[dokuwiki] Re: Plugin captcha -
- From: "K. Peter" <kp@xxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 01 Feb 2017 17:58:25 +0100
On 2017-02-01 16:15, Andreas Gohr wrote:
Hi,
First of all make sure you have an up-to-date version of the CAPTCHA
plugin. Very old versions had a replay vulnerability.
It is up-to-date.
Second, what makes you think this is an automated attack? Could it be
manual?
It comes in too fast. Multiple GET and POST within 5 seconds, different
pages. Request happens 24h also. From other data I captured I know this
source. IP's changing regularly. Anyway, no matter if automated or
semi-automated. Posting a comment regularly through a browser as usual,
gives many more GET entries in the logs.
Third, does the spam always occur on the same page?
Also I just looked at your page and the CAPTCHA isn't displayed at all
- it shows a broken image. Did you disable it?
Yes, I did. It is necessary to do it at the time. I let img.php early
die().
In the meanwhile I'm a bit further. It seems to me that the secret
string was created by the spammer itself. This can be reproduced through
a browser. The captcha image will be created - ok, not on my site at the
moment. Something like this:
http(s)://www.example.com/lib/plugins/captcha/img.php?secret=kwD%2BIDAiJXuk2zbfbkg2cV%2Bmy8TKEI0Hs4kc%2Fwd%2Bt%2BD
creates a captcha image with letters UUDNOVKX. If you reload the page
the font changes, but not the content.
Kai
Andi
--
splitbrain.org
--
-------------------------------
Dyn@mic IP'ing:
http://dyndn.es
!!! DynDN.eS is NOT dyn.com !!!
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts: