Closed Bug 623892 Opened 14 years ago Closed 1 year ago

Create an account - Humanity test doesn't help to stop spam bots

Categories

(quality.mozilla.org :: Website, enhancement)

Product:
quality.mozilla.org
Component:
Website
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: Santhosh.Tuppad, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101123 SeaMonkey/2.0.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101123 SeaMonkey/2.0.11 I see that there is a Humanity Test which is used to confirm whether the registrant is a human or a bot. But, as I see it appears to me that there is only question which is, >> What color is an orange? << Now, if this is the only one question then I can write a bot which would feed in "orange" as a string always and register and then spam. Reproducible: Always Steps to Reproduce: Heuristics: Security Oracle: Vulnerable to spam bots 1.Visit http://quality.mozilla.org/register 2.Scroll down to "Humanity Test" 3.Observe the question [ Keep refreshing the page and the question is static ( I found it static when I refreshed multiple times which is not more than 10 times ) ]. Actual Results: The question is static which is vulnerable to spam bots. Expected Results: Humanity Test should be good enough, let's say - - A Captcha which refreshes on every wrong captcha - Set of questions from 1000's of questions [ Probably, which can pick from the database every time ] As it's wordpress there are plug-ins which could be used to make this hard for the spam bots to register.
Thanks, Santhosh. Confirming this RFE.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: x86 → All

Page is no longer active

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.