Hi,
I use dokuwiki with plugins blogtng and captcha as a public blog. All
went ok for a long time. But since a few weeks I have a spammer on my
back. It looks to me like the spammer uses a technique which makes the
captcha plugin quite useless. This is in the logs at a successful spam
post:
46.161.9.6 - - [31/Jan/2017:16:55:53 +0100] "GET
/doku.php/blog/2014/10/18_eqmail_1.08 HTTP/1.0" 200 125785
"https://blog.dyndn.es/doku.php/blog/2014/10/18_eqmail_1.08";
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/48.0.2564.97 Safari/537.36"
46.161.9.6 - - [31/Jan/2017:16:55:54 +0100] "GET
/lib/plugins/captcha/img.php?secret=kwD%2BIDAiJXuk2zbfbkg2cV%2Bmy8TKEI0Hs4kc%2Fwd%2Bt%2Bs%3D&id=blog:2014:10:18_eqmail_1.08
HTTP/1.0" 200 9493
"https://blog.dyndn.es/doku.php/blog/2014/10/18_eqmail_1.08";
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/48.0.2564.97 Safari/537.36"
46.161.9.6 - - [31/Jan/2017:16:55:55 +0100] "POST
/doku.php/blog/2014/10/18_eqmail_1.08 HTTP/1.0" 200 140482
"https://blog.dyndn.es/doku.php/blog/2014/10/18_eqmail_1.08";
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/48.0.2564.97 Safari/537.36"
I'm not an expert, but I assume the following happens:
1. he checks for open comments
2a. if yes he gets the value of the captcha image through the secret
parameter, ...
2b. ... decodes the week md5(?!) string
3. posts the spam together with the correct captcha code
Am I wrong? What could be done to prevent this? Btw, increasing the
number of letters doesn't have/show any effect.
Kai
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
