[WEB SECURITY] my website captcha broken??

r at fuckthespam.com r at fuckthespam.com
Sat Jan 31 11:21:05 EST 2009


I believe that what you first need to do is using a better CAPTCHA. Ever
heard of reCAPTCHA?
I'm really not sure what you can do against them... nothing I bet.

--Romain
http://rgaucher.info

> I need some advice. I work for a company that provides sms service on line
> from our web  site. The websites uses captcha but some how hackers have
> been able to break the captcha or work around it, because they (hackers)
> have created a web capable to send sms through  our website.
>
> I've know they're using our web site  because  whe can see their website
> server IP in our database logs.
>
>
> Do you have any pointers of how could the problem be adressed?
>
> Perhaps you might have some similar stories that may give me a clue of how
> they did it?
>
> Greetings.
>





----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list