Captcha vulnerability

Guys, if you’re running the Drupal Captcha module I wrote, can you please download the new versions? There’s a small security thingy that I just fixed. Thanks.

| |

Captcha module for Drupal


Enables a CAPTCHA for the comments and user registration forms in Drupal. Users are asked to type in the word shown in the image shown, and are allowed if the code entered is correct.

Project Homepage:


GNU General Public License

captchas and racism

From #drupal:
arnab: and the fact that captchas are, well, stupid
chx: yes, visual captchas are stupid
chx: I think the textual ones are better
chx: if you REALLY want some captcha then something textual
UnConeD: Welcome to my site! To register, please answer the following captcha!
UnConeD: What is the 312455th digit of Pi, in base 42?
chx: UnConeD: LOL
arnab: heh
arnab: exactly my point.
chx: rather “what is the eleventh letter in this sentence?”
UnConeD: well
UnConeD: that sort of stuff is easily cracked with regexps
UnConeD: some guy once made a math expression captcha in text form
UnConeD: in a patch to the module
chx: yes yes
UnConeD: i followed up the issue with a PHP script to break his code ;)
chx: I liked that one
chx: Well I think I can rather easily make a textual captcha you won’t be able to script
arnab: chx: make one, I’ll crack it :D
UnConeD: you are no match for my dangerous RegExping skills
***UnConeD casts Capturing Parentheses (opponent’s movement reduced by 50%)
chx: UnConeD: beware, I’ll grep the CIA World Facts book and ask questions based on that and you can eat your regexps.
UnConeD: err
UnConeD: but grep is itself regexp based :P
chx: I mean, I’ll compile a huge list of facts based on World Facts wikipedia whatever
arnab: chx: I have an indexed, parsed dump of Wikipedia on my HDD, will break your CIA thingy in 2 minutes with it
chx: and questions like “Is Ghana in Africa?”
UnConeD: i’ll hire an indian fellow with an encyclopedia
arnab: UnConeD: I AM an Indian fellow with an encyclopedia
arnab: rofl
UnConeD: ;)