View Issue Details

IDProjectCategoryView StatusLast Update
0010028mantisbtsecuritypublic2014-12-08 00:34
ReporterobooklageAssigned Tograngeway 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version1.1.2 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0010028: Registrations by bots via captcha exploit
Description

We have abnormal registrations ( names, mails, far countries ) on our French mantisbt. I lock this accounts and ask by mail a confirmation without any answer.

We suppose it is bots using OCR on captcha, and do some tests about changing the captcha system ( random background image )

TagsNo tags attached.

Relationships

child of 0016565 closedgrangeway Implement new captcha library 

Activities

dregad

dregad

2013-11-01 06:50

developer   ~0038414

Marked as resolved following grangeway's implementation of securimage captcha library, as per his commit comment.

Feel free to reopen if you find that the original issue persists.

Related Changesets

MantisBT: master 8dd28f84

2013-10-15 16:02:42

Paul Richards

Details Diff
New Feature: replace captcha library with open source library. Adds audio support to captcha for accessibility [requires flash on client]

Ported from master-2.x branch

Resolves (Part or all) of bugs:

0010972: openbase_dir breaks captcha generation
0008796: The letters in the catchpa on account creation page are too small
0010976: Remove instances of pass-by-reference (deprecated in PHP 5.3.0)
0010028: Registrations by bots via captcha exploit
0008462: Captcha will benefit supporting other than jpeg format
0008129: Alternative to captchas
mod - core/print_api.php Diff File
mod - library/README.libs Diff File
add - library/securimage/AHGBold.ttf Diff File
add - library/securimage/LICENSE.txt Diff File
add - library/securimage/README.FONT.txt Diff File
add - library/securimage/README.txt Diff File
add - library/securimage/WavFile.php Diff File
add - library/securimage/audio/en/0.wav Diff File
add - library/securimage/audio/en/1.wav Diff File
add - library/securimage/audio/en/10.wav Diff File
add - library/securimage/audio/en/11.wav Diff File
add - library/securimage/audio/en/12.wav Diff File
add - library/securimage/audio/en/13.wav Diff File
add - library/securimage/audio/en/14.wav Diff File
add - library/securimage/audio/en/15.wav Diff File
add - library/securimage/audio/en/16.wav Diff File
add - library/securimage/audio/en/17.wav Diff File
add - library/securimage/audio/en/18.wav Diff File
add - library/securimage/audio/en/19.wav Diff File
add - library/securimage/audio/en/2.wav Diff File
add - library/securimage/audio/en/20.wav Diff File
add - library/securimage/audio/en/3.wav Diff File
add - library/securimage/audio/en/4.wav Diff File
add - library/securimage/audio/en/5.wav Diff File
add - library/securimage/audio/en/6.wav Diff File
add - library/securimage/audio/en/7.wav Diff File
add - library/securimage/audio/en/8.wav Diff File
add - library/securimage/audio/en/9.wav Diff File
add - library/securimage/audio/en/A.wav Diff File
add - library/securimage/audio/en/B.wav Diff File
add - library/securimage/audio/en/C.wav Diff File
add - library/securimage/audio/en/D.wav Diff File
add - library/securimage/audio/en/E.wav Diff File
add - library/securimage/audio/en/F.wav Diff File
add - library/securimage/audio/en/G.wav Diff File
add - library/securimage/audio/en/H.wav Diff File
add - library/securimage/audio/en/I.wav Diff File
add - library/securimage/audio/en/J.wav Diff File
add - library/securimage/audio/en/K.wav Diff File
add - library/securimage/audio/en/L.wav Diff File
add - library/securimage/audio/en/M.wav Diff File
add - library/securimage/audio/en/MINUS.wav Diff File
add - library/securimage/audio/en/N.wav Diff File
add - library/securimage/audio/en/O.wav Diff File
add - library/securimage/audio/en/P.wav Diff File
add - library/securimage/audio/en/PLUS.wav Diff File
add - library/securimage/audio/en/Q.wav Diff File
add - library/securimage/audio/en/R.wav Diff File
add - library/securimage/audio/en/S.wav Diff File
add - library/securimage/audio/en/T.wav Diff File
add - library/securimage/audio/en/TIMES.wav Diff File
add - library/securimage/audio/en/U.wav Diff File
add - library/securimage/audio/en/V.wav Diff File
add - library/securimage/audio/en/W.wav Diff File
add - library/securimage/audio/en/X.wav Diff File
add - library/securimage/audio/en/Y.wav Diff File
add - library/securimage/audio/en/Z.wav Diff File
add - library/securimage/audio/en/error.wav Diff File
add - library/securimage/audio/noise/check-point-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-1.wav Diff File
add - library/securimage/audio/noise/crowd-talking-6.wav Diff File
add - library/securimage/audio/noise/crowd-talking-7.wav Diff File
add - library/securimage/audio/noise/kids-playing-1.wav Diff File
add - library/securimage/backgrounds/bg3.jpg Diff File
add - library/securimage/backgrounds/bg4.jpg Diff File
add - library/securimage/backgrounds/bg5.jpg Diff File
add - library/securimage/backgrounds/bg6.png Diff File
add - library/securimage/captcha.html Diff File
add - library/securimage/database/.htaccess Diff File
add - library/securimage/database/index.html Diff File
add - library/securimage/database/securimage.sq3 Diff File
add - library/securimage/example_form.ajax.php Diff File
add - library/securimage/example_form.php Diff File
add - library/securimage/images/audio_icon.png Diff File
add - library/securimage/images/refresh.png Diff File
add - library/securimage/securimage.php Diff File
add - library/securimage/securimage_play.php Diff File
add - library/securimage/securimage_play.swf Diff File
add - library/securimage/securimage_show.php Diff File
add - library/securimage/words/words.txt Diff File
rm - make_captcha_img.php Diff File
mod - signup.php Diff File
mod - signup_page.php Diff File

Issue History

Date Modified Username Field Change
2009-01-08 09:13 obooklage New Issue
2009-06-27 13:10 dhx Status new => acknowledged
2013-11-01 06:44 dregad Relationship added child of 0016565
2013-11-01 06:45 dregad Changeset attached => MantisBT master 8dd28f84
2013-11-01 06:47 dregad Status acknowledged => resolved
2013-11-01 06:47 dregad Fixed in Version => 1.3.0-beta.1
2013-11-01 06:47 dregad Resolution open => fixed
2013-11-01 06:47 dregad Assigned To => dregad
2013-11-01 06:48 dregad Status resolved => assigned
2013-11-01 06:48 dregad Assigned To dregad => grangeway
2013-11-01 06:48 dregad Status assigned => resolved
2013-11-01 06:49 dregad Target Version => 1.3.0-beta.1
2013-11-01 06:50 dregad Note Added: 0038414
2014-12-08 00:34 vboctor Status resolved => closed