invalid and inconsistent captcha behavior

[tired_one]

You are probably sick of seeing me...lol.

Well, I changed my php.ini file to allow transparent session ids and recycled apache...turned off cookies in my browser, enabled captcha in serendipity, and guess what? I still get an error message about an invalid captcha.

I tested this in production - but had to turn it off as soon as I got that error message so I can't even give you the url (well, I can but it wouldn't do you any good).

So, then I went back to my dev. environment at http://www.b-p-s.net/s9y/clean/serendipity/

and it didn't work either even after changing the value in php.ini

Code: Select all

[2005-01-19 15:14:36] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]
[2005-01-19 15:14:44] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]
[2005-01-19 15:14:50] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]

I swear I'm going to lose my job over this...lol...

[garvinhicking]

Please try the 0.8 bundled version of the spamblock plugin, it's debugging messages for failed captchas are much easier to comprehend.

You may also need to use the 0.8 bundled-libs directory, as the latest spamblock with SURBL support needs some PEAR-dependencies.

I'm sure we'll get this solved, don't abandon your hope!

Regards,
Garvin

[tired_one]

Ok - I'll try that and keep my fingers crossed that it works.

Sorry to be such a pain in the arse.

[garvinhicking]

No need to feel sorry, this is the place to ask for help! I hope we'll find a solution to this, and maybe we can improve the captchas some more if we find out there's a problem.

Good look and report back,
Garvin

[tired_one]

Code: Select all

| 1106236369 | REJECTED | Invalid captcha (Entered: 7bfjp, Expected: ) |        3 | testing captcha          |       |      | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/serendipity/index.php?url=archives/3-testing-email-link-to-approve-comments.html | testing testing

will it work?                                                           |
| 1106236378 | REJECTED | Invalid captcha (Entered: 39BPV, Expected: ) |        3 | testing captcha          |       |      | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/serendipity/index.php?url=archives/3-testing-email-link-to-approve-comments.html | testing testing

will it work?        

So - it seems that the phpsessid isn't being passed, even though I have use_trans_sid turned on in php.ini.

Hmmm...

Well, at least they work when cookies are on.

But, I still have to come up with a reliable solution for using it without cookies. I was actually asked what it would take to do away with the use of cookies in the app...I had to laugh - I'm not about to rewrite it from the ground up.

[tired_one]

That's it - I give up...

Code: Select all

| 1106254149 | REJECTED | Invalid captcha (Entered: dzyea, Expected: ) |        3 | robyn  |       |      | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/s9y/clean/serendipity/index.php?/archives/3-testing-entry-for-atom-0.3-RSS-feed.html | *sigh*

I'm never going to get this to work... |

No matter what I do, how I configure php, the server, the sofware I can't get this to work if someone chooses to disable cookies...

Garvin - thank you for all of your help. If you have any big brainstorms about this just send me a pm or something...I hate to waste space on your forum for this issue any more...especially since i'm the only nutter trying to make it do something it wasn't designed to do...

[sasha]

I've had this same problem and it is as the first poster stated an eratic issue. I've had it happen when testing it and it won't work then suddenly will work. I don't have this issue on ANY other blogs.

We've had numerous users also write and complain to us about the same issue. Some can't get it to work at all even if they have low security settings and others have the eratic behavior.

As much as we like S9y we are going to have to consider moving to a different blog software that has more consistent and reliable spam prevention. We've had to resort to disabling captchas and now have to wade through an ever growing number of spam commenting to get to the real comments.

[garvinhicking]

Sasha, did you check your PHP session installation? This error can happen if sessions sproadicaly timeout or are written to bad diskspace.

Are you running any other software which uses sessions and is accessed as frequent as your blog?

I am sorry for your experience, but I believe it is unrelated to Serendipity. We would love to do more against spam, but there's only so much you can do against it. Captchas are the best way, the only other effective mean is allowing comments for registered users only. Have you thought of that?

Regards,
Garvin

[sasha]

The session seemed to be installed fine. the blog is our only app running the session. this is the session part in phpinfo(). does it give you some insights?

Code: Select all

session
Session Support 	enabled
Registered save handlers 	files user

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	18000	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	864000	1440
session.gc_probability	1	1
session.name	CPSESSION	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	-	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	Off	Off

[garvinhicking]

Are you maybe using a clustered apache/PHP setup?

Regards,
Garvin

[Guest]

No clustered apache/PHP setup. We double checked with our hosting co. and they also checked on diff. browsers and varioous setups which allowed cookies but could not get the captchas to work.

Are you maybe using a clustered apache/PHP setup?

Regards,
Garvin

[garvinhicking]

Can you give me an URL to your blog to see the missing captchas?

What could happen is that the GDlib image functions fail - I would suggest to get a "broken" captcha image via WGet and see if there's PHP error output in the binary file?

Regards,
Garvin

[Guest]

Just wanted to post a thanks to Garvin who helped us troubleshoot and find the probelm.

He pointed out that the URL we give our and the one set up in our blog configuation were different. The config had http://oursite.com but the URL we give out typically is http://www.oursite.com/.

Notice the extra 'www'. The captchas are fetched from a different URL and thus the cookie would not match!

That means you either need to enable the "autodetect HTTP host" setting within serendipity, or you need to decide to only use one URL name!