Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


14213 posts

Uber Geek
+1 received by user: 1827


Topic # 94952 22-Dec-2011 23:09
Send private message

I am using the following capcha script attach to a contact form on a few websites, but noticed that one of them has been having spam injected into it, even though it has a capcha on it. It's getting spammed about 20 times a day. http://www.thewebhelp.com/php/scripts/php-contact-form-with-image-validation/

Now there is either a hole in the script, such as sessions not being wiped after the form is submitted, or the spammer is using OCR software to overcome the capcha, or possibily something else. Anyone know if there is anything that can be added to make this more secure?


Create new topic
2734 posts

Uber Geek
+1 received by user: 287


  Reply # 560851 23-Dec-2011 00:05
Send private message

This is the reason PHPBB and vBulletin are abused so much. Captchas just don't cut the mustard anymore.

Re-code it for human interaction (please type 'x' in the box provided for verification) along with it. Seems to work for forums :)

http://en.wikipedia.org/wiki/CAPTCHA shows a few methods they are using to circumvent them, and recommends a PHP adjustment to kill session IDs.



14213 posts

Uber Geek
+1 received by user: 1827


  Reply # 560852 23-Dec-2011 00:22
Send private message

Oblivian: This is the reason PHPBB and vBulletin are abused so much. Captchas just don't cut the mustard anymore.

Re-code it for human interaction (please type 'x' in the box provided for verification) along with it. Seems to work for forums :)

http://en.wikipedia.org/wiki/CAPTCHA shows a few methods they are using to circumvent them, and recommends a PHP adjustment to kill session IDs.


Thanks, I had been using it for about 5 years, and it has only just now begun to happen. I was looking at a script which asks the user to enter the sum of two numbers, as a replacement, at http://www.codegravity.com/projects/mathguard which looks quite good.

I did read that bit on wikipedia about killing session IDs, but have no idea where to add the code into it. The code does delete the cookies, but I suspect that it doesn't kill the sessions.


02.// -----------------------------------------
03.// The Web Help .com
04.// -----------------------------------------
05.// remember to replace you@email.com with your own email address lower in this code.
06.
07.// load the variables form address bar
08.$subject = $_POST["subject"];
09.$message = $_POST["message"];
10.$from = $_POST["from"];
11.$verif_box = $_POST["verif_box"];
12.
13.// remove the backslashes that normally appears when entering " or '
14.$message = stripslashes($message);
15.$subject = stripslashes($subject);
16.$from = stripslashes($from);
17.
18.// check to see if verificaton code was correct
19.if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
20.// if verification code was correct send the message and show this page
21.mail("you@email.com", 'TheWebHelp.com Form: '.$subject, $_SERVER['REMOTE_ADDR']."\n\n".$message, "From: $from");
22.// delete the cookie so it cannot sent again by refreshing this page
23.setcookie('tntcon','');
24.} else if(isset($message) and $message!=""){
25.// if verification code was incorrect then return to contact page and show error
26.header("Location:".$_SERVER['HTTP_REFERER']."?subject=$subject&from=$from&message=$message&wrong_code=true");
27.exit;
28.} else {
29.echo "no variables received, this page cannot be accessed directly";
30.exit;
31.}


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.