Viraj's Weblog

Today I decided to implement captchas on my blog. I dug around and found a neat PHP captcha class called hn_captcha. After a few hours of hacking on the b2evolution code I think I have it integrated pretty well.

It defaulted to using some Microsoft Word fonts which I didn't have (I don't remember when I last used a PC). As a replacement, I used Gentium, the free open source font recently released.

I've removed some restrictions on comments now, and now it's just wait and see how much spam I get. Judging from the previous spams, I cannot tell for sure if they are bot-based. Or at least they are trying to hide this. I have been logging the user agent for the spam posts and the last time 8 spams came in at about the same time, but their user agents looked like:

Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Opera/6.01 (Windows 98; U) [en]
Opera/6.04 (Windows XP; U) [en]
Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; QXW0332q)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)
Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)

The first 5 spams came in at the exact same time (to the second). The next 2 came within 2 minutes later. Are these botnets? If so, why the different user agents? The fact that they all came in within a small time frame says to me they are botnets. The spams that came in are pretty much useless since I was blocking URLs in comments. It's like they are testing botnets on my blog.