CAPTCHA is ignored
gaijinu - February 21, 2008 - 06:54
| Project: | Whois lookup |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | by design |
Jump to:
Description
Hi, I'm using whois with math CAPTCHA enabled for whois_whois_form and it seems CAPTCHA is completely ignored, whois still processes the request regardless of the Math Question result.
CAPTCHA works fine with contact form, for example.
Thanks
#1
I can confirm this.
#2
This is actually a big problem. Some whois servers will temporarily ban IPs that perform too many whois lookups, and CAPTCHA might prevent abuse to certain roles (like anonymous) by being a viable deterrent.
#3
I have tried out CAPTCHA with whois on 6.x and can confirm this bug. But I'm not sure how to cap the CAPTCHA request and validate the answer, and now even with the new AJAXified interface coming up in 6.x version.
I'm not familiar with CAPTCHA's intel inside.
#4
Actually CAPTCHA is checked when submitting the form. However, CAPTCHA can't prove useful for this module, because the module provides the ability to put the address of whois request in url itself and lookup. CAPTCHA implementation would look very immature since it can easily be by-passed. (CAPTCHA would still work with the form submission, tested on 6.x captcha version: captcha.module,v 1.58.2.6 2008/04/07 22:25:45 soxofaan).
Anyhow, to cover up with spam problem, 6.x version will include an hourly threshold setting.
#5
Hourly threshold included in 6.x release.
http://drupal.org/node/294251