EllisLab text mark
Advanced Search
1 of 2
1
   
Captcha Error: registration occasionally failing with word not recognized
Posted: 07 November 2007 06:33 PM
Avatar
Joined: 2004-05-16
434 posts

About one of every twenty people registering for my site’s forums are getting frustrated because of this error message:

“You did not submit the word exactly as it appears in the image”

They say they are submitting the word properly, in some cases they’ve even tried reloading the page and using a new word.

It appears to be specific to certain users.

The registration is here:
http://www.moviemaker.com/forums/member/register/

I’m using ExpressionEngine Discussion Forum - Version 2.0.0 (20070918) Any suggestions?

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 07 November 2007 08:08 PM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2002-04-29
26055 posts

It’s the occasional problem that is hard to troubleshoot.

I just registered using Firefox 2.0.0.9 for Windows, and no error message for me.

Do these people have any thing in common? Location, browser, etc.?

 
Posted: 07 November 2007 08:21 PM   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

No common thread that I’ve been able to spot yet.

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 November 2007 10:49 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2002-05-20
12643 posts

Hm- I just registered ok on IE.  We need to find a pattern or this is going to be a killer to trouble shoot.  Does it happen more than once to the same person?  What browser are they using?  What word(s) are failing.  Um… can you think of anything that might suggest a pattern?  Wonder if it happens when two people register at the same time.  I don’t think so, but…  Can you spot anything on your end that might give us a better hint?

 Signature 
 
Posted: 08 November 2007 05:13 PM   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

The people who have responded with details are both using AOL to connect, though one’s using a Mac 10.3.6 and one’s using a PC and IE 6.

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 November 2007 05:15 PM   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-14
20504 posts

This sounds like it may be an issue with AOL’s proxy caching serving up an older version of the page with the wrong CAPTCHA.

 
Posted: 08 November 2007 05:16 PM   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6547 posts

AOL is probably the culprit, as I believe they still rotate IP addresses, so it would be possible that their IP address rotates between the form being generated and their submission.  The error message would be identical, as their CAPTCHA submission simply doesn’t match with any of the valid IP/CAPTCHA pairs in the database.

 Signature 
 
Posted: 08 November 2007 05:28 PM   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

Is there a way to disable the IP-matching requirement of the captcha test?

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 November 2007 05:33 PM   [ # 8 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6547 posts

Not without hacking, and that would kind of defeat the purpose.  You’d be better off disabling CAPTCHA altogether.

 Signature 
 
Posted: 08 November 2007 06:06 PM   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

Fair enough.

But actually, this IP shifting should be an issue just once—it would be probably fairly rare for an IP address to shift if the user tried over and over again, no?

Why does the captcha have a matching IP requirement, anyway?  I realize it’s extra protection, but since each captcha can only be used once…

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 November 2007 06:11 PM   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6547 posts

Consider a very busy site, where captchas are being generated constantly.  This could leave hundreds of valid words in the database, and typing in any of these words would validate for the user, whether it was “their” captcha or not.

 Signature 
 
Posted: 08 November 2007 06:46 PM   [ # 11 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

Good point—I always use the appended number setting, and also forgot that EE uses a word list, not just a random collection of letters. That would be much less likely to be duplicated, but is also much harder to type correctly.

OK, I’ll watch and see if AOL continues to be the common culprit, thanks!

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 January 2008 04:17 AM   [ # 12 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

An update to this thread.  The problem with Captchas blocking people from AOL continued and seemed to get worse, but I couldn’t turn off captchas altogether because this site is very high visibility and gets a lot of spam.

I finally had to go into the comments and registration PHP files and disable the IP check with a small hack.

This has the small disadvantage of letting visitor A possibly submit the text from a captcha originally shown to visitor B and be allowed to post—i.e. they don’t have to use the text from their own captcha, they can use any valid captcha.

But since I have a good amount of variety in the captcha creation, and because visitor A’s use of visitor B’s captcha doesn’t erase it (that only happens when visitor B uses the captcha) this method is working for now.

I’d still really like for this to be a configuration option, which is why I made it a feature request.

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 08 January 2008 10:13 AM   [ # 13 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6547 posts

Just out of curiosity, have you tried turning off CAPTCHAs for a short period of time and measured how much spam it was deterring?  Almost all the spam we’re seeing these days is by humans at terminals.  If it’s still effective and might benefit others, you could consider making a Wiki article out of your modification.

 Signature 
 
Posted: 08 January 2008 03:13 PM   [ # 14 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-16
434 posts

I did it the other way: I had captchas turned off, and was getting significant spam (many per day), then turned captchas on, and spam dropped (more like a weekly process).  I don’t have numbers to quote, I wasn’t measuring at the time, but I think I will on my next client’s site.

TTFN
Travis

 Signature 

Check out our add-ons for EE:

* Hop Inject * * Deeploy Helper * * Edit This * * Publish Improve * * Reeveal Comments *


Hop Studios Internet Consulting
http://www.hopstudios.com/

 
Posted: 27 March 2008 11:39 AM   [ # 15 ]   [ Rating: 0 ]
Joined: 2007-06-18
293 posts

Please submit the code changes you made. I’m having a similar problem with Telkom SAIX in South Africa which uses a similar proxy service, I guess.

 
1 of 2
1