We've had a bit of spam on the contact form protected by reCAPTCHA. The sequence of events:
Friday, February 26, 2010 - 09:25 (Timestamp from DB: 1267176321)
contact_mail_page post blocked by CAPTCHA module: challenge "reCAPTCHA" (by module "recaptcha"), user answered "reCAPTCHA", but the solution was "1".
Hostname 122.163.87.59
Friday, February 26, 2010 - 09:26 (Timestamp from DB: 1267176377)
Felicia Sams [seo.sales.traffic@gmail.com] sent an e-mail regarding [Subject line].
Hostname 122.163.87.59
Friday, February 26, 2010 - 09:26 (Timestamp from DB: 1267176379)
CAPTCHA validation error: unknown CAPTCHA session ID ('6336').
Hostname 122.163.87.59
In the CAPTCHA sessions table:
csid uid ip_address timestamp form_id solution status attempts
6329 0 122.163.87.59 1267176126 contact_mail_page 1 0 1
6336 0 122.163.87.59 1267176321 contact_mail_page 1 1 1
6340 0 122.163.87.59 1267176377 contact_mail_page undefined 0 0
6341 0 122.163.87.59 1267176380 contact_mail_page 1 0 0
In the session table:
uid hostname timestamp cache session
0 122.163.87.59 1267176380 0 masquerading|N;captcha_success_form_ids|a:1:{s:17:"contact_mail_page";s:17:"contact_mail_page";}
I'm wondering if the bot is somehow throwing an error on the CAPTCHA or reCAPTCHA module that is allowing them to get through? Any ideas?
Comments
Comment #1
szb100 CreditAttribution: szb100 commentedAlso just noticed:
contact_mail_page post blocked by CAPTCHA module: challenge "reCAPTCHA" (by module "recaptcha"), user answered "reCAPTCHA", but the solution was "1"
Well, the solution is clearly not "1". Probably a complete red herring, but wanted to throw that in there as well...
Comment #2
cangeceiro CreditAttribution: cangeceiro commentedI can confirm this. Recently our site has been obliterated by spammers. and a look in my logs shows a huge string of these invalid session id errors.
Comment #3
hass CreditAttribution: hass commented