[pmwiki-users] pmform captchas bypassed on thinkhost.com
Patrick R. Michaud
pmichaud at pobox.com
Mon Jul 14 08:23:41 CDT 2008
On Sat, Jul 12, 2008 at 06:29:30PM -0500, Ben Stallings wrote:
> [...]
> Here's another clue: spammers are changing the subject line, so they are
> spoofing the form, not using the one on the page. Even so, that's the
> sort of thing captchas are supposed to prevent!
>
> And another: even though $EnablePostCaptchaRequired is true, captchas
> are also not required to edit pages (though this is not a problem
> because a password is required!).
Weird. I'm not sure where the problem lies, although it sounds as though
the captchas are always evaluating as true.
Could you try duplicating the form that is on the Captcha recipe page
and see if it ever reports failure? That form looks like:
(:input form action={*$PageUrl} method=post:)
Enter value: {$Captcha} (:input captcha:)
(:input submit:)
(:input end:)
(:if captcha:)
%green%Captcha succeeded%%
(:else:)
%red%Captcha failed%%
(:ifend:)
If it always reports "Captcha succeeded", then we know that captchas
are always being treated as successful for some reason, and should
investigate that. If it sometimes reports success and other times
reports failure, then it's likely to be in the way the captcha
code is being configured or set up.
Hope this helps,
Pm
More information about the pmwiki-users
mailing list