Home General support

"c.php" file weakness exploited by spammers

esaracco Member
in General support
Hi,

I found that spammers heavily used "c.php" file to exploit Zenphoto captcha before posting malicious comments. Are you aware of this? I can provide details if not. I have fixed it on my Zenphoto. Bad and quick but it seems to be a efficient fix.

Let me know!

Comments

  • acrylian Administrator, Developer
    c.php is the captcha generator. Could you be more specific about what kind of exploitation, do they try or actually do something? Best you send a mail via the contact form on our site with the details.
  • flo Member
    hi esaracco/acrylian

    was there more to this?

    your report may be unrelated, but it sounds as if it could have something in common with the issue as per my report today (see separate thread id=17564)

    thanks
  • acrylian Administrator, Developer
    We did not get any reports regarding this and would need more information. c.php of course gets used if the captcha is generated. So if soemone tries a lot of times it gets used a lot of time.
  • binoyte Member
    I have just being spammed. And this time I had a look into my apache log. This is what I found :
    `
    $ grep '" 200 [0-9]' access.log | grep 195.190.13.102
    195.190.13.102 - - [27/Nov/2012:10:15:33 -0500] "GET /news/asp-reorganiser-le-volet-de-developpement HTTP/1.0" 200 27718 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
    195.190.13.102 - - [27/Nov/2012:10:15:39 -0500] "GET /zp-core/c.php?i=e2b7467923 HTTP/1.0" 200 4265 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
    195.190.13.102 - - [27/Nov/2012:10:15:40 -0500] "POST /news/asp-reorganiser-le-volet-de-developpement HTTP/1.0" 200 32207 "http://www.benoitvarret.fr/news/asp-reorganiser-le-volet-de-developpement" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
    `
    Indeed, spammer access to c.php. They probably have a kind of orc software, and then they spam.

    I hope it will help.
  • sbillard Member
    Sorry, but what exactly do you think is a security issue? Of course anyone has access to this file. It is, after all, the code that produces the captcha image. Any time a page is displayed with a captcha this script will be accessed.

    But since it is NOT a gateway to anything, I do why you believe that it lets anyone spam. To post spam they will have to guess the characters presented by the references to c.php that YOUR scripts are making, not ones that they somehow decide to make.

    Perhaps by brute force they can figure out the encoding. But I suspect that takes more sophisticated software than is really available. For instance, the software would have to OCR the text from the captcha image just to see what the result of the fetch was.

    Of course if you are concerned with this, set your captcha font to random and you will make their life even more impossible.

    But really now. We have said time and again that captcha does not prevent SPAM. All captcha can do is make it harder for bots to post to your site. Any human can easily get past a captcha barier and SPAM your site to no end. If you want to protect against SPAM use a SPAM filter.
Sign In or Register to comment.