News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SPAM threat blocked?

Started by njtweb, July 17, 2018, 01:19:41 PM

Previous topic - Next topic

njtweb

I have about 50 of these messages consistently for almost 1hr today on a topic. I was looking at whose online and saw "Guest posting" on this topic. So I clicked on it and there's 10 pages of this.

Is that a bot being blocked? This is the IP - 1.53.96.36, it says it's coming from Asia Pacific Network Information Centre (APNIC)
Quote
"8192: Methods with the same name as their class will not be constructors in a future version of PHP; ReCaptcha has a deprecated constructor
?action=register2"

Arantor

It's probably a bot trying to hammer the registration page and failing to get in - however, the ReCaptcha mod needs an update to work on PHP 7.

njtweb

Quote from: Arantor on July 17, 2018, 01:25:05 PM
It's probably a bot trying to hammer the registration page and failing to get in - however, the ReCaptcha mod needs an update to work on PHP 7.

Ok, thank you that means security is working as designed then correct? For the recaptcha mod, That's working, I don't have any errors. All it is in the ACP is a public and private key field.

Arantor

The thing you quoted is literally an error message raised by the ReCaptcha mod being out of date.

njtweb

That IP address keeps trying to register or post and that's the message showing on the IP info page. It's unable to register or post because of the recaptcha.

Arantor

Yes, the IP address is trying to register, it's being stopped. However that doesn't mean that ReCaptcha is functioning perfectly - because it ISN'T. If you update beyond PHP 7.0, it will break and break a bunch of things in the process.

njtweb

Apparently I can't upgrade, I am running the most current version reCAPTCHAforSMF_1.0.1.tar.gz

What do you mean when I upgrade past php7 it will break and other things will too?

Arantor

When you upgrade past PHP 7, the mod will stop working, it's that simple.

njtweb

Quote from: Arantor on July 17, 2018, 03:07:57 PM
When you upgrade past PHP 7, the mod will stop working, it's that simple.

Don't I have to specifically upgrade past 7 myself though? With Godaddy they don't do it, it stays on whatever version unless the customer changes it. I have no plans to change since everything works fine besides that message. I've done several tests and recaptcha is working.

Arantor

PHP 7 will stop getting security patches this December. Your host may 'encourage' you to update to PHP 7.1, at which point the ReCaptcha plugin will stop working.

You know what? I wish I hadn't tried to help point out what the error message you have means.

njtweb

Quote from: Arantor on July 17, 2018, 03:17:03 PM
PHP 7 will stop getting security patches this December. Your host may 'encourage' you to update to PHP 7.1, at which point the ReCaptcha plugin will stop working.

You know what? I wish I hadn't tried to help point out what the error message you have means.

Why are you so mad, I appreciate the help. I'm just pointing out that's how Godaddy works. And you're right, I'm screwed because the mod author doesn't appear to have any interest in modifying the mod to current standards.

Sorry I pissed you off, that wasn't the intent.

Sir Osis of Liver

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

The reason I'm pissed off is because it irks me to have to explain something multiple times because it feels like people aren't listening.

The mod will *work* even in 7.0 - however it is giving you a warning that going beyond 7.0, the mod will break. Not that it is broken right now, but that it relies on a thing that is going to go away in the future.

Yes, you can use 5.6, but that runs out of security support in December too. Given how frequently security issues are found in PHP, this is not a thing to be leaving lying around.

GigaWatt

@njtweb: You could always try this, and ditch ReCaptcha all together ;). 0 bots registered in... oh, in about 5 months since I've been using this question template.

This way, you don't have to rely on ReCaptcha or any other captcha system, except maybe the integrated SMF captcha.

Besides, I actually really really hate Google's ReCaptcha and I'm so glad I stumbled upon that post and configured the registration method in that way so that it doesn't have to use a 3rd party captcha system.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

njtweb

Thank you @arantor, my apologies. Trust me, I appreciate everything you guys do I am in no way interested in getting anybody mad.

@Gigawatt, I kinda have to use the recaptcha because my site caters to middle aged adults who don't want to do anything extra to post, especially register. I allow guests to post using the recaptcha because all they have to do is check it to prove they're human. I haven't had any bot registrations at all, it works very well. If I have to use any kind of security which requires more interaction than clicking a checkbox, most of my traffic won't come back.

GigaWatt

Quote from: njtweb on July 17, 2018, 07:51:55 PM
@Gigawatt, I kinda have to use the recaptcha because my site caters to middle aged adults who don't want to do anything extra to post, especially register. I allow guests to post using the recaptcha because all they have to do is check it to prove they're human. I haven't had any bot registrations at all, it works very well. If I have to use any kind of security which requires more interaction than clicking a checkbox, most of my traffic won't come back.

You could also apply the same system to guests if you allow guests to post and then implement the questions template I linked.

IMO, ReCaptcha is far more annoying... yes, you do only have to work with your mouse, but the images that keep reappearing if you only make one mistake... I don't think that using the keyboard is more annoying than that :S.

And now they've even added noise to the images which makes it even worse... now I have to watch out for the car in the lower right angle of the image which has noise added and you can barely recognize that the image is even from a street ::).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Advertisement: