[dokuwiki] Re: [SOLVED] Re: Re: Plugin captcha -
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: DokuWiki Mailinglist <dokuwiki@xxxxxxxxxxxxx>
- Date: Sat, 4 Feb 2017 13:32:01 +0100
1. Changed the number of letters: no effect, after *one* failure the spammer
corrected it. Idea: make the numbers flexible (working on it)
2. added and removed fonts: absolute no effect.
3. renamed img.php, also in helpers.php: spammer needs ca. one hour, than he
uses the new filename (used img1.php - maybe it was to simple). Possible
workaround is to make the name of img.php flexible in helpers.php (ok,
crazy)
4. Change code of image.php so that it did not work as it should: this
interrupts the whole process so no comments are possible for everybody.
Stops the spam temporarily, but
5. Added some code to img.php to log all $_GET, $_POST, $_SERVER, §_REQUEST:
couldn't find any useful info yet. It was going to be obsolete as I ...
6. Switched to SVG: Was taken some time, because I needed to rebuild php.
Good news: **IT WORKS** - at least until now. No spam comes through, IMHO
because img.php is no longer used. Spammer needs a new technique, but looks
like he is working on this.
Yeah I expected that SVG would stop the spam. Whatever tool he is
using it would require quite some changes to process that. All your
tests show that he needs the image to solve the captcha:
* svg stops him
* placing a die() inside the img.php stops him (even though he still
has access to the secret)
* renaming the file stops him and makes him adjust his tools
Conclusion: Don't use the image captcha as with the state of now! The
spammer did successful create (semi-)automated spam posts. On failures he
inspected the Website and implemented corrections. I think the spammer have
some knowledge about dokuwiki.
I'm not so sure. Spam is made to get paid - you need huge numbers to
get paid significantly. We do not have a huge spam attack on all
DokuWikis (as far as I know). It wouldn't make economic sense to spent
much time and effort to target your site especially and he seems not
to be targetting DokuWiki in general.
So I assume the spammer is using a generic tool that has some
customizing options. He has a list of targets and whenever his tool
brings up an error he checks the target and makes adjustments.
Usually I'm not but in this case I'm a
believer: The spammer didn't solve the captcha, he creates it.
That makes no sense. Why would he need the image then?
I'm breaking my head here but the only logical explanation to me is
that he uses a machine learning OCR breaker and the captcha is easy to
solve even when you change fonts and sizes.
Another weird thing I saw is, that with the image captcha the code didn't
change anymore. It was always the same for a page, and it was not a caching
issue with the browser. Perhaps it is a caching issue of dokuwiki. Don't
know, even I have ~~NOCACHE~~ inside the most pages.
This is a completely new problem, but puzzling indeed. I wonder if it
points to an underlying problem at your site.
@Andi: many thanks for your assistance! Now you can enjoy your weekend -
hopefully ;).
Not really. This bugs me.
I'm glad the issue is solved for you, but it also means I no longer
have a guinea pig to test more theories :-(
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
