Subject: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 09:03am
By: winnerdk

Help!

Apparently hackers have cracked and can now defeat the protection previously provided by CAPTCHA. As a result my website is now getting inundated with spam user submissions. Does anyone have any suggestions on how I might be able to respond?

Don
www.panama-guide.com

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 09:32am
By: Dirk

Yeah, I've been struggling with the same problem on several sites over the last few days Rolling Eyes

We knew this day would come. Ultimately, we need a new version of the CAPTCHA plugin that creates different images. Until then, here are some tips and observations:

- most (but not all) of the accounts use hotmail.com or outlook.com email addresses, so I've added those to the list of domains not to allow for registration: Users and Submissions > User Submissions > Automatic Disallow Domains (in the Configuration)

- block IP addresses that signed up the users; many of them will try more than once

- while you're at it, block requests that have "Bork-edition" in the user agent string (this was a fun - legit - version of Opera 7 that nobody really uses any more, but spambots often use that user agent string)

- On a German-language site that I'm running, all the users fail to log in after registration. My guess is that they can't parse the confirmation email. Changing the text of that email may also help (untested).

- The accounts are created for profile spam only, from what I can tell. So banning users (instead of deleting them) and using the two Spam-X modules attached to this issue may also help (they auto-ban users that try to post spammy URLs in their profiles).

HTH. I feel your pain ...

bye, Dirk

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 10:02am
By: winnerdk

- most (but not all) of the accounts use hotmail.com or outlook.com email addresses, so I've added those to the list of domains not to allow for registration: Users and Submissions > User Submissions > Automatic Disallow Domains (in the Configuration)
The problem is I also have valid users who use these types of accounts.

- block IP addresses that signed up the users; many of them will try more than once
That's what I've been doing this morning. I see from the CAPTCHA log that most of the attempts are coming from places like Romania, Ukraine, Thailand, etc. And, I have practically no valid users from those countries, so I don't have any problem at all using the IP Deny Manager to simply block all traffic from those countries. However, sometimes the attempts are coming from individual IP's in the US or other countries where most of my traffic comes from. In those cases, I've been surgically blocking just the offending IP's.

- On a German-language site that I'm running, all the users fail to log in after registration. My guess is that they can't parse the confirmation email. Changing the text of that email may also help (untested).
On my site the new users get stopped at the registration phase, because I have the configuration set so that all new users require approval.

- The accounts are created for profile spam only, from what I can tell. So banning users (instead of deleting them) and using the two Spam-X modules attached to this issue may also help (they auto-ban users that try to post spammy URLs in their profiles).
Interesting. What's the difference between deleting and banning a bogus user account created in this manner? How or why would it be better to ban them, instead of deleting them?

New (related) question. Is there a log, or is there a way to monitor all of the incoming traffic to the website? Or does that have to come from the server level? It would be nice if I could simply look at all of the traffic, and pick off the individual IP addresses that are crating these bogus Spam users.

Thanks for your help.

Don

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 10:15am
By: Dirk

The point of banning a user instead of deleting them is to keep the URL they're spamming for (in their profile) and then use the above-mentioned Spam-X modules to automatically ban other users that try to spam for the same URL. We've seen that sort of profile spam in the past here on geeklog.net, where apparently human visitors created accounts to spam for the same sites over and over again. I even got hold of a PDF that had detailed steps how to do that ... That's when I wrote those 2 modules.

If you don't see that sort of spamming happening on your site, then you can just as well delete the accounts.


You should have access to the webserver's logfile, in one form or another. Check with your hosting provider. That's where you can best see the raw traffic that's happening, including IP addresses and user agent strings.

bye, Dirk

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 10:22am
By: winnerdk

You should have access to the webserver's logfile, in one form or another. Check with your hosting provider. That's where you can best see the raw traffic that's happening, including IP addresses and user agent strings.
Yeah, that's what I'm doing right now. I'm currently in a sort of back and forth war with the spammer. They create a new spam user, I block that IP string, they shift to something else. I'm getting the upper hand...

And I'm just going to be deleting the bogus users, because they never get to the point of being valid users posting Spam URL's - I catch and kill them before they get that far.

Don


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 12:21pm
By: remy

I've seen the same traffic since a week or two. Not so much, but worrying.
There were also invalid attempts to download, which is maybe a omen.
I do see quite a lot of traffic trying to register, and obvious, only a few break through.
After banning the user-agent and the domains Dirk mentioned, the traffic nearly vanished.

I'm using captcha for any input on the website, unless logged in. And I am using the admission queue. So, when they come back to confirm the registration, a captcha fires again. This brings me to the suggestion to add a timeout to the confirmation of registration.
When the timeout expires, the account is silently deleted (or banned, or suspended).
Add to the rule that they must come back with the same IP?


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 05:28pm
By: Laugh

Yeah this started happening for me 2 days a go as well. I got over 100 new users in 10 hours yesterday. I enabled the user submission queue which unfortunately disables OAuth logins.

Today I actually disable registrations all together until I can figure something out.

I also have CAPTCHA enabled for non logged in users.

Do you thing there is a security hole in the captcha program or are they just able to machine read the images?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 05:46pm
By: winnerdk

There was a bunch of articles published going back to October 2013 in which a company had supposedly figured out a way to read or crack Captcha. Now, that has gotten out to the hacker community, and they are using it to spread spam.

I've been focusing on blocking the offending IP addresses. Most of them are in Asia or Eastern Europe, and almost none of my legitimate traffic comes from Romania (for instance) so I have no problem blocking the who damn country...

It started off for me as a fire with 100's of submissions. Throughout the day today I've reduced it to a trickle. I'm still bailing out the boat and plugging holes. Now I'm watching the real time traffic via SSH and the Apache logs, looking to catch and ban the IP's while they are doing the deed. Shhhhhh, be berry berry quiet - I'm huntin' wabbits.

Bottom line = CAPTCHA is toast.

Don

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 07:16pm
By: Laugh

Simple CAPTCHA images can be read already. That is why they have gotten complex over time with lines, changing the orientation of the letter and faded letters. It is not a surprise that the captcha images we use with Geeklog eventually have been figured out by a computer.

The captcha plugin does allow for automated generated captcha and you can also add in new static captcha image sets. Has anyone tried changing to a new static image set or played around the auto generated by changing the backgrounds and fonts?


New ideas for the Captcha plugin would be adding security questions (that are in an image format) that are hard for a computer to figure out but easy for a human.

Something like:

What color is a banana?
What is 2+3-1

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 23/01/14 07:24pm
By: Laugh

There is a lot of captcha ideas here:

http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 06:48am
By: Laugh

I had to lock down the forum last night as it got about 75 spam posts in 2 hours (with captcha enabled).

Ben said in the mailing list that he is working on a fix for the captcha plugin.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:20am
By: remy

I found the traffic is back again.
And I see a problem with gl when the plugin is protected by requiring to be logged in.
F.i. the forum replies on a anonymous post that you should register. Very Good.
However, directly after that, the login form is auto displayed with captcha and such.

Well, if the traffic only seeks forum spam, that action is a invitation to try being registered.
I suspect that these spambots fill the form and respond.

In Apache logs I find endless loops of requests to home, forum, create topic, users, captcha, create topic, users, etc. etc.
Some requests do not seem to await an answer.
Also, most tries do refresh the captcha first before entering data.

Hope this helps.

note: I see only traffic; few spam registrations and none spam posts.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:54am
By: Anonymous

Well isn't this just dandy! Luckily I am not having this issue. I think its because I have been using ZBBLOCK for a few years now. Sure, there has been some adjustments along the way but it is worth it. Reconsider setting it up. It is very configurable and you can customize the signatures for detection. If your users are as loyal to your site as they should be, they'll notify you if they cannot browse your site.

Michael

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:55am
By: ::Ben

I am testing a very simple protection, so maybe it will not be very solid. Instead of submitting a string in the form, users need to clear an input.

Beta is available in Downloads here

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 05:31pm
By: mystral-kk

Hi all, I have uploaded reCAPTCHA plugin to geeklog.net.

This is based on Ben's CAPTCHA plugin (thanks Ben!), using reCAPTCHA service. You have to sign up and get API keys at https://www.google.com/recaptcha/admin/create to use this plugin. I hope this will help you.


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 06:01pm
By: ::Ben

Thank you for the reCaptcha plugin. I got 2 questions:

- How to enable the reCaptcha on a custom registration page?
- Is it possible to move the reCaptcha from the top to the bottom of the form?

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 06:13pm
By: ::Ben

New beta for captcha plugin is available in Downloads. I do not see new spam Cool

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 07:58pm
By: winnerdk

Question guys. When someone on my website clicks on "Sign Up As A New User" they are taken to this link:

http://www.panama-guide.com/users.php?mode=new

On that page there is a three sentence paragraph of text which currently says: "Register with Panama Guide! Creating a user account will give you all the benefits of Panama Guide membership and it will allow you to post comments and submit items as yourself. If you don't have an account, you will only be able to post anonymously. Please note that your email address will never be publicly displayed on this site."

Where is that text located within the Geeklog program? I want to modify the text to say something along the lines of "CAPTCHA has been cracked and as a result this website is now being flooded with bogus spam user account requests. In order to have your account approved you must first be a paid subscriber, and secondly you must notify me via email to don@panama-guide.com that you are creating your account. If you create a user account without first notifying me, it will simply be deleted along with the 100 or so bogus spam accounts I have to clear out every day..."

You get the picture. What file has that text?

Don
www.panama-guide.com

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:28pm
By: Laugh

You will find the text in the language files of Geeklog. If you are using English it would then be either english_utf-8.php or English.php depending if your site is utf-8 or not. All text from Geeklog is found in these language files. Plugins have their own separate language files.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:51pm
By: Laugh

THANKS mystral-kk I just got it installed now on my main site.

Ben I am also trying on another site the CAPTCHA plugin using the GD library instead of static images. I have also downloaded some other fonts and background images so that the images are generated differently. I want to see if this will make a difference. Using the GD library takes a bit more processing power than the static set but you get more unique images.

Ironmax. Thanks for letting us know that ZZBlock seems to block the attacks. I have used ZZBlock before and while I find it a little too aggressive it does work well with Geeklog and the owner does keep it updated to help against new spam bots and bad IP neighbourhoods.


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 08:51pm
By: mystral-kk

Quote by: ::Ben

Thank you for the reCaptcha plugin. I got 2 questions:

1. How to enable the reCaptcha on a custom registration page?
2. Is it possible to move the reCaptcha from the top to the bottom of the form?

Ben



Question 1. Add the lines below to CUSTOM_userForm() function after you create Template object (e.g. just after "$user_templates->set_file('memberdetail', 'memberdetail.thtml'Wink ;"Wink



PHP Formatted Code

if (is_callable('plugin_templatesetvars_recaptcha')) {
    plugin_templatesetvars_recaptcha('registration', $user_templates);
}
 


Question 2. reCAPTCHA, like other CAPTCHA's, should be displayed where you write {captcha} template variable in the template file. With the Modern Curve theme, {captcha} is written at line 22 (users/registration.thtml) before the buttons and reCAPTCHA is displayed there.


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 24/01/14 09:54pm
By: mystral-kk

Ben, I forgot to say that you have to put {captcha} template variable in your "path_layout/custom/memberdetail.thtml" file. You can put it anywhere between <form> and </form> tags.


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 11:31am
By: Laugh

Hi mystral-kk,

I notice that reCAPTCHA not working for the forum (it doesn't display the reCAPTCHA at all). I am looking into this right now (the forum worked fine for the regular CAPTCHA plugin).

reCAPTCHA works for Registration and comment posting and I am now getting only a fraction of new spammy users Big Grin

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 01:42pm
By: Laugh

Okay,

I figured out the issue with the forum. It doesn't work with recaptcha because the forum looks for specific functions from the captcha plugin before it sets the template variable. I have updated createtopic.php of the latest forum version to work with both plugins. For those who want it, email me and I will send it to you (this fix will be included in the next version of the forum).

Also mystral-kk I see what Ben was talking about with the recaptcha appearing at the top of the forum. This happens in the forum unless you update the HTML of the submissionform_main.thtml file of the forum. The reason this happens is that some themes and plugins are setup in a way where the captcha is added to the table row. The captcha plugin handled this by having separate template files for each captcha type (ie registration, forum, article, etc..) and it had the table row information in the corresponding template file. This works fine unless you have a multi theme site or if the Geeklog theme has been updated to use something other than table rows (like Modern Curve).

With recaptcha it inserts a div only (plus the capthca stuff in the div). This is fine in a lot of cases except when you need to add some extra css to place the recaptcha if it is enabled. For example the forum still uses tables. I had to hardcode the extra table row in to the template file and it will appear whether the recaptcha plugin is turned on or off. I also had to add an extra div around the captcha template variable so I could float it to the right. A partial fix to the extra div issue is have the recaptcha plugin insert its own div with a class based on the type. This way in the css file of each Geeklog theme/plugin you could add your own styling for the recaptcha plugin based on the type (forum, registration, article, etc..)

What do you think?

Tom



Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 05:36pm
By: ::Ben

I'm testing a new version of the captcha plugin on geeklog.fr and notice no spam since 24H. You can see it in action on the registration page or on the contact page.

I will clean the code and make a new release on monday.

Ben

PS : Nothing is unbreakable... just a matter of time Mr. Green

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 05:48pm
By: mystral-kk

Quote by: Laugh

Okay,

I figured out the issue with the forum. It doesn't work with recaptcha because the forum looks for specific functions from the captcha plugin before it sets the template variable. I have updated createtopic.php of the latest forum version to work with both plugins. For those who want it, email me and I will send it to you (this fix will be included in the next version of the forum).

Also mystral-kk I see what Ben was talking about with the recaptcha appearing at the top of the forum. This happens in the forum unless you update the HTML of the submissionform_main.thtml file of the forum. The reason this happens is that some themes and plugins are setup in a way where the captcha is added to the table row. The captcha plugin handled this by having separate template files for each captcha type (ie registration, forum, article, etc..) and it had the table row information in the corresponding template file. This works fine unless you have a multi theme site or if the Geeklog theme has been updated to use something other than table rows (like Modern Curve).

With recaptcha it inserts a div only (plus the capthca stuff in the div). This is fine in a lot of cases except when you need to add some extra css to place the recaptcha if it is enabled. For example the forum still uses tables. I had to hardcode the extra table row in to the template file and it will appear whether the recaptcha plugin is turned on or off. I also had to add an extra div around the captcha template variable so I could float it to the right. A partial fix to the extra div issue is have the recaptcha plugin insert its own div with a class based on the type. This way in the css file of each Geeklog theme/plugin you could add your own styling for the recaptcha plugin based on the type (forum, registration, article, etc..)

What do you think?



As you know, I made the reCAPTCHA plugin in haste, so I didn't test it thoroughly with all item types. I just read functions.inc of the CAPTCHA plugin and learned how it works. Anyway, I think it would be better to change the template file of the Forum plugin (maybe submissionform_main.thtml?), because it is costly to deal with this issue on the CAPTCHA's side every time a new CAPTCHA plugin is created.



Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 08:33pm
By: Laugh

Quote by: ::Ben

I'm testing a new version of the captcha plugin on geeklog.fr and notice no spam since 24H. You can see it in action on the registration page or on the contact page.

I will clean the code and make a new release on monday.

Ben

PS : Nothing is unbreakable... just a matter of time Mr. Green




How true. I like the idea Ben. In the plugin is it possible to have captcha, or the slider, or both to display? It would be nice to have all these combined into one plugin and then the user can select which options he wants to use.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 09:07pm
By: mystral-kk

It would be ideal to change Ben's CAPTCHA plugin into one like the Spam-X plugin in that it is a meta plugin, extensible by sub modules so that the user can choose how to provide a CAPTCHA from static images, dynamic images, external service like reCAPTCHA, and so on.


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 09:10pm
By: Laugh

Quote by: mystral-kk

As you know, I made the reCAPTCHA plugin in haste, so I didn't test it thoroughly with all item types. I just read functions.inc of the CAPTCHA plugin and learned how it works. Anyway, I think it would be better to change the template file of the Forum plugin (maybe submissionform_main.thtml?), because it is costly to deal with this issue on the CAPTCHA's side every time a new CAPTCHA plugin is created.


[/p]


I updated submissionform_main.thml to make it work. I also emailed you my updates to the recaptcha plugin. The update adds a div to make styling a little easier.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/01/14 09:22pm
By: Anonymous

I switched to the ReCAPTCHA plugin and it works perfectly for me. No spammer registration attempts are getting past ReCAPTCHA.

I left the CAPTCHA plugin enabled, and that doesn't seem to be a problem. Also it makes it easy to check the captcha log, which shows this for every attempt since I switched to ReCAPTCHA:
"Detected an attempt to bypass CAPTCHA (no session id) in registration"

Maybe that's a clue as to a possible weakness in the CAPTCHA plugin?

Anyway, thanks!

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 26/01/14 12:56am
By: mystral-kk

Quote by: Laugh


I updated submissionform_main.thml to make it work. I also emailed you my updates to the recaptcha plugin. The update adds a div to make styling a little easier.



Thanks, Tom. Based on your improvements, I made v1.0.1 and submitted it to geeklog.net.



Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 26/01/14 10:01am
By: Laugh

Quote by: Anonymous

I switched to the ReCAPTCHA plugin and it works perfectly for me. No spammer registration attempts are getting past ReCAPTCHA.

I left the CAPTCHA plugin enabled, and that doesn't seem to be a problem. Also it makes it easy to check the captcha log, which shows this for every attempt since I switched to ReCAPTCHA:
"Detected an attempt to bypass CAPTCHA (no session id) in registration"

Maybe that's a clue as to a possible weakness in the CAPTCHA plugin?

Anyway, thanks!



Geeklog 2.1.0 comes with it's own log viewer (which long over due). reCAPTCHA and CAPTCHA plugins work internally pretty much the same way. I think the spammers just figured out how to read the CAPTCHA images we use. I still get spammers getting through reCAPTCHA but a lot less than before. I have seen some reports on the net that reCAPTCHA lets through up to 17% of the spammers. That is a fairly high number which I don't currently see on my sites. reCAPTCHA positive feature is that it is maintained by Google and that they can update it as spammers figures thing out. This is also it's negative feature since most spammers will be targeting reCAPTCHA.

I like Ben's slider idea in his updated CAPTCHA plugin.

Ben, I notice it locks the submit button. Does this work with plugins that use CAPTCHA as well? Can we use a combination of the CAPTCHA and the slider?

Here is a feature request. Make it easy to add in new CAPTCHA like security measures by just adding a class to the captcha directory (sort of like how SPAM-X works). If possible also make it easy to have them work in combination of each other.
Big Grin

Another request would be to add some sort of configurable speed control. For example for the CAPTCHA entry to work there must be x number seconds between displaying the form and submitting. Most spam bots problem submit the form in a second or 2 where it will take a user a while to fill out a form before submitting it.



Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 26/01/14 01:26pm
By: ::Ben

Does this work with plugins that use CAPTCHA as well?

Yes. The contact page use the contact plugin. I think that images for catpcha are no more a good solution. Speed limit can be a nicefeature. For the available version, like in the next, I use a simple hidden blank field... Powerfull Cool No one spam since 48H.
Sorry, but I will have no time to make more improvements before the release tomorrow.

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 27/01/14 11:22pm
By: Laugh

Hey Ben,

I tried out your new release today and had the slider working for the registration and forum but it wasn't working for the comments. I slid the slider on the comment edit form and hit submit but it just returned the comment edit form again and didn't submit it for moderation.

I am not sure why it is not working...

Tom

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 29/01/14 07:32am
By: Anonymous

Quote by: Anonymous

I left the CAPTCHA plugin enabled, and that doesn't seem to be a problem.


I was wrong about that. Leaving CAPTCHA enabled alongside ReCAPTCHA causes ReCAPTCHA to fail and produces the log error "You have attempted to bypass the CAPTCHA processing at this site...". I disabled CAPTCHA and now ReCAPTCHA works fine. I check the logs using the Monitor 1.1 plugin (https://www.geeklog.net/article.php/2013062908235210). But spammer registrations are still not getting through, which is a relief.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 29/01/14 08:38am
By: masodo

I just installed CAPTCHA plugin 3.5.2 by ::Ben from Geeklog.fr.

Nice work ::Ben - thank you for taking prompt action against this latest wave of attacks by getting this updated plugin up and running.

I auto installed it with no problems - replacing the previous version of Captcha (3.1 I think) on Geeklog 1.8.1 on BlogDogIt.com

I like the slider concept and look forward to offering this cutting edge solution to BlogDogIt users.

I was going to just switch from Static Images to the GD Lib option - which seemed to shut them down for the hour or so it was configured - so I came here looking for an explanation as to what the "GD Lib" option even IS... but after finding this discussion I decided to jump on this "Squint-Free" solution.

I also posted a little something about this on BlogDogIt.com: Not Yer Pappy's Capcha Big Grin

Fingers crossed... Wink

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 29/01/14 09:05am
By: winnerdk

OK guys, I just installed the reCaptcha plugin and spam user submissions dropped to zero.

Now I see Ben has updated and released a new version of Captcha.

I'm running GL 1.7.1sr1 on this website. Will this new release of Captcha work on my site?

And please don't bother lecturing me on the importance of upgrading. Every time I go down that path it turns into a few days of terror...

Don (OP)

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 29/01/14 11:32am
By: ::Ben

Captcha use the scripts class, so the minimum is Geeklog 1.8.0

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 30/01/14 12:18pm
By: Anonymous

I did not build my site and have no real idea how to install the new Captcha. I have obtained about 1000 new "Users" over the last week and a half. Is there someone who can contact me and walk me through what I need to do to fix this issue?

My Site is www.Southeastmx.com

I think it was built using PhP or something... sorry, I just run the place, didn't know I would have to take lessons in website building..

My email address is Southeastmx@live.com

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 30/01/14 04:14pm
By: ::Ben

JoJmoto I can install the new version of the captcha plugin if you site is powered by Geeklog 1.8.0 or higher or switch to reCaptcha plugin (Geeklog 1.5.0 or higher). Please contact me in private.

Thanks,

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 02/02/14 04:48am
By: ::Ben

Some Geeklog users try to update CAPTCHA plugin from version 4 (japanese version ???) and above to version 3.5+ It won't work. Please uninstall your CAPTCHA plugin V4 first, then install CAPTCHA V3.5

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 14/02/14 12:02pm
By: Anonymous

Hello,

Can Geeklog developer team create a CAPTCHA QUESTION for GeeklogCMS? I have install captcha question on one of my drupal pinboard site and it is very protective. I can create question in my language with answer. all question and answer store in the database. It is good to have with Geeklog.

Thanks.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 17/02/14 08:17pm
By: Laugh

Yes the simple question and answer is a popular choice for security questions and it does work well. Our current options of the Slider (with Captcha) and reCaptcha seem to be working well at the moment though so I don't think anyone has plans to do further updates. (though I could be wrong)

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 21/03/14 03:12pm
By: CavemanJoe

Hey. I'm using Geeklog 1.7.2, and have just installed the ReCaptcha plugin 1.0.1.

It doesn't seem to care what I type in the boxes - it lets new user submissions through just fine.

Any advice?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 21/03/14 09:05pm
By: Laugh

It should work....

Did you try clearing your browser cache. I had the issue when I first installed the plugin. If I remember correctly all I needed to do was clear the cache.

Tom

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 21/03/14 11:29pm
By: CavemanJoe

Spammers are still getting through. Tried using it with the standard captcha enabled, and with it disabled too.

Edit: With the standard captcha disabled, the recaptcha div shows up, and everything looks like it works - but it doesn't matter what I type in the boxes, it just lets me waltz right on in.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 22/03/14 07:34am
By: Laugh

Is anything reported in the error log?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 22/03/14 01:29pm
By: CavemanJoe

Just the recaptcha installation, then a bunch of login attempts for users I've erased:

Fri 21 Mar 2014 18:07:14 UTC - Attempting to install the 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Attempting to create 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to add 'recaptcha' features
Fri 21 Mar 2014 18:07:14 UTC - Adding 'recaptcha.edit' feature to the 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to give all users in the Root group access to the 'recaptcha' Admin group
Fri 21 Mar 2014 18:07:14 UTC - Registering 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Successfully installed the 'recaptcha' plugin!
Fri 21 Mar 2014 18:11:23 UTC - Error, invalid username: 'HeBaylebri'


Also this:
Fri 21 Mar 2014 18:18:23 UTC - 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET validation='QVILD5' WHERE session_id='532c826035cc'' at line 1. SQL in question: UPDATE SET validation='QVILD5' WHERE session_id='532c826035cc'


The rest is just variations on "Error, invalid username X"

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 22/03/14 03:33pm
By: Laugh

Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin?

The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 22/03/14 03:38pm
By: CavemanJoe

Quote by: Laugh

Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin? The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.

I verified that the Captcha plugin was disabled and, just for good measure, I deleted it too. It's still just letting me in with any (or no) text input; look here to see it in action.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/03/14 12:49pm
By: CavemanJoe

(update: Don't look there to see it in action, I had to disable user submissions again)

(update update: I enabled new registrations, signed up for an account while leaving the text boxes empty, and checked the Apache error logs - no errors from my IP address. Frown )

(edit: Probably should've mentioned this before: The spammers have started spamming the forums. Guess they weren't always just gonna be profile spam. :-/ )

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 25/03/14 02:07pm
By: Laugh

Sorry I am not sure why you are getting the error... I cannot seem to replicate it. The recaptcha works on all of the sites I have tried (4 of them)

The latest CAPTCHA plugin works but recquires at least Geeklog 1.8.0. Can you update your site to at least this version (version 1.8.2sr1 would be better)?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 27/03/14 12:08am
By: CavemanJoe

No can do, right now - the game itself still runs some old PHP4 code, and I'd need to upgrade PHP to install a newer Geeklog version. Legacy code ahoy.

I'm taking a look at the recaptcha plugin itself - if I discover a fix, I'll post it here.

EDIT: changed two settings ("Anonymous only" now set to "False," and "Log invalid entries" now set to "True," and now it works. Huzzah! Big Grin )

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 27/03/14 06:32pm
By: Laugh

Not sure why those 2 settings would make a difference (I have them both set to true) but I am glad you got it working. Can you try re-enabling just Anonymous only to see if it still works?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 09:55am
By: worldfooty

I went to using recaptcha for a while but still got tens of spam new user requests per day (down from a 100 or so).

But as of this week I'm running GL1.8.2 * and captcha 3.5.5. Now I'm getting the same kind of spam users queuing up as before upgrading, but up to about 50 per day, which is such a pain to sift through.

I tried to sign up to my site as a new user myself to test that captcha was working, and it shows what looks like a little slider but I couldn't move it and couldn't work out how to proceed. So the great irony here is that I seem to have succeeded in locking out humans but bots are still getting through!

Reading this thread I saw one happy customer:

http://blogdogit.com/users.php?mode=new

and I can move their slider but for me:

http://www.worldfootynews.com/users.php?mode=new

it won't move. Clearly something is wrong with my version. I've tried clearing my cache.

* Given what a huge effort it was to upgrade and shift servers at the same time, it was depressing to realise that when I downloaded 1.8 from geeklog.net somehow I got 1.8.2 instead of 1.8.2sr. I can’t bear the thought of going through it again right now (unless there was just a handful of routines to replace).

Cheers,
Brett

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 10:12am
By: ::Ben

Hi Brett,

In captcha config you can set "Enable CAPTCHA slider " to false.

I'm investigating on this issue.

Ben

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 10:21am
By: remy

@worldfooty:

It looks like jQuery is not initialised properly.
I see complaints that the browser type is not detected (safari, firefox).

And than you have a countdown on the page that tries to access your main content (and is denied). Are you sure that that iFrame is still safe?


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 11:04am
By: worldfooty

Quote by: ::Ben

Hi Brett,

In captcha config you can set "Enable CAPTCHA slider " to false.

I'm investigating on this issue.

Ben



If I do that (I tried) then there is no security on that page, correct? (Other than the new user request will be queued). Or is some other level like image recognition supposed to apply? Because it didn't.

To remy.... thanks for the response but I'm afraid I don't really understand.

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 11:32am
By: ::Ben

Brett,

As I have update your jquery files to make menu plugin works, your jquery-ui files also needed to be update. Clear you browser cache and you might be able to move the slider.

Ben


Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 12/06/14 09:48pm
By: worldfooty

That worked thank you!

And no new spam users since last night (my time).

With those updates you've done, is there anything I need to remember next time I do a fresh install or a version update, or are all the changes in the standard releases?

Re: CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Posted on: 13/06/14 05:37am
By: ::Ben

To make the menu plugin work we need at least jquery 1.7 and Geeklog 2+ use a newer version so next time everything might be ok.

Ben

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=95534