How to modify bitrix captcha?

A

Alexey Cheremisin2017-01-30 19:02:34

1C-Bitrix

Alexey Cheremisin, 2017-01-30 19:02:34

Good afternoon, comrades.
For some time now, fake users generated by bots began to appear on the site under Bitrix 15.6.8. Browsing the results revealed the annoyance that the default captcha seems to have a security issue. It is enough to look at the captcha once and constantly substitute captcha_word and captcha_code into the form. Since the password does not change for each captcha separately, an attacker can very easily spam the site by replacing these two fields with pre-valid ones.
Now I just change the password for captcha once a day, but I would like, for example, to make a different password for each captcha. For example, by adding an autogenerated "salt" (of the "QWERT" type) to the current captcha password, which is passed through a form parameter.
Does anyone have any thoughts on this matter?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey, 2017-01-30
@gangstarcj

Bitrix captcha is used only once. After a successful check, it is deleted. You seem to have something wrong in your code.

R

Roman Gritsuk, 2017-01-31
@winer

As an alternative solution, you can buy a recaptcha module. On the marketplace I saw in the area of \u200b\u200b1k they stand.

S

solalex, 2017-01-31
@solalex

I will share my solution. I made a captcha from Russian letters. And I changed the font to one that was difficult to recognize by bots, for example, L and R look almost the same.
example