Yesterday, August 1, someone pumped 1900+ spam emails to CCIM Designees through our member search system. First, I’d like to apologize to our members for letting that spam through. Second, here’s a bit about how it happened and what we’re going to do about it.
The member search system allows a searcher to check multiple members in the result set and click an email link. This brings up a web form. The first item on that form is a captcha test called gotcha, designed to weed out robotic mailers. This particular spammer passed the captcha test. We don’t know whether the spammer was an actual person who sent the spam to multiple result sets multiple times or was a robot that was able to defeat the captcha test.
We are currently changing the captcha to be one more difficult to decode using image decoder tools and should have that in place in a couple of days. We have also blocked the IP addresses used by the spammer. Finally, we’re going to institute a test within the form to look at the history of the particular sender and IP address and block either if it appears the system has been overused.
Listen to this post
Post a Comment