You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a pastebin that is getting a high volume of spam, started in the last few days. I updated to the latest master branch of stikked yesterday, to make sure there wasn't some bug that was already fixed allowing ReCaptcha bypass.
I'm guessing, reading older bugs, that this is still the issue of the API allowing bypass of ReCaptcha.
The /spamadmin interface is also still broken, so that I have to resort to SQL to delete spam posts.
What can we do to reduce the spam?
The text was updated successfully, but these errors were encountered:
Set an apikey in the config, so that it's required to post via the API
Set an apikey, enable soft_api, and set blocked_words (if the spam wave I see is the same you see, block ※, №1). That way, the API is still open, but if the blocked word filter triggers, the apikey is required to override it.
@The-Compiler I've been going through the logs, and all the requests are POSTs to /. Can the API be posted to at the root URL? I was under the impression at API requests should be to /api/create
Assuming these aren't API requests, I'm guessing that means that are probably solving the ReCaptcha's with people or bots?
Edit: For the short term, I've taken my pastebin down, as the volume of spam is too much for me to manage.
Welcome to the shiny world of PHP!
Hell yeah, I can paste by simply omitting the "captcha=" post parameter. If it's not even there, it doesn't get checked.
I have a pastebin that is getting a high volume of spam, started in the last few days. I updated to the latest master branch of stikked yesterday, to make sure there wasn't some bug that was already fixed allowing ReCaptcha bypass.
I'm guessing, reading older bugs, that this is still the issue of the API allowing bypass of ReCaptcha.
The /spamadmin interface is also still broken, so that I have to resort to SQL to delete spam posts.
What can we do to reduce the spam?
The text was updated successfully, but these errors were encountered: