Spam wars

2009/02/26 at 13:45

My friend Susan and I maintain the Religious Resources directory. Users can submit sites for inclusion in our directory, but Susan and I personally review all submitted sites before they appear in the directory.
Years ago, we started getting bots that would fill out and submit the site submission form, so I implemented a captcha system. A while back, the spammers figured out how to defeat the captcha, so the bogus submissions started flowing again. The other day, I changed the verification mechanism for the site submission form, so I’m one step ahead of the spam bots again. I’ve foiled the bots for the time being.
After changing the verification, I saw a few bogus submissions still coming through. I noticed that the information was appropriate for the submissions: the ‘site name’ field contained a site name, the ‘URL’ field contained a URL, and, most tellingly, the submitter had selected an appropriate category for the site.
The spam bots tend to enter data in fields pretty randomly, so this consistency struck me. I emailed Susan and told her that some of these bogus submissions must be hand-entered. However, I was doubtful about that, since this seems like such a time-consuming activity, but I really couldn’t think of any other plausible explanation.
Yesterday, I checked the recently submitted sites and found this one (that’s a screen capture from our admin page; click on it for a larger version):
Theory confirmed. However, I don’t know how to defeat cheap labor.