invalid and inconsistent captcha behavior
invalid and inconsistent captcha behavior
Its me again...sorry...
We'd like to use the captcha feature in the spamblock plugin, but in testing we noticed that it behaves rather erratically. Sometimes it works and sometimes it doesn't.
For instance, I just tried to add a comment to my test blog and it was rejected 5 times because of an invalid captcha entry and I *know* that I typed the darn thing properly...on the 6th try it was accepted.
I can't implement this if it is going to do this to the users visiting the site.
Its really unpredictable when it will happen as well.
Again, we're using 0.7.1
Thanks.
-Robyn
We'd like to use the captcha feature in the spamblock plugin, but in testing we noticed that it behaves rather erratically. Sometimes it works and sometimes it doesn't.
For instance, I just tried to add a comment to my test blog and it was rejected 5 times because of an invalid captcha entry and I *know* that I typed the darn thing properly...on the 6th try it was accepted.
I can't implement this if it is going to do this to the users visiting the site.
Its really unpredictable when it will happen as well.
Again, we're using 0.7.1
Thanks.
-Robyn
-
- Regular
- Posts: 62
- Joined: Thu Oct 07, 2004 3:16 pm
URL please?
I've been using captcha for a month now, and havent' got any problems. One way to minimise the use of captcha is to set only entries older than 7 days to require commenters to pass the chanllenge-response test. It usually takes about a week for search engines to index your new entries (and for comment spammers to find them).
I've been using captcha for a month now, and havent' got any problems. One way to minimise the use of captcha is to set only entries older than 7 days to require commenters to pass the chanllenge-response test. It usually takes about a week for search engines to index your new entries (and for comment spammers to find them).
Last edited by Little Hamster on Wed Jan 19, 2005 5:54 pm, edited 1 time in total.
this is my testing blog... http://www.b-p-s.net/s9y/clean/serendipity/
Its been requested of me by my boss (his blog) that I get the captcha's working in a consistent manner so they can be enabled for all comments. The reasoning is that its a fairly heavily trafficked blog and we get lots of spam attacks (we do use the IP blocking, IP blacklisting, disallow duplicate text, etc...this would just be that one extra thing which would be helpful to us).
Its been requested of me by my boss (his blog) that I get the captcha's working in a consistent manner so they can be enabled for all comments. The reasoning is that its a fairly heavily trafficked blog and we get lots of spam attacks (we do use the IP blocking, IP blacklisting, disallow duplicate text, etc...this would just be that one extra thing which would be helpful to us).
-Robyn
-
- Regular
- Posts: 62
- Joined: Thu Oct 07, 2004 3:16 pm
I tried adding a comment to your blog. I believe I got it right the first time. I was lead back to the page of the entry, but without the style sheet. And I can't see my comment either. I believe the server/blog stopped working right at that moment because I get this when I click on the banner:
Have you tried using a different browser too? For example firefox? Maybe you can pin point it to whether it's a client or server problem?
Code: Select all
Fatal error: session_start(): Failed to initialize storage module: user (path: /tmp) in /home/virtual/site34/fst/var/www/html/s9y/clean/serendipity/index.php on line 10
I got your comment.
yeah - that particular server has issues sometimes...
I really think its an issue with settings on the client machine since this was brought to my attention by the users of the production blog which lives on a different, more stable server.
Just out of curiosity - what browser with what privacy settings did you use?
yeah - that particular server has issues sometimes...
I really think its an issue with settings on the client machine since this was brought to my attention by the users of the production blog which lives on a different, more stable server.
Just out of curiosity - what browser with what privacy settings did you use?
-Robyn
-
- Regular
- Posts: 62
- Joined: Thu Oct 07, 2004 3:16 pm
Ah - so you're allowing all cookies?
If you change that setting to block all cookies, the captcha doesn't work regardless of browser and os/platform.
To me, forcing a user to enable cookies in order for features to work is kind of unreasonable...some people are really anal about those types of security issues. Me, for instance. I don't want anyone putting a file on my machine without my explicit permission.
If you change that setting to block all cookies, the captcha doesn't work regardless of browser and os/platform.
To me, forcing a user to enable cookies in order for features to work is kind of unreasonable...some people are really anal about those types of security issues. Me, for instance. I don't want anyone putting a file on my machine without my explicit permission.
-Robyn
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
The error message about the "storage / user" thing indicates that it's a problem on your Server side, not Client side.
It seems that your session saving/storage is freaked up, did you specify right session.save_path? Did you make sure /tmp is writable, and that your disk isn't full?
For Captchas to work properly, you will need Sessions. If you use URL Rewriting within Apache, you will also need to have Cookies enabled because the way plugins are called, the can only get PHPSESSID via cookie and not via URL. In early 0.8 Serendipity versions we now tell the user that he should enable Cookies to post to Captchas.
Regards,
Garvin
It seems that your session saving/storage is freaked up, did you specify right session.save_path? Did you make sure /tmp is writable, and that your disk isn't full?
For Captchas to work properly, you will need Sessions. If you use URL Rewriting within Apache, you will also need to have Cookies enabled because the way plugins are called, the can only get PHPSESSID via cookie and not via URL. In early 0.8 Serendipity versions we now tell the user that he should enable Cookies to post to Captchas.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
- Regular
- Posts: 62
- Joined: Thu Oct 07, 2004 3:16 pm
It actually says so on the text above the captcha picture:
I didn't implement the plugin, obviously, so I have no idea if it's possible to do captcha without cookies. Have you considered modifying the current plugin for your purpose?Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
that 'storage/user' message had nothing to do with the problem - although it is an annoyance for me. I don't have that issue in my production environment and still have the captcha issue.
In my production environment, URL rewriting is disabled. So, by your post since we're not using URL rewriting we shouldn't need to have cookies enabled, right? However, it seems that they *do* need to be enabled since we are experiencing this problem.
In my production environment, URL rewriting is disabled. So, by your post since we're not using URL rewriting we shouldn't need to have cookies enabled, right? However, it seems that they *do* need to be enabled since we are experiencing this problem.
-Robyn
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
When you deactivate URL rewriting you need to enforce PHPs automatic Session URL rewriting, so that it appends ?PHPSESSID to the links properly.
I really suspect that it has to do with the serverside, the captcha plugin is working on quite a few other sites without the problems. Did you check the spamblock logfile? It should tell you why/if a comment was rejected, and why the check failed.
You may need to update the plugin to latest CVS code, because the logging has been improved there (and uses a DB table).
HTH,
Garvin
I really suspect that it has to do with the serverside, the captcha plugin is working on quite a few other sites without the problems. Did you check the spamblock logfile? It should tell you why/if a comment was rejected, and why the check failed.
You may need to update the plugin to latest CVS code, because the logging has been improved there (and uses a DB table).
HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Garvin - which settings in php.ini do I need to check to ensure that php is doing the url rewrite? I can write decent code, but I'm not very good at configuring stuff on the server...lol.
Thanks.
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off
Let me guess - this is what I need to turn on: session.use_trans_sid Off Off
Thanks.
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off
Let me guess - this is what I need to turn on: session.use_trans_sid Off Off
Last edited by tired_one on Wed Jan 19, 2005 6:58 pm, edited 1 time in total.
-Robyn
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Hi Robyn!
session.use_trans_sid is the one you'll have to set to 'TRUE'.
However, read the docs about possible side effects this may have (security, perormance ) here http://uk.php.net/session
Regards,
Garvin
session.use_trans_sid is the one you'll have to set to 'TRUE'.
However, read the docs about possible side effects this may have (security, perormance ) here http://uk.php.net/session
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/