Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:

TOPIC: Can I use the captcha???

Can I use the captcha??? 4 years 5 months ago #74585

I'm trying to use the captcha of the Limesurvey, but I'm having some problems. If I configure it to use before the questions, the first time the captcha seems ok, but if I answer the captcha, enter in the questions and abort, the next time that I try to enter in the questions, the captcha doesn't are showed any more.

Other thing... If I configure the captcha on the save, when I enter in the questions, the captcha is not showed.

Is the captcha with problems?
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74593

  • Mazi
  • Mazi's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5974
  • Thank you received: 366
  • Karma: 260
1. Which Limesurvey version do you use?

2. When entering the survey the next time after having aborted previously, try a different browser. There might be a cookie which stores that the captcha was already answered correctly (maybe same for the save feature).

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74598

1. the version is 1.91+ Build 12416

2. But this is the problem. Independent of if the captcha was already answered correctly once, on the next time the captcha need to be answered again, in the same browser or not, because it is the security of bot's attack.

3. And there is still the problem that the captcha on the save moment doesn't appear.

thanks
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74600

  • Mazi
  • Mazi's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5974
  • Thank you received: 366
  • Karma: 260
See, if a user (a bot should not be able to do this) has answered the capcha correctly, a cookie might be placed on the users PC. Once this user (and no bot without a cookie) return, the software reconizes "this user has already filled out the captcha correctly, this is no bot" and skips the captcha. I'm not 1005 sure about the internal Limesurvey behavior, but this design wouldn't cause problems with bots (which I never read about during the last 5 years of forum support).

Did you try using a different browser?

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74614

I tried to use in IE and Firefox.

Ok I understood.

But if a person answer the captcha/survey and after that play the bot, how the cookie is alread in the PC, he will get to make the attack.
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74621

  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5063
  • Thank you received: 749
  • Karma: 227
Only if the bot works via the browser, because the cookie should be browser specific.
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #74626

Sure... That's the problem.

Is there any preview about use the captcha without the cookie generation?
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #75320

Is there any preview about use the captcha without the cookie generation?

I'm asking it because if any person answer the captcha and the survey and after this, use a bot with the same browser, he will get to make a attack because the captcha won't be showed again.
The administrator has disabled public write access.

Can I use the captcha??? 4 years 5 months ago #75485

  • Mazi
  • Mazi's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5974
  • Thank you received: 366
  • Karma: 260
How can a bot use the same browser? That would mean that there is a kind of virus on the according PC which starts the users browser and so on.
I don't think that is something you should really worry about.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Can I use the captcha??? 4 years 4 months ago #77387

How not?

If a person enter in a survey, answer the captcha and all the questions, and after start a bot that use the back of the browser, or insert the address of the survey in the same browser, the captcha won't be showed and the bot will be able to answer the survey how many times that it wants.

I'm insisting because it happened with us. We had a survey that was answered 7.777 times in a interval of 10 minutes, with the same answers. And before that, this survey had recieved only 12 answers in 1 year. And when we test this case, we got to make a bot that could do it.

I don't now if I could explain clearly, but I'm sure that it's a case that we need to worry about.

Because all of that, I'll ask again... Is there any preview about use the captcha without the cookie generation?

And now we found another two problems...

1) Sometimes, making tests, we answered the captcha correctly and the limesurvey returned an error informing that the answer was wrong. And asking another captcha... after insist for 3 or 4 times, the limesurvey returned the ok.

2) When I use the option "Use CAPTCHA:
/
/save and load". The lime survey doesn't show any captcha. It's only showed in "Use CAPTCHA: Access on survey/
/
"

But now the biggest problem is the captcha without the cookie generation to prevent the bot attack.

Please help us.
The administrator has disabled public write access.

Can I use the captcha??? 4 years 3 months ago #78293

Anybody knows when The LimeSurvey will fix this problem?
The administrator has disabled public write access.

Can I use the captcha??? 4 years 3 months ago #78295

  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5063
  • Thank you received: 749
  • Karma: 227
Maybe the developers don't see it as a problem or priorities are different. Ressources are always short and there are loads of things to do in Limesurvey, that I for example would consider far more important than the captcha feature, but this is about different priorities.

All delevopers work on LS in their spare time, no one gets paid for doing it. If this is not on the priority list and you need this feature/fix (or whatever it is) urgently, then I guess there are 2-3 options:
- You fix it and provide the code back to LS to include it in future releases
- You find someone to fix it and provide the code back to LS
- You sponsor this feature/fix, whatever it is.
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.

Can I use the captcha??? 4 years 3 months ago #78298

  • c_schmitz
  • c_schmitz's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 999
  • Thank you received: 135
  • Karma: 97
If you find a bug reporting it in our bug tracker is a good first step.
Best regards

Carsten Schmitz
LimeSurvey project leader
The administrator has disabled public write access.

Can I use the captcha??? 4 years 3 months ago #78300

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1798
  • Thank you received: 440
  • Karma: 110
Is there any preview about use the captcha without the cookie generation?
I've have several online surveys protected by captcha (before starting the survey) using LS 190:
What I can say:
Respondants have to answer the captcha another time if they want to take the survey again, so I have never note any cookie effect.
In the other hand, even if the majority of those surveys are indexed by search engines I've never had any bot attack (for the moment :) )

Ben/
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.269 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form