Elxis CMS Forum

Extensions => Components => Topic started by: mwangi on July 10, 2013, 18:05:30

Title: CAPTCHA insertion
Post by: mwangi on July 10, 2013, 18:05:30

How do i add another captcha for http://nymep.com/forum/index.php/user/login/. I want to ask people to enter twice before being registered. Our webhost asked me to fix it. Here is what he said:

Dear Beatrice,
 Hope this finds you well.
 We are receiving spam mails .
 We request that your designer puts a Captcha on the 2 "Logins" on this page: http://nymep.com/forum/index.php/user/login/

 kindly effect this immediately.

Title: Re: CAPTCHA insertion
Post by: datahell on July 16, 2013, 23:34:51

The page you show is the login page, not the registration page...

Tell your webhost that captcha is not required in the login form as there is a session/token check. You cannot attack to this form with cross-site like methods.

Sample HTML:

Code: [Select]

<input type="hidden" name="token" id="ulogtoken" value="bab1de7a7bad0f915ad6676868a484b2" />
We use captcha on the registration forms not in login forms. Have you ever seen captcha in a login form? I guess not...

Recommended actions for your site:
- Enable friendly (SEO PRO) URLs.
- Remove the link to the administration section.
- Rename folder "estia"
- Don't use the "password recovery" option except if you have a good reason for that.
- If you haven't done so, rename folder repository.
- If you haven't done so, enable Elxis Defender.
- Fix your menu links (projects.html to projects/, etc...)

From Elxis Docs:
Secure your site (https://www.elxis.net/docs/using-elxis/security/secure-your-site.html)
Elxis filesystem (https://www.elxis.net/docs/using-elxis/getting-started/filesystem-structure.html)