[pmwiki-users] pmform captchas bypassed on thinkhost.com
Ben Stallings
ben at interdependentweb.com
Sat Jul 12 18:29:30 CDT 2008
I'm having a weird problem with PmForm and Captcha on two of my sites
that are hosted on ThinkHost.com. The same forms work just fine on
DreamHost.com, making me think it may be a server configuration issue.
The problem: If you go to
http://www.worldpopulationbalance.org/ThePopulationIssue/QuestionsAndAnswers
and submit the form at the bottom of the page, it will send me mail
regardless of what is typed in the captcha field.
The config.php looks like this:
$EnablePostCaptchaRequired = true;
include_once("$FarmD/cookbook/captcha.php");
include_once("$FarmD/cookbook/pmform.php");
$PmForm['maileditor'] = 'mailto=ben at interdependentweb.com form=#mailform
fmt=#mailpost';
Site/PmFormTemplates#mailpost looks like this:
[[#mailpost]]
(:template require from errmsg="$[Missing 'from' address]" :)
(:template require subject errmsg="$[Missing message subject]" :)
(:template require text errmsg="$[Message text required]" :)
(:template require if="captcha" errmsg="$[Captcha required]" :)
{$$text}
==========
Sent via PmForm at {$$PageUrl}
[[#mailpostend]]
Here's another clue: spammers are changing the subject line, so they are
spoofing the form, not using the one on the page. Even so, that's the
sort of thing captchas are supposed to prevent!
And another: even though $EnablePostCaptchaRequired is true, captchas
are also not required to edit pages (though this is not a problem
because a password is required!).
Any ideas? My clients and I are getting tired of being spammed!
PHPinfo details for the site are at
http://www.worldpopulationbalance.org/info.php , and I'm running the
most recent version of PmWiki and the recipes.
Thanks in advance!
Ben Stallings
Interdependent Web
More information about the pmwiki-users
mailing list