Thread

Hi all,

We’ve just experienced a major problem with the EE Captcha.

We released a sign-up form to the public (SolSpace Freeform) and experienced extremely high demand, which then meant that users all received an error alerting them that the captcha image text they had submitted was incorrect (when in actual fact this wasn’t true).

The captcha worked fine in all prior tests, but with high demand it fell over.

Is there a limit on the number of requests per second the captcha can operate correctly under?

I’m not entirely sure how it works, so if someone could explain then great.

(running 1.6.8)

What error message are you getting? Where? Do you’ve got a link? What, exactly, is “high demand” in this context?

The error message received told them the word they entered was wrong - it did not match the word shown in the image. This was incorrect.

High demand would be about 1-2 requests per second.

It’s the first time I’ve seen something like this, but it simply might be the server not holding up to traffic. What kind of hardware are we talking about here? Are there any other errors in the servers’ logs (Apachy, MySQL)?

I’ve not checked the server error logs, but the captcha was working fine before it was made public.
It’s a brand new dedicated server and this was actually a bit of a test for it - the index page currently says its had 12205 hits since 12:10 today.

When it was made public and started being hit, then it started returning the errors about the text entered not matching the image. Everything else about the site was operating fine.

I was hoping someone could explain how the captcha worked step by step and if there could potentially be room for errors when being hit more frequently.

Tony, I’ll ask the devs and see what I can find out. Thanks in advance for your patience.

ETA: Is any caching in play? What are your settings for secure forms, any extensions?

Thanks,

All the pages are cached at 20 minutes, I’m not using https, its a clean install running only a few add-ons etc - better meta, htaccess editor (index.php removal), tk page title and thats about it.
“Process form data in Secure Mode?” is set to yes - the default option - like nearly all other settings, its the default option.

Like I say, this problem only occured when large numbers of people started using it - the captcha was fine before that.

hum.  I’d probably start by paring things down a bit more.  With you add ons, you can probably lose the htaccess generator, and do your own.  Let’s also experiment with setting Secure Forms to “No”

As for caching, you are using template caching, right?

-greg

The htaccess generator is installed, but it’s not actually being used and I used my own based on the wiki advice. I’m not sure how that would affect this issue anyways.
I’m using template caching, yes.

I can’t exactly “experiment” with potentially breaking the site for any period of time. I would certainly hope that EE’s default form setting wouldn’t be an issue for concern. 

If someone is able to explain how the captcha works and whether or not it can handle high demand, then great.

Turning secure forms to “off” won’t necessarily break the site.  I would recommend turning it off for a bit to see if we notice any difference. 

Also, have you seen the information on high traffic sites?  Blog Entry and 2 different docs pages

-greg