Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I just installed and enabled Spamicide today. Then turned Captcha off to see how well it worked.
Within 10 minutes I had 3 comments added that were caught by Anti-Spam. Looks like they
have worked out the Spamicide mechanisms and work around it. I tried changing the field name
and no luck. I even changed the text for the field and they are still getting through to the next level.
Just thought I would report my findings.
I started with 6x-1.9 and then tried with 6x-1.x-dev and they are still getting through.
Comments
Comment #1
Ela CreditAttribution: Ela commentedAre you sure that they are spambots and not actual people posting spam? (in which case they wont see the hidden field)
Comment #2
dougm CreditAttribution: dougm commentedI suppose it could be people doing it but the timing and consistency makes me think spambot. They settled down to every 10 minutes like clockwork and it went on for several hours before I turned Captcha back on. Are there tests I can do to verify user vs. spambot.
Comment #3
hutch CreditAttribution: hutch commentedCan you see in the logs how quickly the return from the form request is? If it is a few seconds it's likely a bot.
Comment #4
dougm CreditAttribution: dougm commentedIt looks like about a second or two. I'll need to monitor a bit more but for now I have Captcha turned back on.
Comment #5
hutch CreditAttribution: hutch commentedWell it looks like this bot either knows it's on a Drupal site with spamicide enabled (not difficult, it's in the header) or it is parsing the css looking for
display: none;
as applied to a form id.Comment #6
buzzman CreditAttribution: buzzman commentedJust an idea >>>
- what if you apply the CSS with simple JS or with jQuery (using the input field's ID)
- also don't use the Spamicide CSS/JS files and instruct users to include those via an already existing custom mod or in some other mod that isn't related to SPAM, so then there's nothing in the header to shout the name of the mod (this WILL def fool the bot)
haven't tried the module ... just scanning the issues and this occured to me, so posted here.
If this doen't work then surely the bots gettin smarter ;-) huh?
Comment #7
lamp5