homepage Welcome to WebmasterWorld Guest from 54.161.236.92
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Formmail w. captcha images not loading
can't find the problem
Lorel




msg:3862777
 6:46 pm on Mar 4, 2009 (gmt 0)

I installed FormMail with Captcha and made sure the paths are correct for formmail.pl and catcha.cgi but (they are in the cgi-bin and not in a formmail folder), however it's not calling up the images (images are in an images file in cgi-bin which is noted in the catcha.cgi). Formmail works without this catcha script addition so I know the form is working.

Can anyone see anything wrong with this script?

The host doesn't provide this script so no support available there but I have this script working on another host for same client (diff domain of course).

<form method='post' action='http://www.example.com/cgi-bin/FormMail.pl'>
<input type=hidden name="required" value="Name, PhoneNumber, Email, Services, verifytext">
<input type="hidden" name="recipient" value="info@example.net">
<input type="hidden" name="redirect" value="http://www.example.com/thanks.html">
<input type="hidden" name="subject" value="From the Contact Form">
<table width="80%" cellpadding="5" cellspacing="0" border="0">
<tr><td align="right" width="150" nowrap><strong>Name:</strong>
</td><td>
<input name="Name" type="text" size="40"> <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr> <td align="right" nowrap><strong>Business Name:</strong>
</td><td>
<input name="BusinessName" type="text" size="40">
</td></tr><tr> <td align="right" nowrap><strong>Address:</strong>
</td><td>
<input name="Address" type="text" size="40">
</td></tr><tr> <td width="150" align="right" nowrap><strong>Phone Number:</strong>
</td><td>
<input type="text" name="PhoneNumber" > <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr> <td width="150" align="right" nowrap><strong>Email:</strong>
</td><td>
<input type="text" name="Email"> <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr><td width="150" align="right" valign="top" nowrap><strong>Services interested in:</strong></td>
<td>
<textarea name="Services" cols="40" rows="4"></textarea><span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td><tr><tr><td>Verification Code:<br>
<img src='/cgi-bin/captcha.cgi'>
</td><td><input type='text' name='verifytext'>
</td></tr><tr><td colspan='2' align='center'>
<input type='submit' value='Submit'>
</td></tr></table>
</form>
<br><br>

 

krugs




msg:3862961
 9:52 pm on Mar 4, 2009 (gmt 0)

don't know if this is the problem but you have an HTML error just before the captcha image is called:

</td><tr><tr><td>Verification Code:<br>
<img src='/cgi-bin/captcha.cgi'>

see the two <tr> tags? The first one should be a closing tag: </tr>

Lorel




msg:3863549
 3:53 pm on Mar 5, 2009 (gmt 0)

I fixed the </tr> and it still doesn't work.

Any suggestions?

rocknbil




msg:3863621
 5:14 pm on Mar 5, 2009 (gmt 0)

Try this.

1. Open an SSH window to your domain. Know where your error logs are.

2. From a browser, enter example.com/cgi-bin/captcha.cgi

3. Immediately issue this command (with correct path) in the SSH window.

tail /var/www/example.com/statistics/wherever/error/log/is/error_log

The problem obviously lies in the captcha script, maybe it's just that you shouldn't have your images in cgi-bin . . . the error log should help.

You probably don't want to hear this, but you would be better off putting your energy into fixing the mailer script to stop spam as captchas are pretty easily beaten . . .

Lorel




msg:3864277
 2:53 pm on Mar 6, 2009 (gmt 0)

I have no idea what an SSH window is. I"m on a Mac. Is there a tool on DNSstuff that will do this?

rocknbil




msg:3864373
 4:44 pm on Mar 6, 2009 (gmt 0)

SSH is a command line connection to your server. Do you have access to error logs on your server, maybe in the domain control panel? If you do, get on to the error log view (in one tab, if it's browser-based) and emulate the above. Call the captcha script and refresh the error log page, look at the last few lines.

krugs




msg:3864511
 7:05 pm on Mar 6, 2009 (gmt 0)

You probably don't want to hear this, but you would be better off putting your energy into fixing the mailer script to stop spam as captchas are pretty easily beaten . . .

How are they "easily" beaten? I know they can be beaten, but easily is not the way I would describe it. Is there something new out there that can easily and accurately convert a captcha to text?

rocknbil




msg:3864829
 3:21 am on Mar 7, 2009 (gmt 0)

I can't tell you "how", because then I'd have to kill you. :-) Seriously, I can't tell you because I don't know how they do it. I really don't care how they do it.

When I say "pretty easily" I mean it appears to be pretty easy for those that know how. I've never gone down that road of research, but I've seen the effect - looked like they got past it "pretty easily" to me . . .

I've run a few vBulletin boards for a few years now. Captchas on, on all of them (and in retrospect, I might as well turn them off . . . ) As soon as one goes live, it's like these guys are just looking for new vBulletin installs to hack - and they get right by the captcha. You might think it's a manual input, but the data they submit is consistent with a lot of spam attacks on forms. You know the type - varying IP addresses, real words pulled from a dictionary but when strung together make very little sense, a regular pattern of attempts as if it's a 'bot process.

They hit them hard for a few weeks, but the other tools in place make them lose interest and they give up. Specifically, a simple trivia challenge that I change every couple weeks seems to be the most discouraging.

krugs




msg:3864889
 5:55 am on Mar 7, 2009 (gmt 0)

Its hard to imagine someone wanting to crack the captchas of an unimportant website, but for sites like google, it is a problem.

Its not easy to crack captchas although it is possible. A captcha cracking program that gets it right 50% is very good. But pattern recognition (as in OCR) is not always the first point of entry to captcha cracking.

I also suspect that the vBulletin attacks are probably not captcha cracking, but exploitation of vulnerabilities in the vBulletin software.

Anyway, getting off topic and maybe not fair to the OP to take the thread off on a tangent.

krugs




msg:3864893
 6:03 am on Mar 7, 2009 (gmt 0)

btw....

the vBulletin forum has a number of reports of the captcha images being cracked. Seems versions earlier than 3.5 need upgrading to reduce the problem.

rocknbil




msg:3865125
 4:41 pm on Mar 7, 2009 (gmt 0)

Nah, the upgrades didn't change anything. What did stop them was the trivia question on registration.

My initial comment compels Lorel to address the root issue rather than try to road-block it at the front end. I suggest this for two reasons:

- Your users will hate you for a captcha. They seem to despise them, and this is another barrier for them.

- If you are getting problems with spam, there are a myriad of ways to stop them server-side. There are many threads here on this very topic.

Other than the vBulletin example, in which I use captcha only because it's built in and because it's not my software (and I don't want to tweak it because my tweaks get overwritten with every "update"), I've never had to use a captchka (fingers crossed.) I've managed to stop all spam attempts on all my client sites, and boy they do try (I log all input.) No user action required, and it's not all that difficult using stringent input filtering.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved