There are some measures in place that go beyond just the "plain text" you see.
It prevents most bots from getting through, at least automated bots that seek out empty input boxes and add random stuff to them and attempt to hit a submit button. I had tried Google Recaptcha but there were just too many issues with it, for whatever reason, so I had created my own. I'm still experimenting with several different measures for improving the captcha. I've had two attacks since its creation 2 years ago. The spammer was able to create over 5,000 posts in just a few hours.
The first spammer actually emailed me and was pissed off. The entire email was in Russian but it translated into: "Why did you delete all of my posts I created?" Definitely correlated as it was just a few hours after I deleted them that I received that email.
The most recent attack was just a few weeks ago. I added some additional "captures" which seems to have prevented anything further. These pages were also in Russian and basically just linked to random forums all over the Internet. I don't think MyPost has any potential to give "rank" at all, but I'm pretty sure it's being done for backlinks. It may be that the "spammer" is a live person that goes through the source code and actually writes their own code to break through and create posts on MyPost.
The only thing I can keep doing for the time being is learning their methods and implementing new measures to prevent them from getting through, just as they continue to learn mine. There was a Show HN a few days ago that actually encrypted passwords on the client side, so I may look into that code and revise it to work as a captcha.
I implemented captcha once. There's a python captcha image generating library I used to create many thousands of 4 digit images, served them with a unique key to reference from form, stored the key in redis for fast lookup.
I'm not saying this was a great or even good solution, but attackers would at least have to do OCR on the image to crack it, as opposed to examining the js on the page.
You could try browser fingerprinting[1] for identification and as a second measure (if the spam is coming from the same machine) at least you can prevent them creating further posts.
mattbgates|8 years ago
It prevents most bots from getting through, at least automated bots that seek out empty input boxes and add random stuff to them and attempt to hit a submit button. I had tried Google Recaptcha but there were just too many issues with it, for whatever reason, so I had created my own. I'm still experimenting with several different measures for improving the captcha. I've had two attacks since its creation 2 years ago. The spammer was able to create over 5,000 posts in just a few hours.
The first spammer actually emailed me and was pissed off. The entire email was in Russian but it translated into: "Why did you delete all of my posts I created?" Definitely correlated as it was just a few hours after I deleted them that I received that email.
The most recent attack was just a few weeks ago. I added some additional "captures" which seems to have prevented anything further. These pages were also in Russian and basically just linked to random forums all over the Internet. I don't think MyPost has any potential to give "rank" at all, but I'm pretty sure it's being done for backlinks. It may be that the "spammer" is a live person that goes through the source code and actually writes their own code to break through and create posts on MyPost.
The only thing I can keep doing for the time being is learning their methods and implementing new measures to prevent them from getting through, just as they continue to learn mine. There was a Show HN a few days ago that actually encrypted passwords on the client side, so I may look into that code and revise it to work as a captcha.
le-mark|8 years ago
I'm not saying this was a great or even good solution, but attackers would at least have to do OCR on the image to crack it, as opposed to examining the js on the page.
ripexz|8 years ago
[1] https://github.com/Valve/fingerprintjs2