Δευτέρα, 19 Μαρτίου 2012

Blue Captcha : How it all began.

You just landed in this page because probably you are a blogger and you have your own WordPress blog(s). And i can feel that you share the same doubts, fears and anxiety about your favorite blog's security with me.

I began thinking about creating my own Captcha WordPress plugin after noticing that something is wrong with my blogs. In particular, one of my blogs suddenly started receiving incredibly high number of user registrations, fact that i could hardly explain. I had 30-40 user registrations daily and i couldn't stop it!

Of course i tried lots of the already-existing WP Captcha plugins in order to control the situation and stop the spammers. Some of these plugins helped me to limit spammers' attacks while other Captcha plugins turned out to be totally ineffective and really disappointing. Of course i found 2-3 excellent Captcha plugins that really helped me and provided me with good results. I was not totally satisfied though. Then i decided that it was high time to develop my own Captcha plugin and implement it with the features i always wanted to have!

Then i came up with Blue Captcha concept. I wrote the 1st version of this plugin within a few days but it still misses some features i need. But i will definitely include these features in future versions.

After finishing its beta version (which didn't include blocking options), it came the time to apply it onto my spammer-attacking blog. I couldn't believe my eyes after viewing the Log File on following day! See for yourself and think about the protection of your blogs...


Almost all of the above cases are bot attacks - especially cases A, B, C and D.

First of all, all of the bot spammers gave an empty CAPTCHA content. But this is because Blue Captcha is still a new plugin.
The first two cases (A & B) are a typical example of a spammer trying to bypass registration form. That's the reason of this insanely high response time! But the spammer didn't count that a software can measure some factors...
In third case (C), it took user almost 1.5 second to enter his username & email address, distinguish CAPTCHA content, enter CAPTCHA letters and submit the registration form! Wow, only superman could do this!!! Not to mention that a few seconds earlier the same user tried to register with a completely different username!
In case D, the spammer used proxy server but he didn't know that some proxies are detectable...