[conspire] Web spam and yandex forms

[Rick Moen]

Quoting Akkana Peck (akkana at shallowsky.com):

> Reading Rick's description of his English questions and Bruce
> Schneier's question, I got to thinking how I could ask NM-specific
> questions, like "What's the Governor's first name?" or "What shape
> is the state capitol?" or "red or green?" (The real answer to that
> last one is of course green, but I'll probably allow red or Christmas
> for nonbelievers.) And I figure I'll put the questions and their
> allowable answers in a local file that the flask site reads, not
> in the checked-in code where anyone could see the answers on github.

The point is that such a general mechanism could allow you to use _any_
sort of (non-ambiguous, basic) question and answer.  If some spammer
actually bothered to code algorithmic handling of your red vs. green vs.
"Christmas" (i.e., both) NM-chiles question -- which I greatly doubt --
then you could respond by changing it to "Was it Judy Garland or Bert Lahr
who played main protagonist Dorothy Gale in the most famous, 1939 MGM
musical version of The Wizard of Oz?  Please answer either 'Judy' or
'Bert'."   

Your aim is not to defeat a coder who's devoting his/her life to
overwhelming your site with comment spam, and willing to recode
algorithms repeatedly to keep doing it.  Your aim is to defeat totally
automated comment bots, which are stupid and not very adaptable.

I'll bet that, if you asked Schneier whether his dirt-simple trick is
still working despite his not having _even_ changed the question in many
years, he'd say "yes".  Sure, any comment bot can be custom-tweaked for
schneier.com to supply the answer "security" (or "Security"), but it's
in the nature of comment-bot operators that they have no incentive to
custom-tweak their code to make it adaptable to myriad site-unique
defences.  They don't need to:  They're not targeting schneier.com.
They're targeting the vast number of totally undefended forms with a
one-size-fits-most attack.

Thus, getting back to immunology and pandemics ;->  ,  genetic diversity
is key to defence, because comment spam's guiding philosophy is "Yes,
we're stupid, but we make it up in numbers."   Quirky is good.


> Meanwhile I've figured out how to ban IPs in apache. In the past
> day the requests have all come from two IPs, though I know that will
> change and I'll have to add more over time, and I'm noting when IPs
> are added in case I want to move them off the blacklist after a
> while. I think I'm going to need some intelligent log-monitoring
> scripts, keeping track of which IPs are seen when.

Playing IP address whack-a-mole is a losing game.