Welcome to Geeklog, Anonymous Thursday, October 03 2024 @ 11:03 pm EDT
Geeklog Forums
CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour
Page navigation
Status: offline
::Ben
Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Some Geeklog users try to update CAPTCHA plugin from version 4 (japanese version ???) and above to version 3.5+ It won't work. Please uninstall your CAPTCHA plugin V4 first, then install CAPTCHA V3.5
I'm available to customise your themes or plugins for your Geeklog CMS
I'm available to customise your themes or plugins for your Geeklog CMS
27
23
Quote
gl-user
Anonymous
Hello,
Can Geeklog developer team create a CAPTCHA QUESTION for GeeklogCMS? I have install captcha question on one of my drupal pinboard site and it is very protective. I can create question in my language with answer. all question and answer store in the database. It is good to have with Geeklog.
Thanks.
Can Geeklog developer team create a CAPTCHA QUESTION for GeeklogCMS? I have install captcha question on one of my drupal pinboard site and it is very protective. I can create question in my language with answer. all question and answer store in the database. It is good to have with Geeklog.
Thanks.
24
26
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Yes the simple question and answer is a popular choice for security questions and it does work well. Our current options of the Slider (with Captcha) and reCaptcha seem to be working well at the moment though so I don't think anyone has plans to do further updates. (though I could be wrong)
One of the Geeklog Core Developers.
One of the Geeklog Core Developers.
26
37
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Hey. I'm using Geeklog 1.7.2, and have just installed the ReCaptcha plugin 1.0.1.
It doesn't seem to care what I type in the boxes - it lets new user submissions through just fine.
Any advice?
Silly browser RPG: improbableisland.com!
It doesn't seem to care what I type in the boxes - it lets new user submissions through just fine.
Any advice?
Silly browser RPG: improbableisland.com!
22
29
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
It should work....
Did you try clearing your browser cache. I had the issue when I first installed the plugin. If I remember correctly all I needed to do was clear the cache.
Tom
One of the Geeklog Core Developers.
Did you try clearing your browser cache. I had the issue when I first installed the plugin. If I remember correctly all I needed to do was clear the cache.
Tom
One of the Geeklog Core Developers.
32
27
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Spammers are still getting through. Tried using it with the standard captcha enabled, and with it disabled too.
Edit: With the standard captcha disabled, the recaptcha div shows up, and everything looks like it works - but it doesn't matter what I type in the boxes, it just lets me waltz right on in.
Silly browser RPG: improbableisland.com!
Edit: With the standard captcha disabled, the recaptcha div shows up, and everything looks like it works - but it doesn't matter what I type in the boxes, it just lets me waltz right on in.
Silly browser RPG: improbableisland.com!
31
33
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Just the recaptcha installation, then a bunch of login attempts for users I've erased:
Also this:
The rest is just variations on "Error, invalid username X"
Silly browser RPG: improbableisland.com!
Fri 21 Mar 2014 18:07:14 UTC - Attempting to install the 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Attempting to create 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to add 'recaptcha' features
Fri 21 Mar 2014 18:07:14 UTC - Adding 'recaptcha.edit' feature to the 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to give all users in the Root group access to the 'recaptcha' Admin group
Fri 21 Mar 2014 18:07:14 UTC - Registering 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Successfully installed the 'recaptcha' plugin!
Fri 21 Mar 2014 18:11:23 UTC - Error, invalid username: 'HeBaylebri'
Fri 21 Mar 2014 18:07:14 UTC - Attempting to create 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to add 'recaptcha' features
Fri 21 Mar 2014 18:07:14 UTC - Adding 'recaptcha.edit' feature to the 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to give all users in the Root group access to the 'recaptcha' Admin group
Fri 21 Mar 2014 18:07:14 UTC - Registering 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Successfully installed the 'recaptcha' plugin!
Fri 21 Mar 2014 18:11:23 UTC - Error, invalid username: 'HeBaylebri'
Also this:
Fri 21 Mar 2014 18:18:23 UTC - 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET validation='QVILD5' WHERE session_id='532c826035cc'' at line 1. SQL in question: UPDATE SET validation='QVILD5' WHERE session_id='532c826035cc'
The rest is just variations on "Error, invalid username X"
Silly browser RPG: improbableisland.com!
25
24
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin?
The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
One of the Geeklog Core Developers.
The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
One of the Geeklog Core Developers.
28
23
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Quote by: Laugh
I verified that the Captcha plugin was disabled and, just for good measure, I deleted it too.
It's still just letting me in with any (or no) text input; look here to see it in action. Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin? The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
Silly browser RPG: improbableisland.com!
22
26
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
(update: Don't look there to see it in action, I had to disable user submissions again)
(update update: I enabled new registrations, signed up for an account while leaving the text boxes empty, and checked the Apache error logs - no errors from my IP address. )
(edit: Probably should've mentioned this before: The spammers have started spamming the forums. Guess they weren't always just gonna be profile spam. :-/ )
Silly browser RPG: improbableisland.com!
(update update: I enabled new registrations, signed up for an account while leaving the text boxes empty, and checked the Apache error logs - no errors from my IP address. )
(edit: Probably should've mentioned this before: The spammers have started spamming the forums. Guess they weren't always just gonna be profile spam. :-/ )
Silly browser RPG: improbableisland.com!
27
24
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Sorry I am not sure why you are getting the error... I cannot seem to replicate it. The recaptcha works on all of the sites I have tried (4 of them)
The latest CAPTCHA plugin works but recquires at least Geeklog 1.8.0. Can you update your site to at least this version (version 1.8.2sr1 would be better)?
One of the Geeklog Core Developers.
The latest CAPTCHA plugin works but recquires at least Geeklog 1.8.0. Can you update your site to at least this version (version 1.8.2sr1 would be better)?
One of the Geeklog Core Developers.
25
23
Quote
Status: offline
CavemanJoe
Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
No can do, right now - the game itself still runs some old PHP4 code, and I'd need to upgrade PHP to install a newer Geeklog version. Legacy code ahoy.
I'm taking a look at the recaptcha plugin itself - if I discover a fix, I'll post it here.
EDIT: changed two settings ("Anonymous only" now set to "False," and "Log invalid entries" now set to "True," and now it works. Huzzah! )
Silly browser RPG: improbableisland.com!
I'm taking a look at the recaptcha plugin itself - if I discover a fix, I'll post it here.
EDIT: changed two settings ("Anonymous only" now set to "False," and "Log invalid entries" now set to "True," and now it works. Huzzah! )
Silly browser RPG: improbableisland.com!
32
22
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Not sure why those 2 settings would make a difference (I have them both set to true) but I am glad you got it working. Can you try re-enabling just Anonymous only to see if it still works?
One of the Geeklog Core Developers.
One of the Geeklog Core Developers.
29
33
Quote
Status: offline
worldfooty
Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
I went to using recaptcha for a while but still got tens of spam new user requests per day (down from a 100 or so).
But as of this week I'm running GL1.8.2 * and captcha 3.5.5. Now I'm getting the same kind of spam users queuing up as before upgrading, but up to about 50 per day, which is such a pain to sift through.
I tried to sign up to my site as a new user myself to test that captcha was working, and it shows what looks like a little slider but I couldn't move it and couldn't work out how to proceed. So the great irony here is that I seem to have succeeded in locking out humans but bots are still getting through!
Reading this thread I saw one happy customer:
http://blogdogit.com/users.php?mode=new
and I can move their slider but for me:
http://www.worldfootynews.com/users.php?mode=new
it won't move. Clearly something is wrong with my version. I've tried clearing my cache.
* Given what a huge effort it was to upgrade and shift servers at the same time, it was depressing to realise that when I downloaded 1.8 from geeklog.net somehow I got 1.8.2 instead of 1.8.2sr. I can’t bear the thought of going through it again right now (unless there was just a handful of routines to replace).
Cheers,
Brett
But as of this week I'm running GL1.8.2 * and captcha 3.5.5. Now I'm getting the same kind of spam users queuing up as before upgrading, but up to about 50 per day, which is such a pain to sift through.
I tried to sign up to my site as a new user myself to test that captcha was working, and it shows what looks like a little slider but I couldn't move it and couldn't work out how to proceed. So the great irony here is that I seem to have succeeded in locking out humans but bots are still getting through!
Reading this thread I saw one happy customer:
http://blogdogit.com/users.php?mode=new
and I can move their slider but for me:
http://www.worldfootynews.com/users.php?mode=new
it won't move. Clearly something is wrong with my version. I've tried clearing my cache.
* Given what a huge effort it was to upgrade and shift servers at the same time, it was depressing to realise that when I downloaded 1.8 from geeklog.net somehow I got 1.8.2 instead of 1.8.2sr. I can’t bear the thought of going through it again right now (unless there was just a handful of routines to replace).
Cheers,
Brett
25
25
Quote
Status: offline
::Ben
Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Hi Brett,
In captcha config you can set "Enable CAPTCHA slider " to false.
I'm investigating on this issue.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
In captcha config you can set "Enable CAPTCHA slider " to false.
I'm investigating on this issue.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
27
26
Quote
Status: offline
remy
Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
@worldfooty:
It looks like jQuery is not initialised properly.
I see complaints that the browser type is not detected (safari, firefox).
And than you have a countdown on the page that tries to access your main content (and is denied). Are you sure that that iFrame is still safe?
It looks like jQuery is not initialised properly.
I see complaints that the browser type is not detected (safari, firefox).
And than you have a countdown on the page that tries to access your main content (and is denied). Are you sure that that iFrame is still safe?
26
33
Quote
Status: offline
worldfooty
Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
Quote by: ::Ben
Hi Brett,
In captcha config you can set "Enable CAPTCHA slider " to false.
I'm investigating on this issue.
Ben
If I do that (I tried) then there is no security on that page, correct? (Other than the new user request will be queued). Or is some other level like image recognition supposed to apply? Because it didn't.
To remy.... thanks for the response but I'm afraid I don't really understand.
30
23
Quote
Status: offline
::Ben
Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Brett,
As I have update your jquery files to make menu plugin works, your jquery-ui files also needed to be update. Clear you browser cache and you might be able to move the slider.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
As I have update your jquery files to make menu plugin works, your jquery-ui files also needed to be update. Clear you browser cache and you might be able to move the slider.
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
24
29
Quote
Status: offline
worldfooty
Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
That worked thank you!
And no new spam users since last night (my time).
With those updates you've done, is there anything I need to remember next time I do a fresh install or a version update, or are all the changes in the standard releases?
And no new spam users since last night (my time).
With those updates you've done, is there anything I need to remember next time I do a fresh install or a version update, or are all the changes in the standard releases?
26
27
Quote
Page navigation
All times are EDT. The time is now 11:03 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content