3.0.2 captcha may have been broken

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: 3.0.2 captcha may have been broken

Post by ChrisRLG » Wed Oct 01, 2008 12:47 pm

And if all else fails, you can use post mederation for new members, before giving them the power to post direct.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing

spearfish
Registered User
Posts: 93
Joined: Sun May 25, 2008 4:14 am
Location: New York, USA baby
Contact:

Re: 3.0.2 captcha may have been broken

Post by spearfish » Wed Oct 01, 2008 3:18 pm

Hey don't get me wrong, I wasn't targeting specifically phpBB, I was more thinking out loud general web app security thoughts ;)
Image

User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Re: 3.0.2 captcha may have been broken

Post by MasterZ » Wed Oct 08, 2008 11:10 am

Yeah my captcha with default settings was broken. Multiple users registered and posted several spam links. Luckily it was easy to up the settings a bit and delete all of the users and all posts.

phpBB 3 might take a lot longer to configure, and be comlicated to figure out but it sure is nice with all the options they give. :)

Great job guys.

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: 3.0.2 captcha may have been broken

Post by Phil » Wed Oct 08, 2008 10:52 pm

It should probably be noted that myself (and many others) have yet to see the CAPTCHA broken automatically -- that being said, human spammers breaking the CAPTCHAs so a bot can post does seem to be becoming increasingly more common.
Moving on, with the wind. | My Corner of the Web

User avatar
Dog Cow
Registered User
Posts: 2494
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: 3.0.2 captcha may have been broken

Post by Dog Cow » Thu Oct 09, 2008 3:19 am

iWisdom wrote:It should probably be noted that myself (and many others) have yet to see the CAPTCHA broken automatically
Thanks for giving me incentive. I'm downloading some open-source OCR software right now which can be contrlled via commandline and I intend to work on it in the coming weeks. :ugeek:
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

Pezzoni
Registered User
Posts: 706
Joined: Sat Nov 16, 2002 8:25 pm
Contact:

Re: 3.0.2 captcha may have been broken

Post by Pezzoni » Thu Oct 09, 2008 10:47 am

I need to meet my supervisor to check this, but I hopefully should be doing my final year Compsci dissertation on CAPTCHA security, with an aim to discover how a system with little variation and very wide use (such as the phpBB one) can be reasonably secured without compramising usability too much. Could be quite interesting.

Kim_Possible
Registered User
Posts: 1343
Joined: Sun Sep 21, 2008 3:57 pm

Re: 3.0.2 captcha may have been broken

Post by Kim_Possible » Thu Oct 09, 2008 4:59 pm

Pezzoni wrote:how a system with little variation and very wide use (such as the phpBB one) can be reasonably secured without compramising usability too much
The conventional wisdom so far is . . . it can't, or at least not for long. Sounds like a very interesting study. Good luck.

Post Reply

Return to “phpBB Discussion”