[WEB SECURITY] my website captcha broken??

John Doesnot fuzion.8 at gmail.com
Sat Jan 31 03:27:32 EST 2009


On Sat, Jan 31, 2009 at 12:11 AM, Luis Matus <matus.investiga at gmail.com> wrote:
> I need some advice. I work for a company that provides sms service on line
> from our web  site. The websites uses captcha but some how hackers have
> been able to break the captcha or work around it, because they (hackers)
> have created a web capable to send sms through  our website.
>
> I've know they're using our web site  because  whe can see their website
> server IP in our database logs.
>
>
> Do you have any pointers of how could the problem be adressed?
Start adding their IPs to you site's .htaccess deny from all list
> Perhaps you might have some similar stories that may give me a clue of how
> they did it?
Any common commercial or open source captcha software should be deemed
"crackable". Your best option would be to create an inhouse mechanism
or to use another security method.
> Greetings.
>
>
>



-- 
http://www.nukeit.org

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list