Did the spambots guess the answers to my questions? I think not. I tried the following two questions:
In both cases the answer I specified as correct was
I’m pretty certain that the spambots did not have time to crack the question, so now it is time to find out how they are bypassing the challenge mechanism. I suspect that won’t be too hard to find out, but knowing that is happening narrows the search for the solution to the problem.
The challenge question now has an appropriate answer so you can fee free to comment.
Just one note… Because most of the spam contains a URI with ".info" in it you will not be able to use .info any where in your comments until the problem is solved. Blacklisting is a suitable tool in some cases for some time frames.
In addition to blog comments, if you have questions or other comments you can send them to me at firstname.lastname@example.org
Director of Technical Education
Author ESET Research, ESET