Hi

I've been trying to find a solution to the 'CAPTCHA session reuse attack detected' for some time now but can only ever find talk of solutions in relation to the Drupal 6 releases or the dev release. Is there a patch that anyone can guide me to in regard to 7.x-1.0? I'm on a live site so imagine I need the stable version :)

Thank you]

Stephen

Comments

frenkas’s picture

frenkas CreditAttribution: frenkas commented
Component: Miscellaneous » Captcha API (captcha)
Priority: Normal » Critical

https://drupal.org/files/captcha-918856-session-reuse.patch
This patch saved my site and I think this is a must add to a new version of captcha. This must be security update and must be done as soon as possible.
Before this patch I got hundreds per day of bots loging into my site. Had to turn off all rights for all user groups.

stevegmag’s picture

stevegmag CreditAttribution: stevegmag commented

Is it just me or is this patch truncated? I won't apply correctly and looks like it end prematurely.

Vietyank’s picture

Vietyank CreditAttribution: Vietyank commented

Is there a solution to the problem with the patch being truncated?

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland commented

This could be a duplicate of #918856: CAPTCHA Session Reuse message on webforms . Try using the development version of CAPTCHA. We are using it, which includes a fix for this issue. The fix in the development version is a newer version of the patched linked above.

Alan D.’s picture

Alan D. CreditAttribution: Alan D. commented
Issue summary: View changes

Latest dev version (6.x-2.5+1-dev) we are seeing this:

xxx == Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.28.10 (KHTML, like Gecko) Version/6.0.3 Safari/536.28.10

173.0.57.6 - - [03/Apr/2014:09:50:50 +1000] "GET /node/add HTTP/1.0" 403 1946 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:50:58 +1000] "GET /?q=user/register HTTP/1.0" 301 - "/node/add" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:00 +1000] "GET /user/register HTTP/1.0" 200 38057 "/node/add" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:04 +1000] "GET /image_captcha/157/1396482661 HTTP/1.0" 302 - "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:11 +1000] "POST /user/register HTTP/1.0" 302 - "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:12 +1000] "GET /users/5mebwa9w68 HTTP/1.0" 200 8809 "/user/register" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:16 +1000] "GET /?q=node/add HTTP/1.0" 301 - "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:17 +1000] "GET /node/add HTTP/1.0" 403 5885 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:18 +1000] "GET /?q=user HTTP/1.0" 301 - "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:19 +1000] "GET /user HTTP/1.0" 200 8653 "/" "xxx"
173.0.57.6 - - [03/Apr/2014:09:51:20 +1000] "GET /user/1648/edit HTTP/1.0" 200 37537 "/user" "xxx"

Just one of about 100 per day :(

[edit]
All requests appeared to have the same user agent which is strange, each from a different IP's. All had one last step too, that I forgot to add, each attempted to access node/all then every request trail stopped. This is a very drupal specific attack.

Note that there are no images / scripts / etc in the apache logs, this a definitive bot attack for trying to register and to create content.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland commented
Status: Active » Closed (duplicate)

Duplicate of #918856: CAPTCHA Session Reuse message on webforms .