[dokuwiki] Re: Plugin captcha -
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: DokuWiki Mailinglist <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 1 Feb 2017 16:15:09 +0100
Hi,
2a. if yes he gets the value of the captcha image through the secret
parameter, ...
2b. ... decodes the week md5(?!) string
MD5 can not be decoded. However this is not MD5 but symmetric
encryption. I still doubt he's decrypting it.
First of all make sure you have an up-to-date version of the CAPTCHA
plugin. Very old versions had a replay vulnerability.
Second, what makes you think this is an automated attack? Could it be manual?
Third, does the spam always occur on the same page?
Also I just looked at your page and the CAPTCHA isn't displayed at all
- it shows a broken image. Did you disable it?
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts: