Nobody is able to get past the CAPTCHA- what is wrong?

You'll probably at least want to update your Mollom module to the latest version. There may have been relevant bugs fixed between 6.x-1.9 and 6.x-1.12. Please retry with the latest version and report back.

Check out my issue earlier this may be similar: http://drupal.org/node/734130 .. Maybe not though.

Just want to clarify something..

This started happening on our site when we were on Drupal 6.15 and Mollom version 6.x-1.12.

Updating to the latest version of Drupal saw no change.

We do have user 0, and we do allow anonymous sessions.
We are not using any modules like no_anon etc.

So I have to say I don't see the fix / cause of this problem being the same as is being said in the thread linked to above.

What is your public Mollom key, scratt?

We've recently started experiencing the same issue on a Drupal 6.16 / Mollom 6.x-1.12 site.
Public key: 648d86642325b376b580d401e12305b3

_{[Note to self: azm.org]}

Exact same issue. Subscribing.

Sorry for delay in replying.
Public Key : a58e8e86cba2ab085180434ec3a510fe

subscribing

Running a multisite and 1 of our sites has the exact same problem. All the others are working correctly...

If you are running a multi-site and only one site has this issue, is it possible that you did not run all module updates on that site?

Please make sure that you update to the latest version 1.13.

just updated mollom to the latest version and it still is not working. all dbupdates were run correctly

We have also updated to Mollom 1.13 and users are still experiencing and complaining about the problem. Just before each "Incorrect Captcha" message in the log is a Mollom message of the form:

"Unknown session id 100412e225b760c7df. This is not a bug in Mollom. If this happens too often, check your site for attacks."

Subscribing. Same issues for all users in all roles. What a pitty. Mollom is such a cool service, I'd really like to use it.

TallDavid: do you have cookies enabled?

1. Does everyone have cookies enabled (cookies for third party sites)?
2. Is anyone using a non-Drupal install (i.e. Pressflow)?
3. Is anyone using caching modules/extensions (i.e. Boost, Varnish, etc.)?

The 'Unknown session ID' error message typically suggests a caching bug. If you're using a reverse proxy, Varnish, Nginx, a load balancer, magical cloud hosting, or anything along those lines, please tell us in the comments. Also make sure you have cookies enabled. We'll need some help to debug this because to the best of our knowledge it only seem to affect a handful of our users (out of 20,000 active users).

#14: Dries, I do not know if my visitors have 3rd-party cookies enabled. I do know that the problem began with the update to Mollom 6.x-1.12 and continues in 6.x-1.13 and that it seems to have affected ALL users trying to register. (Mollom is currently turned-off because of the false-positives.) Disabling Mollom immediately allows a false-positive user to register.

#15: Dave Reid, affected site is a straight core Drupal 6.16 install that has been updated from earlier versions. It is running a large number of contributed modules. (Details available upon request.) This site is running Boost 6.x-1.18 and the server is running APC.

#16: Dries, none of these are being run: Varnish, Memcache, Nginx, load balancer, magical cloud hosting.

I hope this additional information is of use. Please let me know if there are additional actions we can take to assist in troubleshooting.

I wonder if the problem goes away if you disable boost. Is that something you could try?

For testing purposes I re-enabled Mollom's User registration form - CAPTCHA only.

Using a new instance of the Chrome browser, I accessed the website as an anonymous user and attempted to Create a new account. Each attempt was met with the message "The CAPTCHA was not completed correctly. Please complete this new CAPTCHA and try again" displayed to the anonymous user and two entries in the Drupal log: 1) Unknown session id xxxxxxxxxxxxxxxx. This is not a bug in Mollom. If this happens too often, check your site for attacks. and 2) Incorrect CAPTCHA...

Next I disabled the Boost module and removed the Boost entries from the .htaccess file. Attempts to Create a new account resulted in the same error message being displayed to the anonymous user and the same entries in the Drupal log.

Lastly, I closed and re-opened the Chrome browser and repeated the test. The test results were the same as those described above.

In summary, disabling Boost seems to have no effect on the issue.

Please let me know if there are other tests you would like to have performed.

I am also having the problem that people have described above - the inability to get past the CAPTCHA form. I'm using a standard Drupal 6.16 install, cookies enabled, no caching at all.

I just noticed that I'm only getting this error when I try to create an account using the Facebook Connect link. When I just click the normal "Create new account" link, no problems with the CAPTCHA at all...

I have Mollom on another site where we are using Boost. No problems there at all. It's a relatively new and clean install. So that tends to suggest that something gets borked by Mollom, or another module, and then kills Mollom one or two updates after it is initially installed.

We also use memcached, APC and a whole other host of caching features on our server, and on all of our Drupal installs. So if anyone has anything to add on this I am interested. Also happy to try any tests people have to try and get to the bottom of it. Although I have already tried killing all the caching modules, and clearing all caches several times, and even restarting the server to try and get Mollom to work on the offending site. No joy.

And we have no Facebook modules at all on any of your sites.

Thanks for testing TallDavid et al. Just to ask two obvious questions:

1. You did run update.php after upgrading the module?

2. Anything else in your watchdog messages?

I'm not sure how to help as I'm not able to reproduce the problem. It would be good if you could add some debug code to the module to see if we can track down the source of the problem. For example, the following code in mollom_pre_render_mollom() is responsible for storing the session code:

  if (!empty($form_state['mollom']['session_id'])) {
    cache_set($form_state['mollom']['session_id'], $form_state['mollom'], 'cache_mollom', $timestamp + 21600);
  }

If we don't execute that cache_set(), you could get the error message that you get. If I had to debug this, I'd start by adding some additional instrumentation code in mollom_pre_render_mollom().

1. Yes

2. My watchdog message shows the following, FWIW:

Invalid form id fbconnect_register_page for session id 10050674e6a300dc4d (generated for user_register). This is not a bug in Mollom. If this happens too often, check your site for attacks.

Again, my particular issue seems to be related to FB Connect. Although others may not be using this module, there may be a clue in there somewhere... e.g. the source of the conflict with FB Connect may also be causing other users' conflicts.

Make sure you don't have mollom in developer mode (on mollom.com). I had the same problem, but when i disabled developer mode it started to work again after a couple of hours.

I just checked and none of TallDavid's or WildBill's keys are in testing mode. We'll need some debugging help per #23.

I'm not able to get past the captcha as well. Drupal 6.16 + Mollom 6.x-1.13 in test mode. However, I'm getting the following log entries in drupal:

### error
Error 1000 from http://174.37.205.152: Your key is in test mode. You have sent an unknown testing string 'M6L22', it should be 'correct', 'incorrect', 'redirect' or 'refresh' for method mollom.checkCaptcha:
Array
(
[session_id] => 10051971a0a6d0872d
[captcha_result] => M6L22
[author_ip] => 192.168.56.1
)
### notice
Incorrect CAPTCHA:
Array
(
[name] => Frank
[mail] => email@address.com
[subject] => testing unsure
[cid] => 2
[message] => this message is unsure and should trigger a captcha
[copy] =>
[op] => Send e-mail
[submit] => Send e-mail
[form_build_id] => form-cfd5b68790e4419c4c0273f213ebc6d2
[form_id] => contact_mail_page
[mollom] => Array
(
[session_id] => 1274298608-10051971a0a6d0872d
[captcha] => M6L22
)

)

My public key is 630bcad74f3c19e745b8ad69d22c110b. For reference 'M6L22' above was the actual captcha entry.

Did you disable the test/developer mode? According to the error message, your key is still in test mode. As a result, CAPTCHAs might fail.

Ah. It's still in developer mode. I was under the assumption it would still let me past the captcha. User error...my appologies.

My errors only happened on the special login pages that are created when using the Facebook Connect module. It creates specials URLs containing "fbconnect" when the user tries to create an account using their FB login credentials.

I've switched to the Drupal for Facebook module, and I'm no longer having this issue with Mollom. I'm able to use the CAPTCHA successfully on the account creation form once again.

I'm afraid that's all the information I have. I'm sure there's some clue here, but I'm not knowledgeable enough in this area to know what it is.

Having the same issue on the new password request form, I dont have boost installed and its nothing to do with fb connect in my case.

thiokol -- is your key still in developer mode?

Hi Dries,

I had a quick look and couldnt see where developer mode is turned on/off on either the mollom site or the module settings.

Regardless, I discovered that my problem wasnt just limited to this, users couldnt log in at all, any attempt to log into my drupal site just reloaded the page with no error, I then checked the sessions table in phpmyadmin and it was completely empty.

I manually ran cron.php which solved this somehow (including mollom captchas), no idea why because cron runs every hour anyway.

My site is over 2 years old and has become littered with small bugs and strange behaviour, I'd like to lend a hand debugging the issue but I'm re-launching my site and starting again with a clean slate, rebuilding the entire site with only essential modules (I've tried to clean things up and update everything on the existing site but its become a lost cause tbh)

Anyway, my guess would be another contrib module(s) causing this but Id say it would be very difficult to pin-point the problem.

ps - I've used pressflow as the basis for my new site, I seen a potential conflict listed with mollom, you know if this is resolved yet Dries?

Like Dries said, the session id is not found in cache.

One quick test is to see if the session id (found in the source html minus the timestamp) has a matched cid in cache_mollom.

But it's also likely that the session id is not posted if the Mollom element was injected before the form id hidden field. That's happened to me and i used a form after_build to rearrange the form elements after the Mollom element was injected.

Just posted this - http://drupal.org/node/734130#comment-3131554

Which may be relevant to some people who are having this issue? Sorry if not!

Thanks,

Luke

I just got this problem when going to a multi-site installation (no other changes at all)... Wanted to report - will now debug and see what I can find. Everything was working fine before adding the new site and everything during the site addition went without error.

Will post back soon hopefully!

Captcha is never recognised on new user and password forms, on the contact form it seems to work I think, although when it detected spam "This is a test" it didn't bring up the captcha - just said it was registered as spam and wouldn't be sent.

The response I'm getting in logs from password form for example is:

Array
(
    [name] => adam@xxxxxx
    [op] => E-mail new password
    [submit] => E-mail new password
    [form_build_id] => form-7dc7c34b2610ad0916c7697b33c20da7
    [form_id] => user_pass
    [mollom] => Array
        (
            [session_id] => 1282005484-100817d6bd871a512d
            [captcha] => wrwzb
        )

    [account] => stdClass Object
        (
            [uid] => 6434
            [name] => adshill
            [pass] => 995f87aa4534dd2a86XXXXXXXXXXX
            [mail] => adam@xxxx
            [mode] => 0
            [sort] => 0
            [threshold] => 0
            [theme] => 
            [signature] => 
            [created] => 1282003556
            [access] => 1282003620
            [login] => 1282003620
            [status] => 1
            [timezone] => 
            [language] => 
            [picture] => 
            [init] => adam@xxxxx
            [data] => a:2:{s:13:"form_build_id";s:37:"form-2acba6161efe8d870284f963aa7a5eae";s:7:"contact";i:1;}
            [timezone_name] => 
            [signature_format] => 0
            [form_build_id] => form-2acba6161efe8d870284f963aa7a5eae
            [contact] => 1
            [roles] => Array
                (
                    [2] => authenticated user
                )

            [userreference] => Array
                (
                )

        )

)

Using the latest code for Mollom, Drupal 6.17 (haven't updated yet!) but also numerous other modules. The new modules I have added since this started happening are simply the singlesignon modules but I did move my user/session/roles database tables to a new database. I've checked that I have a user with uid ="0" and its there so I don't think thats it.

For info: Public Key: a361de6d627f5f002862169d7e867ee9

Will look a bit more but its almost 4am so need to sleep soon! Thanks,

Adam

UPDATE: Cleared all cache, cleared sessions, checked user table for duplicates. Checked the settings on my client site as well as controller and the same thing happened. Checked another multi-site that is using an older version of Mollom and everything is good there so I have to assume its something from the latest updates. Have to sleep now but will look some more tomorrow. From what others are saying this must have something to do with users and sessions but then we probably already worked that much out...

It looks like this site is now getting between 2-5 registration, most likely bogus, every hour. The down side is I will have to abandon Mollom for now until we can work this out. The good side is I'm really reminded of how life before mollom was and it isn't pretty! I don't have the resources to look at this now so I will try again hopefully later in the week, or when I get to Copenhagen.

I'm going to close this issue as not reproducible, since it already contains many different support requests in one, of which some seem to be resolved, but some others may not. It's not really possible to figure out, whom of you still experiences a problem and in which environment that problem appears -- if there are any issues left at all. If your issue is not resolved yet, then please create a new support request in this queue and post the following info along with your problem report:

- Your public Mollom key.

- The Mollom module version you have installed. (Make sure that you have the latest stable release before creating any issue.)

- The details of the log message belonging to a form submission attempt that incorrectly blocked a correctly solved CAPTCHA.

Note, however, that we've fixed substantial networking issues for one of the Mollom backend servers just recently, which may have been the cause for the reported problems here. Make sure that your issue actually still exists.

Sorry for the additional issue creation work this may cause for you, but I hope you can understand that we need clearly described and cleanly separated problem reports to solve them individually.

I had this problem with my user registration form. It was working initially, and then after I set up some extra user fields via the profile and mailchimp modules (thus changing the user registration form somewhat), I started getting this error and no-one could get past the CAPTCHA.

While trying to track down the problem, I visited the Mollum form configuration for that form (/admin/settings/mollom/manage/user_register). I resubmitted that form (without changing anything) so that the configuration was updated, and everything seemed to start working again (once the user registration form had been reloaded).

However, at the same time, I also switched to a test web proxy and then back to the usual one, and so cannot be 100% sure that the above is what made things work again. I thought I'd mention it here just in case it helps.

I've been trying to fix this problem all night and finally found a fix for my specific situation.

The problem for me was being caused by cacherouter code that was remaining in settings.php from after I had uninstalled it earlier.

Also of note that I disabled then uninstalled and re-installed mollom, and reconfigured it, which may have helped as well.

I play games on the PCH site all of the time until recently. The Captcha comes up and say's to quickly type text below and return to game. Well, I would love to type the text but there isn't any text to type. I'm unable to get past the Captcha without any text to type so I'm unable to play anymore games. Really ticks me off. Is there something I can do because I really want to play my games?