Junior Member
Junior Member
esaracco   2012-10-18, 09:10
#1

Hi,

I found that spammers heavily used "c.php" file to exploit Zenphoto captcha before posting malicious comments. Are you aware of this? I can provide details if not. I have fixed it on my Zenphoto. Bad and quick but it seems to be a efficient fix.

Let me know!

Administrator
Administrator
acrylian   2012-10-18, 09:51
#2

c.php is the captcha generator. Could you be more specific about what kind of exploitation, do they try or actually do something? Best you send a mail via the contact form on our site with the details.

Member
Member
flo   2012-10-31, 13:02
#3

hi esaracco/acrylian

was there more to this?

your report may be unrelated, but it sounds as if it could have something in common with the issue as per my report today (see separate thread id=17564)

thanks

Administrator
Administrator
acrylian   2012-10-31, 13:20
#4

We did not get any reports regarding this and would need more information. c.php of course gets used if the captcha is generated. So if soemone tries a lot of times it gets used a lot of time.

Member
Member
binoyte   2012-11-27, 16:33
#5

I have just being spammed. And this time I had a look into my apache log. This is what I found :
$ grep '" 200 [0-9]' access.log | grep 195.190.13.102 195.190.13.102 - - [27/Nov/2012:10:15:33 -0500] "GET /news/asp-reorganiser-le-volet-de-developpement HTTP/1.0" 200 27718 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1" 195.190.13.102 - - [27/Nov/2012:10:15:39 -0500] "GET /zp-core/c.php?i=e2b7467923 HTTP/1.0" 200 4265 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1" 195.190.13.102 - - [27/Nov/2012:10:15:40 -0500] "POST /news/asp-reorganiser-le-volet-de-developpement HTTP/1.0" 200 32207 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
Indeed, spammer access to c.php. They probably have a kind of orc software, and then they spam.

I hope it will help.

Member
Member
sbillard   2012-11-27, 18:43
#6

Sorry, but what exactly do you think is a security issue? Of course anyone has access to this file. It is, after all, the code that produces the captcha image. Any time a page is displayed with a captcha this script will be accessed.

But since it is [b]NOT[/b] a gateway to anything, I do why you believe that it lets anyone spam. To post spam they will have to guess the characters presented by the references to c.php that [b]YOUR[/b] scripts are making, not ones that they somehow decide to make.

Perhaps by brute force they can figure out the encoding. But I suspect that takes more sophisticated software than is really available. For instance, the software would have to OCR the text from the captcha image just to see what the result of the fetch was.

Of course if you are concerned with this, set your captcha font to [i]random[/i] and you will make their life even more impossible.

But really now. We have said time and again that captcha does not prevent SPAM. All captcha can do is make it harder for bots to post to your site. Any human can easily get past a captcha barier and SPAM your site to no end. If you want to protect against SPAM use a SPAM filter.

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.