[pmwiki-users] pmform captchas bypassed on thinkhost.com

Ben Stallings ben at interdependentweb.com
Sat Jul 12 18:29:30 CDT 2008


I'm having a weird problem with PmForm and Captcha on two of my sites 
that are hosted on ThinkHost.com.  The same forms work just fine on 
DreamHost.com, making me think it may be a server configuration issue.

The problem: If you go to 
http://www.worldpopulationbalance.org/ThePopulationIssue/QuestionsAndAnswers 
and submit the form at the bottom of the page, it will send me mail 
regardless of what is typed in the captcha field.

The config.php looks like this:
$EnablePostCaptchaRequired = true;
include_once("$FarmD/cookbook/captcha.php");
include_once("$FarmD/cookbook/pmform.php");
$PmForm['maileditor'] = 'mailto=ben at interdependentweb.com form=#mailform 
fmt=#mailpost';

Site/PmFormTemplates#mailpost looks like this:
[[#mailpost]]
(:template require from errmsg="$[Missing 'from' address]" :)
(:template require subject errmsg="$[Missing message subject]" :)
(:template require text errmsg="$[Message text required]" :)
(:template require if="captcha" errmsg="$[Captcha required]" :)
{$$text}
==========
Sent via PmForm at {$$PageUrl}
[[#mailpostend]]

Here's another clue: spammers are changing the subject line, so they are 
spoofing the form, not using the one on the page.  Even so, that's the 
sort of thing captchas are supposed to prevent!

And another: even though $EnablePostCaptchaRequired is true, captchas 
are also not required to edit pages (though this is not a problem 
because a password is required!).

Any ideas?  My clients and I are getting tired of being spammed! 
PHPinfo details for the site are at 
http://www.worldpopulationbalance.org/info.php , and I'm running the 
most recent version of PmWiki and the recipes.

Thanks in advance!
Ben Stallings
Interdependent Web



More information about the pmwiki-users mailing list