to white lable BC because reliability of repair has always been dismal. Beter the client know who is directly responsible.

     

    It is going to be great to see this fixed. Will this be just a V3 release or will clients see it in V2? I have some cleints stuck in thier ways and like to use V2. Bit of a pain but maybe this will help move them over.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 3:34 PM   in reply to Matt_Wooler

    Hi Mat_Wooler,

    You're right: complaints should come more often, especially for features that vital for your customers - like this one. I really hope that this thread showed full transparency in our process and understanding in the painpoints that you and your customers feel.

     

    Now, regarding V2 - it should work similarly. An other question arises, do you think that these new features should be only for V3 so that we help your customers move on to V3?

     

    Thanks,

     

    Dragos Manescu

     

    Product Manager

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Aug 15, 2012 4:11 PM   in reply to Matt_Wooler

    Totally agree Matt, I often feel to be the mad Hermit in the cave shouting and screaming crazy talk about issues when others stay tight lipped.

     

    I hate the "ITS BROKE FIX IT" moaning and winning method, that is pointless, but being open about issues, voicing these conerns clearly and vocally is important.

    BC has been slack on actually taking it on board, they listen but often things are not dealt with but I am hoping changes are happening so things are addressed.

     

    If I had one of my issues aired here right now would be that the engineers are not getting back to support and the people with reported bugs and issues effecting operations of their sites and addressing them. There is a huge backlog in this regard and I have several open tickets, some dating in the months which are confirmed bugs effecting our clients that are not fixed.

    Not being able to use shipping calculations based on dimensions because the math is just wrong rendering that feature uselss for example and not being addressed.

    One example of many that concerns me.

     

    @Dragos

    Great work so far, looks good stuff! Hope it works to deal with this issue.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 6:21 PM   in reply to DragosMan

    My opinion is that V2 needs to become redundant at some stage and I am sure BC is of the same view. As to how this is done I canot say. There are already several things that no longer work corrcetly in V2 but switch to V3 and all is good. Really though if it is no extra work to implement into V2 then it should be there. I will be working towards my clients that have made the spam complaints go to V3 as a process to take advantage of the new system enhancements as part of the training.

     

    Thanks again and keep us in the loop.

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Aug 15, 2012 6:40 PM   in reply to Matt_Wooler

    Matt, you probably missed all the anouncmenets and process for V2 etc.

    By default new sites and users see V3, BC have stated about what works and does not ork in V2 and when issues and bugs etc are addressed in the V2.5 (because it is not v3, does not have half of the original v3 concepts) interface then the other will be turned off.
    Currently older users and users who choose to use V2 are the ones using V2. We have pretty much got most clients trainied and on the new UI already.
    Discussions by people on how to do this and BC advise about this change over have been going on for months, since after xmas

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 15, 2012 6:45 PM   in reply to Liam Dilley

    Haaaaa. Ever tried training a old dog new tricks. Some clients just won't budge. Depreciation will happen of course and for them a year or two of V3 should be enough to move over permenantly.

     
    |
    Mark as:
  • Liam Dilley
    6,718 posts
    Feb 28, 2012
    Currently Being Moderated
    Aug 15, 2012 7:16 PM   in reply to Matt_Wooler

    Well they have to, as long as you have advised them and offered to then thats all you can do Matt. When new features come out, things do not work and it is then turned offf you have told them. IT is legacy now, so not updated, only as a result of the new UI changes. But as long as you have it in writing these things to them about it in good time and things do go wrong in regard to them having issues or not knowing how to use the new UI when it is the only one they can not do anything negtive because you have advised them before hand.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 27, 2012 9:39 AM   in reply to Liam Dilley

    Hi all,

     

    today we had our latest release. As promissed, we released the integration with Akismet. In the following 2 releases we will improve this integration, as mentioned in this thread. Please start using it and give us feedback and improvement suggestions.

     

    Kind Regards,

     

    Dragos Manescu

    Product Manager

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 27, 2012 11:40 AM   in reply to DragosMan

    Hi Dragos,

     

    Very happy to have this update happen... In order to implement does this mean that any existing forms need to be replaced for them to have Askimet? I created a test form and the Askimet was not part of the submit validation - it is still the captcha verification field.

     

    Is there a KB piece or other documentation for implementing best practices?

     

    Regards,

     

     

    Art Stiefel

    Smarter By Design, Inc.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 27, 2012 12:59 PM   in reply to DragosMan

    Hi Dragos,

     

    Great update. A vast improvement. Where can we find out exactly how it works, for instance, what happens to the posts once they are marked as spam? So far they just seem to stay there?

     

    Peter

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points