[WEB SECURITY] my website captcha broken??
John Doesnot
fuzion.8 at gmail.com
Sat Jan 31 03:27:32 EST 2009
On Sat, Jan 31, 2009 at 12:11 AM, Luis Matus <matus.investiga at gmail.com> wrote:
> I need some advice. I work for a company that provides sms service on line
> from our web site. The websites uses captcha but some how hackers have
> been able to break the captcha or work around it, because they (hackers)
> have created a web capable to send sms through our website.
>
> I've know they're using our web site because whe can see their website
> server IP in our database logs.
>
>
> Do you have any pointers of how could the problem be adressed?
Start adding their IPs to you site's .htaccess deny from all list
> Perhaps you might have some similar stories that may give me a clue of how
> they did it?
Any common commercial or open source captcha software should be deemed
"crackable". Your best option would be to create an inhouse mechanism
or to use another security method.
> Greetings.
>
>
>
--
http://www.nukeit.org
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list