Thread

Hi,

Here is a message I just sent to enginehosting support, but I post it here too in case this is just EE related and someone has an idea:

Here is a strange issue: today a visitor told me he couldn’t register on my expression engine web site (registration is needed for purchasing my products). The message is that the captcha typed is not correct. I tried myself to create a test account and it worked. So I just told him to try again, reset cookies, try from another computer, etc…
But this evening, another different visitor experiences the same problem and my first visitor told me he tried at home and at work without success (+one colleague of him also tried). Statistically this is quite strange. I can still create a test account myself.

I have not touched my EE installation for some time, so this is not an EE upgrade issue or a configuration change issue, and prior to today my visitors were successfully passing the captcha when registering. What can happen ? Did you change something on the server ?

(update: EngineHosting answered that they changed nothing on the server)

Thank you

Nicolas

If I had to guess, they may be getting served up a cached image- possibly ISP dependent.  What version/build are you running?  I’d make sure to upgrade to the latest to eliminate any issues on EE’s end.  Then- if you pass me a link, I’ll try registering- see if I can get it to fail. 

If I can’t- I’ll guess cache and do some digging.  I swear I’ve seen this once before and that’s what it was.  But I can’t recall the fix.

I’m running 1.6.1
Address sent by PM.
Thank you

Nicolas

Dang- ok, I get through fine.  I even tried not doing the image first so I’d get rejected and have to go back.  Added the captcha then- and it still went through fine.

I’m suspecting isp issues.  Let me search around, see if I can spot a similar thread.

OK- I was hallucinating the cache issue- think it’s an ip issue.  Can you track down whether the failurs are using AOL?  That’s what was up in this thread.  If that’s the case?  I’d try just turning the captcha requirement off.  And if the spam really is bad?  You could consider hacking out the IP check.

Read over the thread- that sound like the issue?  And are you square with the potential options?

Thanks for the informations. I will check with AOL.

One customer answered with:

“No, I’m not on AOL. My coworker has emailed too and we found it seems to be a
ISP issue, we used an proxy to access and it’s fine now.”

So, it’s solved.

Nicolas

FYI, I get AOL visitors that cannot use the captchas on my EE installation every couple days, and it has been so for years. So, Robin, if there is a solution it would help me greatly! I do suppose much of it is with AOL cache, etc. but I still hate having to write these users off…since many of them obviously give up when they cannot register.

Is there directions for turning off the IP check on registration (what was talked about in that other thread?) - we only have 20 or so registrations each day, so I don’t have a problem turning it off.

You can try turning off Secure Forms in the Security and Session Preferences. =)

Thanks! Will do.

OH, that was already off…...next case!

Hm- I’d lean toward turning them off rather than hacking.  But based on the other thread- the hack would be around line 432

/** ----------------------------------------
        /**  Do we require captcha?
        /** ----------------------------------------*/
        
        if ($PREFS->ini('use_membership_captcha') == 'y')
        {            
            $query = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200");
        
            if ($query->row['count'] == 0)
            {
                return $OUT->show_user_error('submission', array($LANG->line('captcha_incorrect')));
            }
        
            $DB->query("DELETE FROM exp_captcha WHERE (word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");
        }

The AOL folks are failing when their IP rotates- so the query comes back with nada- triggering the fail.

Good idea to turn it off - because if I mod, then any upgrades might have to be mod also…can get complicated.

On the same subject, would it help such users to navigate away from the site, come back and reload the page….or anything like that?

It might- but if it’s the AOL IP thing?  It’s just going to be kind of random.  If IP switches before submitting- then it will fail.

I love AOL.  Really.