Damn, I better check how my CAPTCHA system is working. It’s very possible that this is what they are doing.

I’m using Filosofo Comments Preview plugin to generate my CAPTCHA so I’m not exactly sure how they implement it..

You might want to google “bypass captcha”, it’s very interesting. It seems that some captcha systems can be bypassed without any OCR. In some cases for example, you just “log” to the captcha once manually, and you can reuse the session ID for ever in a script after that.

Hmmm… Very interesting. It does looks like script then. I’m wondering how it is bypassing my CAPTCHA though.

I’m pretty sure it’s a script, otherwise the guy in front of the keyboard is absolutely dumb. He/it is trying again and again to post trackbacks spam on my blog and get a 403 from the very beginning. Few more facts :

– it simulates a Windows Firefox browser, and the machine runs FreeBSD
– POST requests have no Browser, but GET requests have one
– neither POSTs nor GETs have a referer
– it tries to POST before GET’ing the web page it’s trying to POST to
– it GETs only html, never img/css/js content
– it’s working like a robot, I get POST requests every hours of the day, from 00 to 23.

But, may be, there is a human AND a script :/

Is it really a script? I haven’t really seen many scripts that can do OCR on the fly, and my comments have a CAPTCHA. Admittedly, it’s not the strongest one, but still.

I shot an email to their abuse contact. Let’s see if it does anything.

I think it’s a FreeBSD server in their CoLo facility. You can see the ssh and freebsd versions are pretty old : SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
You might want to get in touch with their Abuse contact, the more we are, the more chance we have they turn this box off.
And as far as I can tall, it’s not manual spamming, it’s a script.