[3022] CAPTCHA issue in SMF 2.0

Started by aldo, February 04, 2009, 11:14:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

aldo

February 04, 2009, 11:14:23 PM Last Edit: February 05, 2009, 12:09:25 PM by regularexpression
I think I found a problem with SMF's CAPTCHA system, at least in 2.0 (Could be in 1.1.x, but I haven't really tried), because I have noticed on registration, if you get the wrong letters and what not on the CAPTCHA, the same exact text is displayed.

Even though the image is somewhat redone, like the colors are different, position is a bit different, but the text is exactly the same. So basically, a bot could try many many combinations until it got it because the images text would never actually change. Now I could understand if the text in the image stayed the same for a couple times, because sometimes it can be a bit hard, but practically keeping the same exact text as long as you don't click the register link again, the text won't change.

metallica48423

#1
February 05, 2009, 02:00:26 AM
I believe it's intended.  If you were to close your browser and reopen it, it'd be different, as it's now a different session entirely.

I believe it's an accessibility feature, so that people with limited sight can request a new version of the image they might be able to see more clearly without losing what they've worked out.
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

QuoteMicrosoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"


Useful Links:
Online Manual!
How to Help us Help you
Search
Settings Repair Tool

karlbenson

#2
February 05, 2009, 07:40:46 AM Last Edit: February 05, 2009, 07:49:22 AM by regularexpression
I believe you get 3 or 4 attempts at it.  Then it will change.

This is too many attempts for my liking. It makes smf a far too attractive proposition to spammers.
I'm going to add this on the bug tracker. (private report) http://dev.simplemachines.org/mantis/view.php?id=3022

aldo

#3
February 05, 2009, 10:21:55 AM
Sweet.

Yeah that was why I posted this. It was one thing to have it redo it a few times, but the ability for it to do it forever (in theory) isn't good.

karlbenson

#4
February 05, 2009, 12:08:57 PM
Its 3 attempts then it changes (just tested).

But I think 1 attempt is enough, then it should changes.
+ limit to 3 refreshes of the image.

emanuele

#5
March 11, 2012, 10:13:16 AM
Personally I find one attempt pretty annoying...

Several people are already complaining that the captachas are too difficult to read and even I (my sight is usually pretty good) fail in reading it every once in a while and realize it only when SMF tells me.
Considering also that the SMF's captcha is not particularly effective, I would much prefer a simple way to replace the default captcha with custom ones.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Arantor

#6
February 09, 2014, 01:09:06 AM
Print
Go Up Pages1
User actions
Advertisement: