Accessible Captcha
ExpressionEngine 1.x, ExpressionEngine 2
Back to this add-on's main page
View Other Add-ons From Greg Salt
Seems to accept any answer
Support (Resolved)
|
pbrienesse
|
| Posted: 24 May 2012 08:59 PM |
|
|
|
|
It seems that the captcha will register as correctly answered if you input any of your answers not just the one specific to that question. For example if I have
What color is the sky - blue
What color is the grass - green
The captcha will pass for ‘What color is the sky’ with an answer of blue or green but not orange.
Version 2.3 on EE 2.5
|
|
|
|
|
Greg Salt
|
| Posted: 25 May 2012 06:38 AM |
# 1
|
|
|
Developer
|
Edited for clarity
This is the way that the EE captcha system works. If you have, for example refreshed (or visited) the page 3 times and you have been shown 2 out of your possible Q&A pairs, you will be able to provide either of those 2 answers and you’ll pass because they are all part of your existing session. The same thing happens if you use the default graphic captcha.
So, is it case that you had in fact been shown both those questions before submitting the captcha answer?
Cheers
Greg
|
|
|
|
|
pbrienesse
|
| Posted: 25 May 2012 11:41 PM |
# 2
|
|
|
|
Ah this makes sense. There is a feedback from that is hidden on every page and accessed by a javascript overlay thing so it would make sense that most if not all answers would be shown while navigating through the site.
Thanks for the reply its really a fairly minor detail. Used the addon many time and this is the first I have come across this issue and its probably because of that captcha being on every page.
Thanks for the great addon.
|
|
|
|
|
Greg Salt
|
| Posted: 26 May 2012 03:39 AM |
# 3
|
|
|
Developer
|
Yep, what you describe sounds like it’s working normally. Glad that it’s working well for you and thanks very much!
Cheers
Greg
|
|
|
|
|
Amity Web
|
| Posted: 15 June 2012 05:23 PM |
# 4
|
|
|
|
Just came here to raise this same question… is this just as secure or not though? I thought the more questions I add to insert more randomness to avoid automatic submissions, in fact it means automatic submissions have a better chance to guess the answer due to having more answers to choose. Or is this not the case due to having to refresh the page many times to get all answers?
|
|
|
|
|
Greg Salt
|
| Posted: 15 June 2012 06:01 PM |
# 5
|
|
|
Developer
|
Hi,
Refreshing the page won’t give you the answers but it will allow you submit any valid answer of those questions that you have already seen.
With regards to security, this is the way that the EE captcha system works - Accessible Captcha uses that core functionality - and I would say that using simple questions is no more or less secure than any other captcha system. The truth is that if someone wants to automate captcha bypass then they will be able to do since there are multiple captcha breaking services that use humans to do the work.
Accessible Captcha would be very difficult for anyone/anything to defeat if the questions and answers were not generic but tailored to the online community and were based upon data that only potential members of that community would know.
Does that help?
Cheers
Greg
|
|
|
|
|
Amity Web
|
| Posted: 15 June 2012 07:13 PM |
# 6
|
|
|
|
When I say refresh the page I didn’t mean it shows you the answers but it adds the previous answer to the session thus increasing the chance an automated system will guess the answer.
But anyway… All I know is for sure that the EE captcha system is rubbish because I had loads of spam get through all the time and your captcha system has cut it down 99% so it’s great. I just dont like the fact that I can answer a different question and get through! But hey, it’s working.
|
|
|
|
|
Greg Salt
|
| Posted: 15 June 2012 07:18 PM |
# 7
|
|
|
Developer
|
I just dont like the fact that I can answer a different question and get through! But hey, it’s working.
I know it’s counterintuitive but that is the way that the EE system works.
I’m glad that you’re finding AC to be useful.
Cheers
Greg
|
|
|
|
