My error_log have this line
[08-Oct-2015 00:12:11 UTC] PHP Notice: Undefined index: HTTP_USER_AGENT in /libs/funcaptcha.php on line 88
Anyone know anything about this?
Thanks!
Hi Alex48,
How do you know it is a guess exploit? Did you see the attacker getting FunCaptcha wrong more often than right?
You are correct that at default settings, an attacker using a lot of clean IPs (which have no bad record of failing FunCaptcha and are not on the StopForumSpam list) can do a guessing attack which solves FC 1/8th of the time. With massive quantities against a sensitive faucet, that can be significant. You can address this by going to your FunCaptcha dashboard and setting your security to "Always enhanced". This means that the best results a guessing attack can get is 1/512. Or, if you tolerate the guessing attack for a little while, the pool of clean IPs will become tainted and guessing will no longer work well.
As an identity (basically IP, though we are always improving this to extend beyond IP) builds up a poor record of solving FunCaptcha (which random guessing will do), the number of required FunCaptcha challenges increases, making guessing highly impractical. If needed, we can strengthen this further-- just contact us to arrange it. You can see more here:
http://support.funcaptcha.com/customer/en/portal/articles/1760933-what-is-%E2%80%9Csecurity-level%E2%80%9D-in-the-options-
http://support.funcaptcha.com/customer/en/portal/articles/1838700-why-do-i-sometimes-need-to-do-more-or-fewer-game-challenges-
I'm sorry to hear this affected your faucet and with this explanation, I hope you switch back to FunCaptcha. We will keep making it stronger all the time-- and we are literally the only company in the world entirely and actively dedicated to making the best CAPTCHA.
Kind regards,
Matt
COO, FunCaptcha