Posted by gaijinu on February 21, 2008 at 6:54am
Jump to:
| Project: | Whois lookup |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (works as designed) |
Issue Summary
Hi, I'm using whois with math CAPTCHA enabled for whois_whois_form and it seems CAPTCHA is completely ignored, whois still processes the request regardless of the Math Question result.
CAPTCHA works fine with contact form, for example.
Thanks
Comments
#1
I can confirm this.
#2
This is actually a big problem. Some whois servers will temporarily ban IPs that perform too many whois lookups, and CAPTCHA might prevent abuse to certain roles (like anonymous) by being a viable deterrent.
#3
I have tried out CAPTCHA with whois on 6.x and can confirm this bug. But I'm not sure how to cap the CAPTCHA request and validate the answer, and now even with the new AJAXified interface coming up in 6.x version.
I'm not familiar with CAPTCHA's intel inside.
#4
Actually CAPTCHA is checked when submitting the form. However, CAPTCHA can't prove useful for this module, because the module provides the ability to put the address of whois request in url itself and lookup. CAPTCHA implementation would look very immature since it can easily be by-passed. (CAPTCHA would still work with the form submission, tested on 6.x captcha version: captcha.module,v 1.58.2.6 2008/04/07 22:25:45 soxofaan).
Anyhow, to cover up with spam problem, 6.x version will include an hourly threshold setting.
#5
Hourly threshold included in 6.x release.
http://drupal.org/node/294251