Skip to content

Spammers versus captcha

Note to readers: this post doesn’t talk about securing against spam bots completely; my personal belief is that any captcha can be decoded. In this post, I share my learning about the captcha.

First time when I saw captcha [I did not know what it was]; I just used to enter it without knowing why it exists. Later on, I started to get to know when I hosted my forum using phpBB platform and got to meet my friends who were spammers. On a daily basis, I was getting 100’s of spammers [Traffic was good LOL but, bad traffic and more time consuming as I had to clean all the crap being the admin]. I used to get very frustrated when I had to clean up and when I used to see porn topics in my forum which used to irritate my users.

Sreenurajvarma asked me a question, why these spammers spam and who write these spam bots. My answer to that was, advertisers go to these spam bot programmers or the ones who have the software for spamming and pay those people to spam across the blogs / forums / classified ads to increase back-links and traffic ranking. Let me explain it to you more precisely, there are software’s which can crawl through the web and find out wordpress blogs / phpBB forums running websites and make a list of them. So, let’s say 1000 forums is a list and the spammer boy puts in the ad text and starts the process and BOOM!!! 1 link on 1000 forums, out of these 1000 forums let’s say 100 people know that it’s a spam and delete and others think that it’s a good comment. So, you see how the advertising campaign was done.

Identifying the spam

If you are using wordpress or blogger you might get comments like, “I liked your blog post very much”. When you look at this you feel it’s a genuine comment but, make sure you see the e-mail or website mentioned. You will see something related to insurance / porn or something very un-specific and e-mails ending with like .ru etc. You can do a Google and find out more about it to blacklist them.

Banning with IP or Domain name

Better ways is to ban using wildcards or you can also ban using domain name. Most of the spammers I see have their e-mail ending with *.ru. My first attempt to know it’s a spammer or not is by looking at the e-mail address.

Using captcha

Captcha fails; it’s not complete secured system. It’s like, you have alarm set if some thieves get into the secured perimeter but, that alarm can fail if the thief manages to cut the circuit or use some hack to not make it work. Similarly, captcha could be broken or decoded by the bots. However, there is some good captcha [re-Captcha] that you can get.

Captcha decoding

  • If the text for captcha could be read from GUI or source code it’s easy to decode it
  • If the captcha is fetching some values / code from the resource properties file then it can be decoded
  • Character decoding in images, there are some software(s) which could do this job
  • Learning about textured background, inconsistent colors which could confuse bots always and make their job hard to decode the captcha

Akismet for wordpress

If you are using wordpress blog then you might know about Akismet which is used to help get rid of spammers [Not completely]. If it’s a personal blog then you can generate the code and activate it, if it’s commercial you got to subscribe for monthly subscription which is for few dollars.

I see that some of the spam comments have been reduced on my blog now because of Akismet activation. Before that I had added captcha, but it did not work.


Leave a comment if this post gave you some idea about captcha / spammers etc.



I have been as a software tester for over 5 years. I am a hands-on tester and I've been winning bug battles & testing competitions across the world. I am a testing enthusiast, who conducts free workshops on security testing across India (Covered locations: Bengaluru, Pune, Hyderabad & Chennai. Invite him to come to your location), and monthly meets for testers in Bengaluru. I am also an avid testing blogger.

My interests include traveling, driving my SUV, health & fitness and many others. I mentor budding entrepreneurs, testers, teams in any profession.

Latest posts by SanthoshTuppad (see all)


Post a Comment

Your email is never published nor shared. Required fields are marked *