So yesterday I was looking through my Spam folder and was lucky enough to see an abuse ticket sent to me from my host. I forgot to secure the contact form on a site I designed for a local real estate agent and someone found it and was spamming an AOL list.
Then our email conversation went something like this:
Me: The spam was being sent through a contact form on that site. If you
un suspend the account I can fix the problem. I will add a captcha to
the mail form.
Oleg Korenyuk: Catpcha will not fix the issue 'cause the spam shouldn't be sent at any case (w/ or w/o the correct captcha's code)
I didn't even know how to reply to this. I thought it was fairly obvious that spammers make their money through automation and not by sitting and entering a million captchas a day. And that the whole point of a captcha is to disrupt the automation, thus making it not profitable to spam from your site.
I told him that if he didn't feel good about a captcha I could use a hidden form field or session testing.
They FINALLY unsuspended my account requiring that I change my FTP/email passwords immediately. Because even though the logs showed the spam coming from a contact form on my site it was VERY likely that some twatcake took the time to hack my alpha numeric case sensitive special character using super password to send a new type of Web 2.0 undetectable spam that doesn't show up in the logs.
/rant
Then our email conversation went something like this:
Me: The spam was being sent through a contact form on that site. If you
un suspend the account I can fix the problem. I will add a captcha to
the mail form.
Oleg Korenyuk: Catpcha will not fix the issue 'cause the spam shouldn't be sent at any case (w/ or w/o the correct captcha's code)
I didn't even know how to reply to this. I thought it was fairly obvious that spammers make their money through automation and not by sitting and entering a million captchas a day. And that the whole point of a captcha is to disrupt the automation, thus making it not profitable to spam from your site.
I told him that if he didn't feel good about a captcha I could use a hidden form field or session testing.
They FINALLY unsuspended my account requiring that I change my FTP/email passwords immediately. Because even though the logs showed the spam coming from a contact form on my site it was VERY likely that some twatcake took the time to hack my alpha numeric case sensitive special character using super password to send a new type of Web 2.0 undetectable spam that doesn't show up in the logs.
/rant
