OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



problem with captcha

General inquiries about the PKP.

Moderators: jmacgreg, btbell, michael, bdgregg, vgabler, barbarah, John

Forum rules
Feel free to post general inquiries about the PKP Here. We'll also post notes of interest from time to time. You may also want to check out the PKP blog.

problem with captcha

Postby sgroote » Wed Sep 25, 2013 8:50 pm

We are having problems with fake users creating fake accounts on our OJS server. We have enabled the captcha feature and after doing so deleted all the fake accounts by merging them. However, the fake accounts continue to appear. In the last 2 months, there have been 2000 created. Is there anything further we can do to prevent these accounts from being created?
sgroote
 
Posts: 2
Joined: Tue Apr 26, 2011 2:41 pm

Re: problem with captcha

Postby asmecher » Thu Sep 26, 2013 8:43 am

Hi sgroote,

This is the second report I've had of accounts being created despite CAPTCHA being enabled. Are you using CAPTCHA or ReCAPTCHA?

In order to investigate this we'll need some information from the log correlated against the database. First, identify a spam account that's been added fairly recently; check the date and time it was created; then correlate that exact date and time against the entry in the web server access log. What is the URL in the log?

Thanks,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8910
Joined: Wed Aug 10, 2005 12:56 pm

Re: problem with captcha

Postby mirkh » Tue Oct 29, 2013 3:47 am

Hi, we get around 6 spam users a day. We use RECAPTCHA. Could it be that it's people who are paid to do this manually?

/ Maria

Here's a recent user:

Code: Select all
+-----------+---------------------+
| username  | date_registered     |
+-----------+---------------------+
| vokspoisk | 2013-10-29 10:26:57 |
+-----------+---------------------+


Here's access log:

142.54.172.174 - - [29/Oct/2013:10:26:54 +0100] "GET /ojs/index.php/sciecominfo/comment/view/1/0/ HTTP/1.0" 302 401 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/comment/view/1/0/" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:55 +0100] "GET /ojs/index.php/sciecominfo/login?source=%2Fojs%2Findex.php%2Fsciecominfo%2Fcomment%2Fview%2F1%2F0%2F HTTP/1.0" 200 11941 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/login?source=%2Fojs%2Findex.php%2Fsciecominfo%2Fcomment%2Fview%2F1%2F0%2F" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:55 +0100] "GET /ojs/index.php/sciecominfo/user/register HTTP/1.0" 200 34619 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/user/register" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:56 +0100] "POST /ojs/index.php/sciecominfo/user/registerUser HTTP/1.0" 302 392 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/user/register" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:57 +0100] "GET /ojs/index.php/sciecominfo/login HTTP/1.0" 302 273 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/login" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:57 +0100] "GET /ojs/index.php/sciecominfo/user HTTP/1.0" 200 11386 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/user" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:58 +0100] "GET /ojs/index.php/sciecominfo/index.php HTTP/1.0" 404 232 "http://journals.lub.lu.se/index.php" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:58 +0100] "GET /index.php/sciecominfo/index.php HTTP/1.0" 404 232 "http://journals.lub.lu.se/index.php/sciecominfo/index.php" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:59 +0100] "GET /ojs/index.php/sciecominfo/index.php HTTP/1.0" 404 232 "http://journals.lub.lu.se/index.php" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
Last edited by mirkh on Wed Oct 30, 2013 7:22 am, edited 1 time in total.
mirkh
 
Posts: 10
Joined: Fri Mar 25, 2011 5:58 am

Re: problem with captcha

Postby asmecher » Tue Oct 29, 2013 10:09 am

Hi Maria,

Many thanks for the information. The two relevant entries are...
Code: Select all
142.54.172.174 - - [29/Oct/2013:10:26:55 +0100] "GET /ojs/index.php/sciecominfo/user/register HTTP/1.0" 200 34619 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/user/register" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
142.54.172.174 - - [29/Oct/2013:10:26:56 +0100] "POST /ojs/index.php/sciecominfo/user/registerUser HTTP/1.0" 302 392 "http://journals.lub.lu.se/ojs/index.php/sciecominfo/user/register" "Opera/9.80 (Windows NT 5.1; U; MRA 8.0 (build 5784); ru) Presto/2.10.289 Version/12.02"
These two lines are used to fetch the registration form, then submit it. Looking at the timestamps, they are listed 1 second apart; this is too fast for a human to do a ReCAPTCHA test. That suggests to me that either our implementation is faulty -- though my tests and scrutiny of the code haven't turned up anything there -- or ReCAPTCHA is broken.

I've done some searching online and found a few threads like this one discussing similar situations.

A few areas to investigate next:
  • Add some code to log your $_GET, $_SERVER, and $_POST requests on the registration form, so that we can capture some more specific information about registration requests. This might help hone in on the source.
  • Run a few queries on the users table to see if you can identify a time when registrations spiked. This might allow us to find a particular breakthrough in CAPTCHA breaking technology.
  • Check to see how many IPs the registrants are coming from; if it's only a few, perhaps IP blocks or a blacklisting technology would be a good addition.
Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8910
Joined: Wed Aug 10, 2005 12:56 pm

Re: problem with captcha

Postby mirkh » Wed Oct 30, 2013 7:28 am

Hi Alec, thanks for your reply.

asmecher wrote:A few areas to investigate next:
  • Add some code to log your $_GET, $_SERVER, and $_POST requests on the registration form, so that we can capture some more specific information about registration requests. This might help hone in on the source.
  • Run a few queries on the users table to see if you can identify a time when registrations spiked. This might allow us to find a particular breakthrough in CAPTCHA breaking technology.
  • Check to see how many IPs the registrants are coming from; if it's only a few, perhaps IP blocks or a blacklisting technology would be a good addition.


I'll add some debug logging.

We didn't add CAPTCHA until this summer, so it's been about the same from the start.

There are absolutely ip ranges that are more common doing registrations, and I'll think about adding a blacklist.

/ Maria
mirkh
 
Posts: 10
Joined: Fri Mar 25, 2011 5:58 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests