TOPIC: [SOLVED] Security Problem - CAPTCHA

I'm not sure the DTH Admins read threads already marked "Solved", so I'm hoping a new thread will bring this issue to attention, as the previous thread nor my trouble ticket submitted nearly two weeks ago (TECH-7QPUAGH2Y0) have received a response. Previous related "Solved" thread can be found here

As noted in that thread, the CAPTCHA for DT Donate (I am on the newest version) is easily bypassed, as it is only checked client-side on the donation submission form. Scammers tend to use scripts which post data directly to the submission page, thereby bypassing the CAPTCHA entirely as it is not verified after form submission.

We've had to shut down our donation module, as scammers were attempting to use it to validate credit card numbers. Blacklisting IP addresses does not work, as they just jump to a new proxy. I'm receiving pressure from my boss to either acquire a solution for DT Donate, or find a new product. A reply to this issue sooner rather then later would be appreciated.

I got attacked again last night. I am attaching the server log and authorize.net declines. I agree it is not solved but they may have figured out the CAPTCHA.

011-08-04 02:46:37 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /index2.php option=com_dtdonate&task=security_check&no_html=1&security_code=ydtdr 200 0 269 832 5313 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.1.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&task=authorizenetonce&Itemid=153]https://.org/index.php?option=com_dtdon ... Itemid=153[/url]
2011-08-04 02:46:48 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 20538 1364 8562 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.1.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&task=authorizenetonce&Itemid=153]https://.org/index.php?option=com_dtdon ... Itemid=153[/url]
2011-08-04 02:47:29 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 46508 1339 6828 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.2.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:47:31 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /components/com_dtdonate/captcha.php width=100&height=40&characters=5 200 0 3419 794 5188 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.3.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]

2011-08-04 02:48:48 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /index2.php option=com_dtdonate&task=security_check&no_html=1&security_code=64969 200 0 269 810 5313 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.3.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:48:57 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 20537 1333 8078 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.3.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]

2011-08-04 02:49:35 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 46507 1338 6640 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.4.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:49:36 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /components/com_dtdonate/captcha.php width=100&height=40&characters=5 200 0 3452 794 5188 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.5.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:49:53 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /index2.php option=com_dtdonate&task=security_check&no_html=1&security_code=pc5xh 200 0 269 810 5297 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.5.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:50:02 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 20536 1332 7953 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.5.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]

2011-08-04 02:52:07 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 46506 1337 6656 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.6.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:52:08 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /components/com_dtdonate/captcha.php width=100&height=40&characters=5 200 0 3427 794 5188 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.7.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]

2011-08-04 02:53:13 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /index2.php option=com_dtdonate&task=security_check&no_html=1&security_code=w8f4s 200 0 269 810 5297 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.7.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:53:22 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 20537 1336 8485 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.7.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://rg/index.php?option=com_dtdonate&Itemid=153]https://rg/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:53:31 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 46507 1338 6687 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.8.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:53:32 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /components/com_dtdonate/captcha.php width=100&height=40&characters=5 200 0 3411 794 5187 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.9.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:53:49 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /index2.php option=com_dtdonate&task=security_check&no_html=1&security_code=s6n52 200 0 269 810 5297 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.9.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:53:58 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 20536 1332 8078 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.9.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:54:04 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 POST /index.php option=com_dtdonate&Itemid=153 200 0 46506 1338 6703 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.10.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df [url=https://.org/index.php?option=com_dtdonate&Itemid=153]https://.org/index.php?option=com_dtdonate&Itemid=153[/url]
2011-08-04 02:54:05 125.234.21.254 - W3SVC817 WIN4NEW 66.96.82.4 443 GET /components/com_dtdonate/captcha.php width=100&height=40&characters=5 200 0 3408 795 5188 HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 dd9ce9fe412952b2ad81f93bf4d7b2e1=16fa9e22fd5d3808241d2d9cce963e91; __utma=177047738.1190216166.1312439251.1312439251.1312439251.1; __utmb=177047738.11.10.1312439251; __utmc=177047738; __utmz=177047738.1312439251.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=de783db2d673603777d5fd8daa2496df https://n.org/index.php?option=com_dtdonate&Itemid=153


Authorize.net

3778099506 DC-8901290 Declined 04-Aug-2011 02:49:52
Dolla, Cuong A XXXX2001 USD 500.00 04-Aug-2011 18:28:48
USD 500.00
3778099146 DC-6381270 Declined 04-Aug-2011 02:48:47 Dolla, Cuong A XXXX2001 USD 1,000.00 04-Aug-2011 18:28:48 USD 1,000.00
3778098221 DC-8901034 Declined 04-Aug-2011 02:46:37 Dolla, Cuong AXXXX2001 USD 10,000.00 04-Aug-2011 18:28:48 USD 10,000.

This cat and mouse game is getting old. I had 20 failures from Authorize.net today, One item got through. I have both address verification and CCV required. It seems to be getting around the CAPTCHA maybe by manually keying it in since it is about 2 minutes between hits.

Don't want to say too much as the perpetrator is probably watching.

I've been having the same problems lately. We are getting burst of fake donations from the same person. I thought CAPTCHA would take care of this, but when turned on I didn't affect this. I upgraded today from 2.2.3a to 2.2.4 and changed my authorize.net transaction key. Will this solve the issue, or do I need to start blocking IP addresses and play the cat and mouse game?

The failed transactions cost $.10 a piece with authorize.net, thus they are starting to cost real money.

Thanks,
Greg

Cat and Mouse game is in full force, go for the block. Somehow he found the Dtdonate sites, did the customer list get compromised or is there something he is searching for on Google. If we are lucky he will find a another site to take advantage of.

Seems to be a few minutes between events so he could be manually entering the Captcha code.

same thing here and captcha not even working for legitimate doners either. had to disable it.