Captcha looks like not working correctly/optimal against Spammer

splitbrain / dokuwiki-plugin-captcha

Use a CAPTCHA challenge to protect DokuWiki against automated spam

http://www.dokuwiki.org/plugin:captcha

GNU General Public License v2.0

11 stars 12 forks source link

Captcha looks like not working correctly/optimal against Spammer #128

Closed obw closed 1 year ago

obw commented 2 years ago

I'm using the plugin for my contact form. I had the hope, to minimize spamming. At first, I used for chars, image, I have reconfigured this to 6 chars but with no success.

Around every hour a SPAM-Mail is generated. I have no idea, how they go around the captcha Protection!

All SPAM has the following content or similar:

Ihre Mailadresse         [bobbinrobbin8@gmx.com](mailto:bobbinrobbin8@gmx.com)
Ihre Nachricht       Schauen Sie sich das neue Finanzinstrument an, das Sie reich machen kann. https://com.dkworld.de/gotodate/go

Is there a known way, to make the protection better?

Regards

splitbrain commented 2 years ago

The captcha plugin has many modes. Which one have you tried?

obw commented 2 years ago

SVG and graphics (PNG) aktuelle_einstellungen

I have not added additional fonts at the moment!

splitbrain commented 2 years ago

Hmm no idea then. You write this is for comments? How exactly is the plugin integrated? Maybe the integration is wrong?

obw commented 2 years ago

I use it for my Contact form!

Page Code:

====== Kontakt ======

<form>
Action mail kontakt@thealienhuntsman.de
Thanks "Danke für die Mail."

Fieldset "Ihre Nachricht"
email  "Ihre Mailadresse"
textarea "Ihre Nachricht"
yesno "Beachten sie unseren Datenschutzhinweis!?" /^yes$/
submit "Kontakt aufnehmen"
</form>

//[[de:privacy_statement|Datenschutzhinweis]]//

I use the Bureaucracy Plugin for the design of the form! So when there are problems, then in this Plugin!

splitbrain commented 2 years ago

I see. No idea then.

obw commented 2 years ago

I had not much hope to start with!

I have too little time at the moment, but I was thinking about a blacklist filter for Bureaucracy Plugin, when it's used for contact forms.

Perhaps with feedback to the mail address, which tried to send the form, if it's not a spammer! Configurable!

Unlucky that I can't run real-time scripts on my log files at the moment... But I will look these days in them and try to find some hints how they do it!

obw commented 2 years ago

Worst case, in one or two months I will send a path to the Bureaucracy Plugin!

eilko commented 1 year ago

@obw same issue here since upgrading to PHP8.2 (and latest Dokuwiki). I have the plugin also integrated with Bureaucracy plugin. What ever setting I use, you can just ignore the captcha field and don't enter anything at all to continue.

@splitbrain you can see it in action at https://www.altaplana.be/en/community/contact .

splitbrain commented 1 year ago

should be fixed with https://github.com/splitbrain/dokuwiki-plugin-bureaucracy/commit/5ed1e39f54f54dbf6f4755c27a7c099a3426c2c8