High spam posts with ReCapthca enabled

[timwhite]

I have a pastebin that is getting a high volume of spam, started in the last few days. I updated to the latest master branch of stikked yesterday, to make sure there wasn't some bug that was already fixed allowing ReCaptcha bypass.

I'm guessing, reading older bugs, that this is still the issue of the API allowing bypass of ReCaptcha.

The /spamadmin interface is also still broken, so that I have to resort to SQL to delete spam posts.

What can we do to reduce the spam?

[The-Compiler]

You could:

• Set an apikey in the config, so that it's required to post via the API
• Set an apikey, enable soft_api, and set blocked_words (if the spam wave I see is the same you see, block ※, №1). That way, the API is still open, but if the blocked word filter triggers, the apikey is required to override it.
• Disable the API altogether via disable_api

[timwhite]

@The-Compiler I've been going through the logs, and all the requests are POSTs to /. Can the API be posted to at the root URL? I was under the impression at API requests should be to /api/create

Assuming these aren't API requests, I'm guessing that means that are probably solving the ReCaptcha's with people or bots?

Edit: For the short term, I've taken my pastebin down, as the volume of spam is too much for me to manage.

[claudehohl]

Welcome to the shiny world of PHP!
Hell yeah, I can paste by simply omitting the "captcha=" post parameter. If it's not even there, it doesn't get checked.

Fixed. fe75336