AtomicZombie
Member
- Affected version
- 2.1
I am accepting users manually, requiring them to fill out one extra custom field I added that forces a little bit of human (non spammer) dialog.
What is very odd is that some users from the typical spammer nations seem to know how to get around this!
Here you can see that the field is required (and I tested this myself)...

Yet, this user from Karachi today managed to send the request with that field completely blank (not even white-space)....
Not sure what exploit these snake-oil pushers are using, but I would like to fix it soon.
They win when if I have to spend time pressing delete!
Here is proof that they managed to get a confirmation email even without filling the required field.
This is from the user's data (awaiting approval)...

Knowing how well XF works, it is probably something I broke, and not a bug, but this seemed like the best place to ask!
Thanks,
Brad
				
			What is very odd is that some users from the typical spammer nations seem to know how to get around this!
Here you can see that the field is required (and I tested this myself)...

Yet, this user from Karachi today managed to send the request with that field completely blank (not even white-space)....
Not sure what exploit these snake-oil pushers are using, but I would like to fix it soon.
They win when if I have to spend time pressing delete!
Here is proof that they managed to get a confirmation email even without filling the required field.
This is from the user's data (awaiting approval)...

Knowing how well XF works, it is probably something I broke, and not a bug, but this seemed like the best place to ask!
Thanks,
Brad
 
 
		 
 
		 
 
		 
 
		 
 
		