Posted on: 01/23/14 09:03am
By: winnerdk
Help!
Apparently hackers have cracked and can now defeat the protection previously provided by CAPTCHA. As a result my website is now getting inundated with spam user submissions. Does anyone have any suggestions on how I might be able to respond?
Don
www.panama-guide.com
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 09:32am
By: Dirk
Yeah, I've been struggling with the same problem on several sites over the last few days
We knew this day would come. Ultimately, we need a new version of the CAPTCHA plugin that creates different images. Until then, here are some tips and observations:
- most (but not all) of the accounts use hotmail.com or outlook.com email addresses, so I've added those to the list of domains not to allow for registration: Users and Submissions > User Submissions > Automatic Disallow Domains (in the Configuration)
- block IP addresses that signed up the users; many of them will try more than once
- while you're at it, block requests that have "Bork-edition" in the user agent string (this was a fun - legit - version of Opera 7 that nobody really uses any more, but spambots often use that user agent string)
- On a German-language site that I'm running, all the users fail to log in after registration. My guess is that they can't parse the confirmation email.
Changing the text of that email[*1] may also help (untested).
- The accounts are created for profile spam only, from what I can tell. So banning users (instead of deleting them) and using the two Spam-X modules
attached to this issue[*2] may also help (they auto-ban users that try to post spammy URLs in their profiles).
HTH. I feel your pain ...
bye, Dirk
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 10:02am
By: winnerdk
- most (but not all) of the accounts use hotmail.com or outlook.com email addresses, so I've added those to the list of domains not to allow for registration: Users and Submissions > User Submissions > Automatic Disallow Domains (in the Configuration)
The problem is I also have valid users who use these types of accounts.
- block IP addresses that signed up the users; many of them will try more than once
That's what I've been doing this morning. I see from the CAPTCHA log that most of the attempts are coming from places like Romania, Ukraine, Thailand, etc. And, I have practically no valid users from those countries, so I don't have any problem at all using the IP Deny Manager to simply block all traffic from those countries. However, sometimes the attempts are coming from individual IP's in the US or other countries where most of my traffic comes from. In those cases, I've been surgically blocking just the offending IP's.
- On a German-language site that I'm running, all the users fail to log in after registration. My guess is that they can't parse the confirmation email.
Changing the text of that email[*1] may also help (untested).
On my site the new users get stopped at the registration phase, because I have the configuration set so that all new users require approval.
- The accounts are created for profile spam only, from what I can tell. So banning users (instead of deleting them) and using the two Spam-X modules
attached to this issue[*2] may also help (they auto-ban users that try to post spammy URLs in their profiles).
Interesting. What's the difference between deleting and banning a bogus user account created in this manner? How or why would it be better to ban them, instead of deleting them?
New (related) question. Is there a log, or is there a way to monitor all of the incoming traffic to the website? Or does that have to come from the server level? It would be nice if I could simply look at all of the traffic, and pick off the individual IP addresses that are crating these bogus Spam users.
Thanks for your help.
Don
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 10:15am
By: Dirk
The point of banning a user instead of deleting them is to keep the URL they're spamming for (in their profile) and then use the above-mentioned Spam-X modules to automatically ban other users that try to spam for the same URL. We've seen that sort of profile spam in the past here on geeklog.net, where apparently human visitors created accounts to spam for the same sites over and over again. I even got hold of a PDF that had detailed steps how to do that ... That's when I wrote those 2 modules.
If you don't see that sort of spamming happening on your site, then you can just as well delete the accounts.
You should have access to the webserver's logfile, in one form or another. Check with your hosting provider. That's where you can best see the raw traffic that's happening, including IP addresses and user agent strings.
bye, Dirk
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 10:22am
By: winnerdk
You should have access to the webserver's logfile, in one form or another. Check with your hosting provider. That's where you can best see the raw traffic that's happening, including IP addresses and user agent strings.
Yeah, that's what I'm doing right now. I'm currently in a sort of back and forth war with the spammer. They create a new spam user, I block that IP string, they shift to something else. I'm getting the upper hand...
And I'm just going to be deleting the bogus users, because they never get to the point of being valid users posting Spam URL's - I catch and kill them before they get that far.
Don
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 12:21pm
By: remy
I've seen the same traffic since a week or two. Not so much, but worrying.
There were also invalid attempts to download, which is maybe a omen.
I do see quite a lot of traffic trying to register, and obvious, only a few break through.
After banning the user-agent and the domains Dirk mentioned, the traffic nearly vanished.
I'm using captcha for any input on the website, unless logged in. And I am using the admission queue. So, when they come back to confirm the registration, a captcha fires again. This brings me to the suggestion to add a timeout to the confirmation of registration.
When the timeout expires, the account is silently deleted (or banned, or suspended).
Add to the rule that they must come back with the same IP?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 05:28pm
By: Laugh
Yeah this started happening for me 2 days a go as well. I got over 100 new users in 10 hours yesterday. I enabled the user submission queue which unfortunately disables OAuth logins.
Today I actually disable registrations all together until I can figure something out.
I also have CAPTCHA enabled for non logged in users.
Do you thing there is a security hole in the captcha program or are they just able to machine read the images?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 05:46pm
By: winnerdk
There was a bunch of articles published going back to October 2013 in which a company had supposedly figured out a way to read or crack Captcha. Now, that has gotten out to the hacker community, and they are using it to spread spam.
I've been focusing on blocking the offending IP addresses. Most of them are in Asia or Eastern Europe, and almost none of my legitimate traffic comes from Romania (for instance) so I have no problem blocking the who damn country...
It started off for me as a fire with 100's of submissions. Throughout the day today I've reduced it to a trickle. I'm still bailing out the boat and plugging holes. Now I'm watching the real time traffic via SSH and the Apache logs, looking to catch and ban the IP's while they are doing the deed. Shhhhhh, be berry berry quiet - I'm huntin' wabbits.
Bottom line = CAPTCHA is toast.
Don
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 07:16pm
By: Laugh
Simple CAPTCHA images can be read already. That is why they have gotten complex over time with lines, changing the orientation of the letter and faded letters. It is not a surprise that the captcha images we use with Geeklog eventually have been figured out by a computer.
The captcha plugin does allow for automated generated captcha and you can also add in new static captcha image sets. Has anyone tried changing to a new static image set or played around the auto generated by changing the backgrounds and fonts?
New ideas for the Captcha plugin would be adding security questions (that are in an image format) that are hard for a computer to figure out but easy for a human.
Something like:
What color is a banana?
What is 2+3-1
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/23/14 07:24pm
By: Laugh
There is a lot of captcha ideas here:
http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 06:48am
By: Laugh
I had to lock down the forum last night as it got about 75 spam posts in 2 hours (with captcha enabled).
Ben said in the mailing list that he is working on a fix for the captcha plugin.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:20am
By: remy
I found the traffic is back again.
And I see a problem with gl when the plugin is protected by requiring to be logged in.
F.i. the forum replies on a anonymous post that you should register. Very Good.
However, directly after that, the login form is auto displayed with captcha and such.
Well, if the traffic only seeks forum spam, that action is a invitation to try being registered.
I suspect that these spambots fill the form and respond.
In Apache logs I find endless loops of requests to home, forum, create topic, users, captcha, create topic, users, etc. etc.
Some requests do not seem to await an answer.
Also, most tries do refresh the captcha first before entering data.
Hope this helps.
note: I see only traffic; few spam registrations and none spam posts.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:54am
By: Anonymous (ironmax)
Well isn't this just dandy! Luckily I am not having this issue. I think its because I have been using
ZBBLOCK[*3] for a few years now. Sure, there has been some adjustments along the way but it is worth it. Reconsider setting it up. It is very configurable and you can customize the signatures for detection. If your users are as loyal to your site as they should be, they'll notify you if they cannot browse your site.
Michael
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:55am
By: ::Ben
I am testing a very simple protection, so maybe it will not be very solid. Instead of submitting a string in the form, users need to clear an input.
Beta is available in Downloads
here[*4]
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 05:31pm
By: mystral-kk
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 06:01pm
By: ::Ben
Thank you for the reCaptcha plugin. I got 2 questions:
- How to enable the reCaptcha on a custom registration page?
- Is it possible to move the reCaptcha from the top to the bottom of the form?
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 06:13pm
By: ::Ben
New beta for captcha plugin is available in
Downloads[*7] . I do not see new spam
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 07:58pm
By: winnerdk
Question guys. When someone on my website clicks on "Sign Up As A New User" they are taken to this link:
http://www.panama-guide.com/users.php?mode=new[*8]
On that page there is a three sentence paragraph of text which currently says: "Register with Panama Guide! Creating a user account will give you all the benefits of Panama Guide membership and it will allow you to post comments and submit items as yourself. If you don't have an account, you will only be able to post anonymously. Please note that your email address will never be publicly displayed on this site."
Where is that text located within the Geeklog program? I want to modify the text to say something along the lines of "CAPTCHA has been cracked and as a result this website is now being flooded with bogus spam user account requests. In order to have your account approved you must first be a paid subscriber, and secondly you must notify me via email to don@panama-guide.com that you are creating your account. If you create a user account without first notifying me, it will simply be deleted along with the 100 or so bogus spam accounts I have to clear out every day..."
You get the picture. What file has that text?
Don
www.panama-guide.com
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:28pm
By: Laugh
You will find the text in the language files of Geeklog. If you are using English it would then be either english_utf-8.php or English.php depending if your site is utf-8 or not. All text from Geeklog is found in these language files. Plugins have their own separate language files.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:51pm
By: Laugh
THANKS mystral-kk I just got it installed now on my main site.
Ben I am also trying on another site the CAPTCHA plugin using the GD library instead of static images. I have also downloaded some other fonts and background images so that the images are generated differently. I want to see if this will make a difference. Using the GD library takes a bit more processing power than the static set but you get more unique images.
Ironmax. Thanks for letting us know that ZZBlock seems to block the attacks. I have used ZZBlock before and while I find it a little too aggressive it does work well with Geeklog and the owner does keep it updated to help against new spam bots and bad IP neighbourhoods.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 08:51pm
By: mystral-kk
Quote by: ::BenThank you for the reCaptcha plugin. I got 2 questions:
1. How to enable the reCaptcha on a custom registration page?
2. Is it possible to move the reCaptcha from the top to the bottom of the form?
Ben
Question 1. Add the lines below to CUSTOM_userForm() function after you create Template object (e.g. just after "$user_templates->set_file('memberdetail', 'memberdetail.thtml' ;"
Text Formatted Code
if (is_callable('plugin_templatesetvars_recaptcha')) {
plugin_templatesetvars_recaptcha('registration', $user_templates);
}
Question 2. reCAPTCHA, like other CAPTCHA's, should be displayed where you write {captcha} template variable in the template file. With the Modern Curve theme, {captcha} is written at line 22 (users/registration.thtml) before the buttons and reCAPTCHA is displayed there.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/24/14 09:54pm
By: mystral-kk
Ben, I forgot to say that you have to put {captcha} template variable in your "path_layout/custom/memberdetail.thtml" file. You can put it anywhere between <form> and </form> tags.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 11:31am
By: Laugh
Hi mystral-kk,
I notice that reCAPTCHA not working for the forum (it doesn't display the reCAPTCHA at all). I am looking into this right now (the forum worked fine for the regular CAPTCHA plugin).
reCAPTCHA works for Registration and comment posting and I am now getting only a fraction of new spammy users
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 01:42pm
By: Laugh
Okay,
I figured out the issue with the forum. It doesn't work with recaptcha because the forum looks for specific functions from the captcha plugin before it sets the template variable. I have updated createtopic.php of the latest forum version to work with both plugins. For those who want it, email me and I will send it to you (this fix will be included in the next version of the forum).
Also mystral-kk I see what Ben was talking about with the recaptcha appearing at the top of the forum. This happens in the forum unless you update the HTML of the submissionform_main.thtml file of the forum. The reason this happens is that some themes and plugins are setup in a way where the captcha is added to the table row. The captcha plugin handled this by having separate template files for each captcha type (ie registration, forum, article, etc..) and it had the table row information in the corresponding template file. This works fine unless you have a multi theme site or if the Geeklog theme has been updated to use something other than table rows (like Modern Curve).
With recaptcha it inserts a div only (plus the capthca stuff in the div). This is fine in a lot of cases except when you need to add some extra css to place the recaptcha if it is enabled. For example the forum still uses tables. I had to hardcode the extra table row in to the template file and it will appear whether the recaptcha plugin is turned on or off. I also had to add an extra div around the captcha template variable so I could float it to the right. A partial fix to the extra div issue is have the recaptcha plugin insert its own div with a class based on the type. This way in the css file of each Geeklog theme/plugin you could add your own styling for the recaptcha plugin based on the type (forum, registration, article, etc..)
What do you think?
Tom
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 05:36pm
By: ::Ben
I'm testing a new version of the captcha plugin on geeklog.fr and notice no spam since 24H. You can see it in action on the
registration page[*9] or on the
contact page[*10] .
I will clean the code and make a new release on monday.
Ben
PS : Nothing is unbreakable... just a matter of time
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 05:48pm
By: mystral-kk
Quote by: LaughOkay,
I figured out the issue with the forum. It doesn't work with recaptcha because the forum looks for specific functions from the captcha plugin before it sets the template variable. I have updated createtopic.php of the latest forum version to work with both plugins. For those who want it, email me and I will send it to you (this fix will be included in the next version of the forum).
Also mystral-kk I see what Ben was talking about with the recaptcha appearing at the top of the forum. This happens in the forum unless you update the HTML of the submissionform_main.thtml file of the forum. The reason this happens is that some themes and plugins are setup in a way where the captcha is added to the table row. The captcha plugin handled this by having separate template files for each captcha type (ie registration, forum, article, etc..) and it had the table row information in the corresponding template file. This works fine unless you have a multi theme site or if the Geeklog theme has been updated to use something other than table rows (like Modern Curve).
With recaptcha it inserts a div only (plus the capthca stuff in the div). This is fine in a lot of cases except when you need to add some extra css to place the recaptcha if it is enabled. For example the forum still uses tables. I had to hardcode the extra table row in to the template file and it will appear whether the recaptcha plugin is turned on or off. I also had to add an extra div around the captcha template variable so I could float it to the right. A partial fix to the extra div issue is have the recaptcha plugin insert its own div with a class based on the type. This way in the css file of each Geeklog theme/plugin you could add your own styling for the recaptcha plugin based on the type (forum, registration, article, etc..)
What do you think?
As you know, I made the reCAPTCHA plugin in haste, so I didn't test it thoroughly with all item types. I just read functions.inc of the CAPTCHA plugin and learned how it works. Anyway, I think it would be better to change the template file of the Forum plugin (maybe submissionform_main.thtml?), because it is costly to deal with this issue on the CAPTCHA's side every time a new CAPTCHA plugin is created.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 08:33pm
By: Laugh
Quote by: ::BenI'm testing a new version of the captcha plugin on geeklog.fr and notice no spam since 24H. You can see it in action on the registration page[*9] or on the contact page[*10] .
I will clean the code and make a new release on monday.
Ben
PS : Nothing is unbreakable... just a matter of time
How true. I like the idea Ben. In the plugin is it possible to have captcha, or the slider, or both to display? It would be nice to have all these combined into one plugin and then the user can select which options he wants to use.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 09:07pm
By: mystral-kk
It would be ideal to change Ben's CAPTCHA plugin into one like the Spam-X plugin in that it is a meta plugin, extensible by sub modules so that the user can choose how to provide a CAPTCHA from static images, dynamic images, external service like reCAPTCHA, and so on.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 09:10pm
By: Laugh
Quote by: mystral-kk
As you know, I made the reCAPTCHA plugin in haste, so I didn't test it thoroughly with all item types. I just read functions.inc of the CAPTCHA plugin and learned how it works. Anyway, I think it would be better to change the template file of the Forum plugin (maybe submissionform_main.thtml?), because it is costly to deal with this issue on the CAPTCHA's side every time a new CAPTCHA plugin is created.
[/p]
I updated submissionform_main.thml to make it work. I also emailed you my updates to the recaptcha plugin. The update adds a div to make styling a little easier.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/25/14 09:22pm
By: Anonymous (Jeff Rivett)
I switched to the ReCAPTCHA plugin and it works perfectly for me. No spammer registration attempts are getting past ReCAPTCHA.
I left the CAPTCHA plugin enabled, and that doesn't seem to be a problem. Also it makes it easy to check the captcha log, which shows this for every attempt since I switched to ReCAPTCHA:
"Detected an attempt to bypass CAPTCHA (no session id) in registration"
Maybe that's a clue as to a possible weakness in the CAPTCHA plugin?
Anyway, thanks!
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/26/14 12:56am
By: mystral-kk
Quote by: Laugh
I updated submissionform_main.thml to make it work. I also emailed you my updates to the recaptcha plugin. The update adds a div to make styling a little easier.
Thanks, Tom. Based on your improvements, I made v1.0.1 and submitted it to geeklog.net.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/26/14 10:01am
By: Laugh
Quote by: AnonymousI switched to the ReCAPTCHA plugin and it works perfectly for me. No spammer registration attempts are getting past ReCAPTCHA.
I left the CAPTCHA plugin enabled, and that doesn't seem to be a problem. Also it makes it easy to check the captcha log, which shows this for every attempt since I switched to ReCAPTCHA:
"Detected an attempt to bypass CAPTCHA (no session id) in registration"
Maybe that's a clue as to a possible weakness in the CAPTCHA plugin?
Anyway, thanks!
Geeklog 2.1.0 comes with it's own log viewer (which long over due). reCAPTCHA and CAPTCHA plugins work internally pretty much the same way. I think the spammers just figured out how to read the CAPTCHA images we use. I still get spammers getting through reCAPTCHA but a lot less than before. I have seen some reports on the net that reCAPTCHA lets through up to 17% of the spammers. That is a fairly high number which I don't currently see on my sites. reCAPTCHA positive feature is that it is maintained by Google and that they can update it as spammers figures thing out. This is also it's negative feature since most spammers will be targeting reCAPTCHA.
I like Ben's slider idea in his updated CAPTCHA plugin.
Ben, I notice it locks the submit button. Does this work with plugins that use CAPTCHA as well? Can we use a combination of the CAPTCHA and the slider?
Here is a feature request. Make it easy to add in new CAPTCHA like security measures by just adding a class to the captcha directory (sort of like how SPAM-X works). If possible also make it easy to have them work in combination of each other.
Another request would be to add some sort of configurable speed control. For example for the CAPTCHA entry to work there must be x number seconds between displaying the form and submitting. Most spam bots problem submit the form in a second or 2 where it will take a user a while to fill out a form before submitting it.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/26/14 01:26pm
By: ::Ben
Does this work with plugins that use CAPTCHA as well?
Yes. The contact page use the contact plugin. I think that images for catpcha are no more a good solution. Speed limit can be a nicefeature. For the available version, like in the next, I use a simple hidden blank field... Powerfull
No one spam since 48H.
Sorry, but I will have no time to make more improvements before the release tomorrow.
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/27/14 11:22pm
By: Laugh
Hey Ben,
I tried out your new release today and had the slider working for the registration and forum but it wasn't working for the comments. I slid the slider on the comment edit form and hit submit but it just returned the comment edit form again and didn't submit it for moderation.
I am not sure why it is not working...
Tom
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/29/14 07:32am
By: Anonymous (Jeff Rivett)
Quote by: AnonymousI left the CAPTCHA plugin enabled, and that doesn't seem to be a problem.
I was wrong about that. Leaving CAPTCHA enabled alongside ReCAPTCHA causes ReCAPTCHA to fail and produces the log error "You have attempted to bypass the CAPTCHA processing at this site...". I disabled CAPTCHA and now ReCAPTCHA works fine. I check the logs using the Monitor 1.1 plugin (https://www.geeklog.net/article.php/2013062908235210). But spammer registrations are still not getting through, which is a relief.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/29/14 08:38am
By: masodo
I just installed
CAPTCHA plugin 3.5.2[*11] by ::Ben from
Geeklog.fr[*12] .
Nice work ::Ben - thank you for taking prompt action against this latest wave of attacks by getting this updated plugin up and running.
I auto installed it with no problems - replacing the previous version of Captcha (3.1 I think) on Geeklog 1.8.1 on
BlogDogIt.com[*13]
I like the slider concept and look forward to offering this cutting edge solution to BlogDogIt users.
I was going to just switch from Static Images to the GD Lib option - which seemed to shut them down for the hour or so it was configured - so I came here looking for an explanation as to what the "GD Lib" option even
IS... but after finding this discussion I decided to jump on this "Squint-Free" solution.
I also posted a little something about this on BlogDogIt.com:
Not Yer Pappy's Capcha[*14]
Fingers crossed...
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/29/14 09:05am
By: winnerdk
OK guys, I just installed the reCaptcha plugin and spam user submissions dropped to zero.
Now I see Ben has updated and released a new version of Captcha.
I'm running GL 1.7.1sr1 on this website. Will this new release of Captcha work on my site?
And please don't bother lecturing me on the importance of upgrading. Every time I go down that path it turns into a few days of terror...
Don (OP)
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/29/14 11:32am
By: ::Ben
Captcha use the scripts class, so the minimum is Geeklog 1.8.0
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/30/14 12:18pm
By: Anonymous (JoJmoto)
I did not build my site and have no real idea how to install the new Captcha. I have obtained about 1000 new "Users" over the last week and a half. Is there someone who can contact me and walk me through what I need to do to fix this issue?
My Site is www.Southeastmx.com
I think it was built using PhP or something... sorry, I just run the place, didn't know I would have to take lessons in website building..
My email address is Southeastmx@live.com
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 01/30/14 04:14pm
By: ::Ben
JoJmoto I can install the new version of the captcha plugin if you site is powered by Geeklog 1.8.0 or higher or switch to reCaptcha plugin (Geeklog 1.5.0 or higher). Please contact me in private.
Thanks,
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 02/02/14 04:48am
By: ::Ben
Some Geeklog users try to update CAPTCHA plugin from version 4 (japanese version ???) and above to version 3.5+ It won't work. Please uninstall your CAPTCHA plugin V4 first, then install CAPTCHA V3.5
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 02/14/14 12:02pm
By: Anonymous (gl-user)
Hello,
Can Geeklog developer team create a CAPTCHA QUESTION for GeeklogCMS? I have install captcha question on one of my drupal pinboard site and it is very protective. I can create question in my language with answer. all question and answer store in the database. It is good to have with Geeklog.
Thanks.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 02/17/14 08:17pm
By: Laugh
Yes the simple question and answer is a popular choice for security questions and it does work well. Our current options of the Slider (with Captcha) and reCaptcha seem to be working well at the moment though so I don't think anyone has plans to do further updates. (though I could be wrong)
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/21/14 03:12pm
By: CavemanJoe
Hey. I'm using Geeklog 1.7.2, and have just installed the ReCaptcha plugin 1.0.1.
It doesn't seem to care what I type in the boxes - it lets new user submissions through just fine.
Any advice?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/21/14 09:05pm
By: Laugh
It should work....
Did you try clearing your browser cache. I had the issue when I first installed the plugin. If I remember correctly all I needed to do was clear the cache.
Tom
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/21/14 11:29pm
By: CavemanJoe
Spammers are still getting through. Tried using it with the standard captcha enabled, and with it disabled too.
Edit: With the standard captcha disabled, the recaptcha div shows up, and everything looks like it works - but it doesn't matter what I type in the boxes, it just lets me waltz right on in.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/22/14 07:34am
By: Laugh
Is anything reported in the error log?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/22/14 01:29pm
By: CavemanJoe
Just the recaptcha installation, then a bunch of login attempts for users I've erased:
Fri 21 Mar 2014 18:07:14 UTC - Attempting to install the 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Attempting to create 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to add 'recaptcha' features
Fri 21 Mar 2014 18:07:14 UTC - Adding 'recaptcha.edit' feature to the 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to give all users in the Root group access to the 'recaptcha' Admin group
Fri 21 Mar 2014 18:07:14 UTC - Registering 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Successfully installed the 'recaptcha' plugin!
Fri 21 Mar 2014 18:11:23 UTC - Error, invalid username: 'HeBaylebri'
Also this:
Fri 21 Mar 2014 18:18:23 UTC - 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET validation='QVILD5' WHERE session_id='532c826035cc'' at line 1. SQL in question: UPDATE SET validation='QVILD5' WHERE session_id='532c826035cc'
The rest is just variations on "Error, invalid username X"
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/22/14 03:33pm
By: Laugh
Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin?
The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/22/14 03:38pm
By: CavemanJoe
Quote by: LaughThose errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin?
The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
I verified that the Captcha plugin was disabled and, just for good measure, I deleted it too.
It's still just letting me in with any (or no) text input; look
here[*15] to see it in action.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/25/14 12:49pm
By: CavemanJoe
(update: Don't look there to see it in action, I had to disable user submissions again)
(update update: I enabled new registrations, signed up for an account while leaving the text boxes empty, and checked the Apache error logs - no errors from my IP address.
)
(edit: Probably should've mentioned this before: The spammers have started spamming the forums. Guess they weren't always just gonna be profile spam. :-/ )
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/25/14 02:07pm
By: Laugh
Sorry I am not sure why you are getting the error... I cannot seem to replicate it. The recaptcha works on all of the sites I have tried (4 of them)
The latest CAPTCHA plugin works but recquires at least Geeklog 1.8.0. Can you update your site to at least this version (version 1.8.2sr1 would be better)?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/27/14 12:08am
By: CavemanJoe
No can do, right now - the game itself still runs some old PHP4 code, and I'd need to upgrade PHP to install a newer Geeklog version. Legacy code ahoy.
I'm taking a look at the recaptcha plugin itself - if I discover a fix, I'll post it here.
EDIT: changed two settings ("Anonymous only" now set to "False," and "Log invalid entries" now set to "True," and now it works. Huzzah!
)
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 03/27/14 06:32pm
By: Laugh
Not sure why those 2 settings would make a difference (I have them both set to true) but I am glad you got it working. Can you try re-enabling just Anonymous only to see if it still works?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 09:55am
By: worldfooty
I went to using recaptcha for a while but still got tens of spam new user requests per day (down from a 100 or so).
But as of this week I'm running GL1.8.2 * and captcha 3.5.5. Now I'm getting the same kind of spam users queuing up as before upgrading, but up to about 50 per day, which is such a pain to sift through.
I tried to sign up to my site as a new user myself to test that captcha was working, and it shows what looks like a little slider but I couldn't move it and couldn't work out how to proceed. So the great irony here is that I seem to have succeeded in locking out humans but bots are still getting through!
Reading this thread I saw one happy customer:
http://blogdogit.com/users.php?mode=new
and I can move their slider but for me:
http://www.worldfootynews.com/users.php?mode=new
it won't move. Clearly something is wrong with my version. I've tried clearing my cache.
* Given what a huge effort it was to upgrade and shift servers at the same time, it was depressing to realise that when I downloaded 1.8 from geeklog.net somehow I got 1.8.2 instead of 1.8.2sr. I can’t bear the thought of going through it again right now (unless there was just a handful of routines to replace).
Cheers,
Brett
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 10:12am
By: ::Ben
Hi Brett,
In captcha config you can set "Enable CAPTCHA slider " to false.
I'm investigating on this issue.
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 10:21am
By: remy
@worldfooty:
It looks like jQuery is not initialised properly.
I see complaints that the browser type is not detected (safari, firefox).
And than you have a countdown on the page that tries to access your main content (and is denied). Are you sure that that iFrame is still safe?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 11:04am
By: worldfooty
Quote by: ::BenHi Brett,
In captcha config you can set "Enable CAPTCHA slider " to false.
I'm investigating on this issue.
Ben
If I do that (I tried) then there is no security on that page, correct? (Other than the new user request will be queued). Or is some other level like image recognition supposed to apply? Because it didn't.
To remy.... thanks for the response but I'm afraid I don't really understand.
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 11:32am
By: ::Ben
Brett,
As I have update your jquery files to make menu plugin works, your jquery-ui files also needed to be update. Clear you browser cache and you might be able to move the slider.
Ben
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/12/14 09:48pm
By: worldfooty
That worked thank you!
And no new spam users since last night (my time).
With those updates you've done, is there anything I need to remember next time I do a fresh install or a version update, or are all the changes in the standard releases?
Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Posted on: 06/13/14 05:37am
By: ::Ben
To make the menu plugin work we need at least jquery 1.7 and Geeklog 2+ use a newer version so next time everything might be ok.
Ben