One of my client sites just noticed a bunch of spam comments in their articles, which concerns me as they have reCAPTCHA enabled.

 

I found this article claiming that reCAPTCHA had been cracked but I'm taking it with a grain of salt as it is an internet artlice after all...

 

So I was wondering if any other developers or administrators out there have noticed anything similar?  And how will the developers of K2 react to this. if reCAPTCHA truly has been broken...?

 

cheers,:Duane

There are several programs out there that will calculate the recaptcha phrase with about a 20% accuracy. This has been true for a while although the accuracy is improving.  Recaptcha's weakness is that it uses words, hence it is easier to estimate what the correct answer is.  Decaptcher.com, for example, will crack 1,000 recaptcha phrases for $2.

I always put in a form field and then hide it with css.  The spambot will put something in the field and then I test to make sure the field is empty. This works even better if you label the field url or email or something similar. Eventually they'll get on to this, but for now it works.  Also consider the fact that overseas labor is cheap and it might not have been a bot.

Terry:
Have you coded a conditional that checks the hidden field before allowing submit? I've used a similar plugin for Wordpress called invisible captcha (or something like that) - it would be great if we had that for K2 as well...
-Alan

@Terry: I've successfully used similar hidden field methods in the past in lieu of CAPTCHA.  Haven't implemented anything for K2 yet though.

 

Are you able to employ your method without any core hacking?  It would be ideal if we had a plugin that adds a field like you describe.

@Duane, I haven't gotten far enough on my first project with k2 to implement the hidden field yet.  I'll do it when I get closer to going live. But from what I've seen you would have to hack form.php to add the field and then check that it is empty.

 

@Alan, as mentioned above just hack form.php to add a field and then check that the field is empty.  Form.php already does some conditinal checks on submit so just add it to that portion of the code.

@Terry@Duana

 I'll give it a whirl and see how it turns out - if successful, I'll post mods here.

i started receiving spam the last few days.

I'm having exactly the same problem! Did you found a solution?

K2 should make some comments verification as SMF forum registration has.

reCaptcha is cracked (and every other known even faster), and i fought with spammers at my forum for weeks. Every day i had to delete at least 30 spammers account. (and many spam posts)

 

And then i made an experiment with a question and answer for registration. Simple question as tex "What is capital od France?" Answer is not case sensitive.

 

Imagine what happened ? Number of spammers drop to (0) Zero.

Same can use for K2 comments. Captcha and bebeath captcha some simple question.

That way at least you know you fight not automatised scripts.

Sorry, case insensitive sholud be.