CAPTCHAs, for those not familiar with the acronym, are those little images of distorted words or letters that you have to type in on some sites in order to register as a user or post a comment. The idea is that only a human could read those, while a spambot, even with the help of OCR, could not.

There's been some heated debate about CAPTCHAs ever since they've become commonplace. They are obviously not for people with bad or no eyesight - and even people with good eyesight often have problems deciphering them. Plus, there have already been reports of CAPTCHAs being overcome, either because of bad implementations (the first incarnation for the popular phpBB forum software was such a case) or simply by hiring cheap labour to break them manually.

Now, did you check the email spam you have been getting lately? In order to defeat the Bayesian spam filters, more and more spam is being hidden in images instead of the actual email's message text. The spam filters responded to this by applying OCR to those images and the spammers in turn responded with distorted images. In other words, the (email) spammers are now using methods that have been developed to keep the (comment) spammers out. Nice.

And now, in an even more ironic twist, the anti spammers may even help the spammers, since the makers of spam filters are looking into ways to machine-process, i.e. read, those distorted images.

In other words: Expect CAPTCHAs to become worthless soon.

www.ssl.com may look like a legit and useful site. After all, SSL certificates are a useful and necessary thing, right? However, when you find someone posting "information" about the usefulness of SSL certificates on your site, you may be less convinced about the value you may be getting from that particular site. Especially when they register a new user with your site just to post that "information" again - after their previous user account has been banned.

Certficates are about trust. www.ssl.com, however, is not trustworthy.

Just got a bunch of new users on one of my sites. They all used email adresses from porn-related sites and usernames like messiah8055, hough9150, credential8403, etc.

The domain names used for the email addresses are all hosted on the same server: 195.225.176.115, which belongs to NetcatHosting in the Ukraine. In other words: Nothing good will be coming from there.

Domain names used so far (all .com domains): realitypornhouse, topasianporn, webcam-home, orgy-reality.

More tomorrow, as I only get the logfiles for that site once per day. I'm interested in seeing if this was a bot or manual registrations.

A lot of the web spam (comments, trackbacks, forum posts, story submissions) we're currently seeing is misusing other people's websites to redirect to the spammer's actual site. TWiki, a link script named xLinks, and something called simpleforum are the most popular among spammers right now, it seems.

So, if you're running your own site based on some script: Please check for updates on regular intervals - and install them!

Otherwise, your site may fall victim to a spammer sooner or later. Every software has bugs and bugs on web applications will be exploited mercilessly. read more

... is a children's book by Janosch, in case you were wondering (English title: The Trip to Panama).

Not nearly as cute as that book is that idiot who's spamming us with his links for sites related to Panama (panamatravels, vacationtopanama, thepanamareport, panamarealestatepros, etc. - all as a .com). IP address of the last spam: 200.75.244.136 - which actually is in Panama, so at least he's from there.