Welcome to Geeklog, Anonymous Thursday, October 03 2024 @ 11:03 pm EDT

Geeklog Forums

CAPTCHA Cracked, Now Getting 50 Spam User Submissions Per Hour

Page navigation


Status: offline

::Ben

Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Some Geeklog users try to update CAPTCHA plugin from version 4 (japanese version ???) and above to version 3.5+ It won't work. Please uninstall your CAPTCHA plugin V4 first, then install CAPTCHA V3.5
I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

gl-user

Anonymous
Hello,

Can Geeklog developer team create a CAPTCHA QUESTION for GeeklogCMS? I have install captcha question on one of my drupal pinboard site and it is very protective. I can create question in my language with answer. all question and answer store in the database. It is good to have with Geeklog.

Thanks.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Yes the simple question and answer is a popular choice for security questions and it does work well. Our current options of the Slider (with Captcha) and reCaptcha seem to be working well at the moment though so I don't think anyone has plans to do further updates. (though I could be wrong)
One of the Geeklog Core Developers.
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Hey. I'm using Geeklog 1.7.2, and have just installed the ReCaptcha plugin 1.0.1.

It doesn't seem to care what I type in the boxes - it lets new user submissions through just fine.

Any advice?
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
It should work....

Did you try clearing your browser cache. I had the issue when I first installed the plugin. If I remember correctly all I needed to do was clear the cache.

Tom
One of the Geeklog Core Developers.
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Spammers are still getting through. Tried using it with the standard captcha enabled, and with it disabled too.

Edit: With the standard captcha disabled, the recaptcha div shows up, and everything looks like it works - but it doesn't matter what I type in the boxes, it just lets me waltz right on in.
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Is anything reported in the error log?
One of the Geeklog Core Developers.
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Just the recaptcha installation, then a bunch of login attempts for users I've erased:

Fri 21 Mar 2014 18:07:14 UTC - Attempting to install the 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Attempting to create 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to add 'recaptcha' features
Fri 21 Mar 2014 18:07:14 UTC - Adding 'recaptcha.edit' feature to the 'reCAPTCHA Admin' group
Fri 21 Mar 2014 18:07:14 UTC - Attempting to give all users in the Root group access to the 'recaptcha' Admin group
Fri 21 Mar 2014 18:07:14 UTC - Registering 'recaptcha' plugin
Fri 21 Mar 2014 18:07:14 UTC - Successfully installed the 'recaptcha' plugin!
Fri 21 Mar 2014 18:11:23 UTC - Error, invalid username: 'HeBaylebri'


Also this:
Fri 21 Mar 2014 18:18:23 UTC - 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET validation='QVILD5' WHERE session_id='532c826035cc'' at line 1. SQL in question: UPDATE SET validation='QVILD5' WHERE session_id='532c826035cc'


The rest is just variations on "Error, invalid username X"
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin?

The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.
One of the Geeklog Core Developers.
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
Quote by: Laugh

Those errors are from the Captcha plugin. Did you uninstall or disable the captcha plugin? The Captcha plugin and the reCaptcha plugin cannot both be enabled or they will not work.

I verified that the Captcha plugin was disabled and, just for good measure, I deleted it too. It's still just letting me in with any (or no) text input; look here to see it in action.
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
(update: Don't look there to see it in action, I had to disable user submissions again)

(update update: I enabled new registrations, signed up for an account while leaving the text boxes empty, and checked the Apache error logs - no errors from my IP address. Frown )

(edit: Probably should've mentioned this before: The spammers have started spamming the forums. Guess they weren't always just gonna be profile spam. :-/ )
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Sorry I am not sure why you are getting the error... I cannot seem to replicate it. The recaptcha works on all of the sites I have tried (4 of them)

The latest CAPTCHA plugin works but recquires at least Geeklog 1.8.0. Can you update your site to at least this version (version 1.8.2sr1 would be better)?
One of the Geeklog Core Developers.
 Quote

Status: offline

CavemanJoe

Forum User
Chatty
Registered: 09/20/06
Posts: 41
Location:Cheshire, England
No can do, right now - the game itself still runs some old PHP4 code, and I'd need to upgrade PHP to install a newer Geeklog version. Legacy code ahoy.

I'm taking a look at the recaptcha plugin itself - if I discover a fix, I'll post it here.

EDIT: changed two settings ("Anonymous only" now set to "False," and "Log invalid entries" now set to "True," and now it works. Huzzah! Big Grin )
Silly browser RPG: improbableisland.com!
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Not sure why those 2 settings would make a difference (I have them both set to true) but I am glad you got it working. Can you try re-enabling just Anonymous only to see if it still works?
One of the Geeklog Core Developers.
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
I went to using recaptcha for a while but still got tens of spam new user requests per day (down from a 100 or so).

But as of this week I'm running GL1.8.2 * and captcha 3.5.5. Now I'm getting the same kind of spam users queuing up as before upgrading, but up to about 50 per day, which is such a pain to sift through.

I tried to sign up to my site as a new user myself to test that captcha was working, and it shows what looks like a little slider but I couldn't move it and couldn't work out how to proceed. So the great irony here is that I seem to have succeeded in locking out humans but bots are still getting through!

Reading this thread I saw one happy customer:

http://blogdogit.com/users.php?mode=new

and I can move their slider but for me:

http://www.worldfootynews.com/users.php?mode=new

it won't move. Clearly something is wrong with my version. I've tried clearing my cache.

* Given what a huge effort it was to upgrade and shift servers at the same time, it was depressing to realise that when I downloaded 1.8 from geeklog.net somehow I got 1.8.2 instead of 1.8.2sr. I can’t bear the thought of going through it again right now (unless there was just a handful of routines to replace).

Cheers,
Brett
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Hi Brett,

In captcha config you can set "Enable CAPTCHA slider " to false.

I'm investigating on this issue.

Ben
I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

Status: offline

remy

Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
@worldfooty:

It looks like jQuery is not initialised properly.
I see complaints that the browser type is not detected (safari, firefox).

And than you have a countdown on the page that tries to access your main content (and is denied). Are you sure that that iFrame is still safe?

 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
Quote by: ::Ben

Hi Brett,

In captcha config you can set "Enable CAPTCHA slider " to false.

I'm investigating on this issue.

Ben



If I do that (I tried) then there is no security on that page, correct? (Other than the new user request will be queued). Or is some other level like image recognition supposed to apply? Because it didn't.

To remy.... thanks for the response but I'm afraid I don't really understand.
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Brett,

As I have update your jquery files to make menu plugin works, your jquery-ui files also needed to be update. Clear you browser cache and you might be able to move the slider.

Ben


I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

Status: offline

worldfooty

Forum User
Full Member
Registered: 01/13/09
Posts: 162
Location:Mostly Adelaide, South Australia, Australia
That worked thank you!

And no new spam users since last night (my time).

With those updates you've done, is there anything I need to remember next time I do a fresh install or a version update, or are all the changes in the standard releases?
 Quote

Page navigation

All times are EDT. The time is now 11:03 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content