Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi
I've been trying to find a solution to the 'CAPTCHA session reuse attack detected' for some time now but can only ever find talk of solutions in relation to the Drupal 6 releases or the dev release. Is there a patch that anyone can guide me to in regard to 7.x-1.0? I'm on a live site so imagine I need the stable version :)
Thank you]
Stephen
Comments
Comment #1
frenkas CreditAttribution: frenkas commentedhttps://drupal.org/files/captcha-918856-session-reuse.patch
This patch saved my site and I think this is a must add to a new version of captcha. This must be security update and must be done as soon as possible.
Before this patch I got hundreds per day of bots loging into my site. Had to turn off all rights for all user groups.
Comment #2
stevegmag CreditAttribution: stevegmag commentedIs it just me or is this patch truncated? I won't apply correctly and looks like it end prematurely.
Comment #3
Vietyank CreditAttribution: Vietyank commentedIs there a solution to the problem with the patch being truncated?
Comment #4
Liam MorlandThis could be a duplicate of #918856: CAPTCHA Session Reuse message on webforms . Try using the development version of CAPTCHA. We are using it, which includes a fix for this issue. The fix in the development version is a newer version of the patched linked above.
Comment #5
Alan D. CreditAttribution: Alan D. commentedLatest dev version (6.x-2.5+1-dev) we are seeing this:
xxx == Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.28.10 (KHTML, like Gecko) Version/6.0.3 Safari/536.28.10
173.0.57.6 - - [03/Apr/2014:09:50:50 +1000] "GET /node/add HTTP/1.0" 403 1946 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:50:58 +1000] "GET /?q=user/register HTTP/1.0" 301 - "/node/add" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:00 +1000] "GET /user/register HTTP/1.0" 200 38057 "/node/add" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:04 +1000] "GET /image_captcha/157/1396482661 HTTP/1.0" 302 - "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:11 +1000] "POST /user/register HTTP/1.0" 302 - "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:12 +1000] "GET /users/5mebwa9w68 HTTP/1.0" 200 8809 "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:16 +1000] "GET /?q=node/add HTTP/1.0" 301 - "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:17 +1000] "GET /node/add HTTP/1.0" 403 5885 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:18 +1000] "GET /?q=user HTTP/1.0" 301 - "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:19 +1000] "GET /user HTTP/1.0" 200 8653 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:20 +1000] "GET /user/1648/edit HTTP/1.0" 200 37537 "/user" "xxx"
Just one of about 100 per day :(
[edit]
All requests appeared to have the same user agent which is strange, each from a different IP's. All had one last step too, that I forgot to add, each attempted to access node/all then every request trail stopped. This is a very drupal specific attack.
Note that there are no images / scripts / etc in the apache logs, this a definitive bot attack for trying to register and to create content.
Comment #6
Liam MorlandDuplicate of #918856: CAPTCHA Session Reuse message on webforms .