Can I use the captcha???

More
5 years 1 month ago #74585 by fabriciosoares
I'm trying to use the captcha of the Limesurvey, but I'm having some problems. If I configure it to use before the questions, the first time the captcha seems ok, but if I answer the captcha, enter in the questions and abort, the next time that I try to enter in the questions, the captcha doesn't are showed any more.

Other thing... If I configure the captcha on the save, when I enter in the questions, the captcha is not showed.

Is the captcha with problems?

Please Log in to join the conversation.

More
5 years 1 month ago #74593 by Mazi
1. Which Limesurvey version do you use?

2. When entering the survey the next time after having aborted previously, try a different browser. There might be a cookie which stores that the captcha was already answered correctly (maybe same for the save feature).


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
5 years 1 month ago #74598 by fabriciosoares
1. the version is 1.91+ Build 12416

2. But this is the problem. Independent of if the captcha was already answered correctly once, on the next time the captcha need to be answered again, in the same browser or not, because it is the security of bot's attack.

3. And there is still the problem that the captcha on the save moment doesn't appear.

thanks

Please Log in to join the conversation.

More
5 years 1 month ago #74600 by Mazi
See, if a user (a bot should not be able to do this) has answered the capcha correctly, a cookie might be placed on the users PC. Once this user (and no bot without a cookie) return, the software reconizes "this user has already filled out the captcha correctly, this is no bot" and skips the captcha. I'm not 1005 sure about the internal Limesurvey behavior, but this design wouldn't cause problems with bots (which I never read about during the last 5 years of forum support).

Did you try using a different browser?


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
5 years 1 month ago #74614 by fabriciosoares
I tried to use in IE and Firefox.

Ok I understood.

But if a person answer the captcha/survey and after that play the bot, how the cookie is alread in the PC, he will get to make the attack.

Please Log in to join the conversation.

More
5 years 1 month ago #74621 by holch
Only if the bot works via the browser, because the cookie should be browser specific.

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in to join the conversation.

More
5 years 1 month ago #74626 by fabriciosoares
Sure... That's the problem.

Is there any preview about use the captcha without the cookie generation?

Please Log in to join the conversation.

More
5 years 1 month ago #75320 by fabriciosoares
Is there any preview about use the captcha without the cookie generation?

I'm asking it because if any person answer the captcha and the survey and after this, use a bot with the same browser, he will get to make a attack because the captcha won't be showed again.

Please Log in to join the conversation.

More
5 years 1 month ago #75485 by Mazi
How can a bot use the same browser? That would mean that there is a kind of virus on the according PC which starts the users browser and so on.
I don't think that is something you should really worry about.


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
5 years 3 days ago #77387 by fabriciosoares
How not?

If a person enter in a survey, answer the captcha and all the questions, and after start a bot that use the back of the browser, or insert the address of the survey in the same browser, the captcha won't be showed and the bot will be able to answer the survey how many times that it wants.

I'm insisting because it happened with us. We had a survey that was answered 7.777 times in a interval of 10 minutes, with the same answers. And before that, this survey had recieved only 12 answers in 1 year. And when we test this case, we got to make a bot that could do it.

I don't now if I could explain clearly, but I'm sure that it's a case that we need to worry about.

Because all of that, I'll ask again... Is there any preview about use the captcha without the cookie generation?

And now we found another two problems...

1) Sometimes, making tests, we answered the captcha correctly and the limesurvey returned an error informing that the answer was wrong. And asking another captcha... after insist for 3 or 4 times, the limesurvey returned the ok.

2) When I use the option "Use CAPTCHA:
/
/save and load". The lime survey doesn't show any captcha. It's only showed in "Use CAPTCHA: Access on survey/
/
"

But now the biggest problem is the captcha without the cookie generation to prevent the bot attack.

Please help us.

Please Log in to join the conversation.

More
4 years 11 months ago #78293 by fabriciosoares
Anybody knows when The LimeSurvey will fix this problem?

Please Log in to join the conversation.

More
4 years 11 months ago #78295 by holch
Maybe the developers don't see it as a problem or priorities are different. Ressources are always short and there are loads of things to do in Limesurvey, that I for example would consider far more important than the captcha feature, but this is about different priorities.

All delevopers work on LS in their spare time, no one gets paid for doing it. If this is not on the priority list and you need this feature/fix (or whatever it is) urgently, then I guess there are 2-3 options:
- You fix it and provide the code back to LS to include it in future releases
- You find someone to fix it and provide the code back to LS
- You sponsor this feature/fix, whatever it is.

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in to join the conversation.

More
4 years 11 months ago #78298 by c_schmitz
If you find a bug reporting it in our bug tracker is a good first step.

Best regards

Carsten Schmitz
LimeSurvey project leader

Please Log in to join the conversation.

More
4 years 11 months ago #78300 by Ben_V

Is there any preview about use the captcha without the cookie generation?

I've have several online surveys protected by captcha (before starting the survey) using LS 190:
What I can say:
Respondants have to answer the captcha another time if they want to take the survey again, so I have never note any cookie effect.
In the other hand, even if the majority of those surveys are indexed by search engines I've never had any bot attack (for the moment :) )

Ben/

Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
Last Releases => 2.6x.x goo.gl/ztWfIV | 2.06/2.6.x => bit.ly/1Qv44A1
Demo Surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)

Please Log in to join the conversation.