Yesterday bots found a hole in my captcha auth


#1

Yesterday I started getting messages from bots at my site. They set no
captcha answer and my code sent
http://captchator.com/captcha/check_answer/$yoursessionid/” as a
captcha confirmation. And sometimes you answered with “1” instead of
“0”.

As workarout I pushed a fix that requires a captcha answer to be not
blank…

But is not there an issue when one asks you for confirmation without any
answer?

Thanks!

Konstantin


#2

Konstantin Dzreyev wrote:

Yesterday I started getting messages from bots at my site. They set no
captcha answer and my code sent
http://captchator.com/captcha/check_answer/$yoursessionid/” as a
captcha confirmation. And sometimes you answered with “1” instead of
“0”.

Thanks for the report. I made a change to the software yesterday that
caused this problem. It is fixed now. Please let me know if there are
any further problems.