[TYPO3-english] spammers beating captcha

Tonix (Antonio Nati) tonix at interazioni.it
Sun Jan 22 09:07:38 CET 2012


Freecaptha (1.1.1) , as far as I remember, has a 'stupid' bug (already 
described, but ignored).
Whener you submit the right captcha, you can resubmit the same form with 
same captcha value.
It should mark the captcha meta value as already used, and force using a 
new captcha value (but it does not do).

Regards,

Tonino


Il 22/01/2012 08:10, Jigal van Hemert ha scritto:
> Hi,
>
> On 21-1-2012 22:38, Simon Child wrote:
>> Today I have had several spam comments posted, so it seems they are 
>> beating
>> the captcha (or entering it manually? but if so unusually persistent 
>> to try
>> it a dozen times or more).
>
> From tests with a few non-TYPO3 projects it seems that "they" have 
> found the easiest way around CAPTCHAs: humans. Luckily this also means 
> that there is weakness: the internet access for these people uses 
> their normal IP addresses.
>
> This was the way for the Honeypot Project [1] to start fighting the 
> human spambots.
>
> The extension http:BL Blocking (mh_httpbl) [2] implements this for 
> TYPO3 pages.
> My experience is that you can't rely on either a CAPTCHA or IP 
> blocking, but the combination of these two has blocked form spammers 
> successfully for me.
>
> [1] http://www.projecthoneypot.org/
> [2] http://typo3.org/extensions/repository/view/mh_httpbl/current/
>


-- 
------------------------------------------------------------
         Inter at zioni            Interazioni di Antonio Nati
    http://www.interazioni.it      tonix at interazioni.it
------------------------------------------------------------



More information about the TYPO3-english mailing list