WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: SI CAPTCHA Anti-Spam] SI Captcha cracked? (11 posts)

  1. berck
    Member
    Posted 4 years ago #

    I use this plugin as well as Akismet. Akismet has detected 779 spam comments on my blog in November alone. That's 779 spam comments that have defeated the SI Captcha plugin... (none of them came from registered users) That makes me think that there's either an implementation weakness or spammers are able to OCR the image? My blog is not high traffic at all, and I don't think they'd muster up a relay attack for it. Any suggestions?

    http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

  2. Mike Challis
    Member
    Posted 4 years ago #

    One time I heard of this, it was another wordpress plugin that was conflicting. Some plugins reroute the comment code to a custom function.
    That could potentially cause an unintended bypass of the captcha check.

    Maybe that is the case here?
    What other plugins do you have installed?

  3. berck
    Member
    Posted 4 years ago #

    Other plugs: Akismet, Feedburner, Subscribe to Comments, WP Sentry. Think one of them might have opened up a problem?

    It's not immediately obvious that there is a problem. If I leave the captcha field blank, or type in the wrong captcha, the plugin works as intended and the comment is blocked. The only evidence that things don't seem to be working correctly is the large numbers of spam that seems to be getting through. But if I test it, it appears to work fine. Suggestions?

  4. Mike Challis
    Member
    Posted 4 years ago #

    which feedburner plugin?

    I will look at the code in those plugins to see if I see any unintended bypass mechanisms.

    Can you email me a link to your site?
    contact me here:
    http://www.642weather.com/weather/contact_us.php

  5. BrianDFS
    Member
    Posted 4 years ago #

    This just started happening to me within the past week as well. I've updated to the latest SI Captcha version and it is still happening.

    I only have two other active plug-ins in addition to SI Captcha. They are:

    TinyMCE Advanced
    WP Super Cache

  6. Mike Challis
    Member
    Posted 4 years ago #

    Can you email me a link to your site?
    contact me here:
    http://www.642weather.com/weather/contact_us.php

    The captcha is not known to be cracked, nobody who has suggested it has sent me a link to their site. Also there are human laborers that are paid to manually enter captcha codes to spam.

    There is a better CAPTCHA library I just added.
    Try updating to version 2.2.1 or higher, it has a better captcha.

    2.2 * (20 Nov 2009) - Updated to SecureImage CAPTCHA library version 2.0 * New CAPTCHA features include: increased CAPTCHA difficulty using mathematical distortion, streaming MP3 audio of CAPTCHA code using Flash, random audio distortion, better distortion lines, random backgrounds and more.

  7. Mike Challis
    Member
    Posted 4 years ago #

    Also i would like to know...
    What kind of spammers?
    Are they registering?
    Is it comment spam?
    Is it trackback or ping back spam?

    Mike

  8. Mike Challis
    Member
    Posted 4 years ago #

    OK, I found out one of these cases, it was trackback spam.

    "In the WordPress settings for discussions I have disallowed pingbacks and trackbacks. However, some of those older posts still had those two settings enabled specifically for those posts -- which I guess are per-post overrides. I don't know if that was something that an older of version of WordPress had setup that way or what? The newer posts which were created on a more recent version of WordPress have the correct settings."

    "I'll keep an eye on it and hope that this resolves the problem. SI Captcha definitely seems good to go. Thanks for all the help!"

  9. icamehere
    Member
    Posted 4 years ago #

    There is something wrong with the newest version.My whole blog is not loading anymore.Ive uninstalled it and everything is fine now.

  10. Mike Challis
    Member
    Posted 4 years ago #

    icamehere,

    sorry you are having trouble.

    Was there any error messages?
    Thousands of downloads and no others are reporting this problem, maybe the plugin autoupdate failed. You could try uninstall the plugin and install it again.

    btw, your post was not related to this topic, next time please post a new one..

  11. berck
    Member
    Posted 4 years ago #

    Here's the wordpress site I've been having trouble with:

    http://nachzen.net/

    The spam has abated a bit lately, but there's still a fair amount getting through. The spam is comment spam from unregistered users. It occurs on recent as well as older posts.

    I'll go ahead and upgrade the plugin to the newest and see if that has any effect.

    Sorry it took me so long to respond.

Topic Closed

This topic has been closed to new replies.

About this Topic