CAPTCHA is only send captchavalid as true or false to the server. so the user hack it very easily. I don't think it's possible. Have a look at \Presentation\Nop.Web.Framework\UI\Captcha\CaptchaValidatorAttribute.cs file. It makes all required validation to reCAPTCHA site to validate entered picture value
see these articles. hackers are more clever to cheat CAPTCHA.
if you watch few attempts of CAPTCHA request using fiddler, the same CAPTCHA image path is repeat again. so its easy to hack. even in CaptchaValidatorAttribute.cs var captchaChallengeValue = filterContext.HttpContext.Request.Form[CHALLENGE_FIELD_KEY]; var captchaResponseValue = filterContext.HttpContext.Request.Form[RESPONSE_FIELD_KEY];
both keys are taken from the request form. they can modified at the client side easily.
Capcha is active. Is active for customer registration, for forum, for news, for blog, not for login.
I tried to write a procedure that blocks the compilation if a user enters the number 123456 in the field of phone number and google in field company but without success. It is used a bot that bypasses all control procedures including captcha.
they are not using your registration form to register a user in your webstore. so this kind of client side stuff wont work.
their form contains..
1) necessary post action validation scripts. 2) minimum required registration parameters. 3) necessary fields and value that make the captchvalid attribute to true. 4) and generated ipaddress in the request header. 5) and extra stuff needed.
I'm glad you responded. I am disabled and I'm sick. For the most part I do not know C and even C # I only know a little java. Apart from that everything is the day that does not happen so I hope the problem does not start again. In case it is not that you can do me the change of nopCommerce 2.5? I can not even do the upgrade, I always get too many error.
I'm glad you responded. I am disabled and I'm sick. For the most part I do not know C and even C # I only know a little java. Apart from that everything is the day that does not happen so I hope the problem does not start again. In case it is not that you can do me the change of nopCommerce 2.5? I can not even do the upgrade, I always get too many error.
my code is common for mvc framework. so it wont make much difference in other versions. you need to find out the right place thats it.
i think the hacker's intension is to write some post in our blog and forum. they wrote 2 post in my website's forum. http://www.elaamart.com
I'm going to test it out and report back. BTW, it may be different versions of Visual Studio, but I slightly changed the code to: string[] keys = Session["mydefender"].ToString().Split(new char[] { ':' });
I'm rolling back to the way it was without your code for now. The registration process was bombing out for whatever reason. I'm going to give the reCaptcha a shot for a week or so an see how that goes first.
Anyone know why someone would want to register and stay on especially when they can't do anything? Are they using it to correspond with other people?