I was wondering the other day, when I was getting a flood of signups, if the imagehash on the vb capcha was unique to each board.
This was the link to the image generation on the verify page:
image.php?type=regcheck&imagehash=d47dd74a5f12b99d 1d5a3fde6236aedd
If not unique to each board, then anyone with access to the vb source could rip through a few billion iterations of the function call, store the hash and the code that the user keys. Once you have enough of them, then you don't need to see, you have a db of hash and response. That was my thought on how they're getting by the human verification. A per board seed would prevent this, should that be the root cause.
This was the link to the image generation on the verify page:
image.php?type=regcheck&imagehash=d47dd74a5f12b99d 1d5a3fde6236aedd
If not unique to each board, then anyone with access to the vb source could rip through a few billion iterations of the function call, store the hash and the code that the user keys. Once you have enough of them, then you don't need to see, you have a db of hash and response. That was my thought on how they're getting by the human verification. A per board seed would prevent this, should that be the root cause.
Comment