Hi, I love the plugin. We’re a small neighborhood association and as soon I we went live, hackers from around the world blew right past our CAPTCHA plugins, buth h and r and suddenly, we had hundreds of new user registrations in a neighborhood where, if we ever get 20 users, we will be amazed. But, they won’t do this with your plug-in helping us.
However, I did input various test scripts into the input field. These I obtained from someone knowledgeable about the kinds of javascript and html attacks that can be made from an input box.
I really don’t know what I’m doing with such tests; but the list of inputs I tried may have resulted in an alert message if they had broken a defense. No alerts ever appeared.
However on two of the entries, I did get a display on the screen just below the input box. One entry produced this on the screen: ‘<” />’ and the other, a similar variation. I was told that the appearance of these characters “could be an indication that the system is interpreting your input as if it were closing a comment block, which is not the expected behavior for a properly sanitized input.”
Just thought you’d like to know.
Again, no ‘alert’ message appeared which would have been the case if defenses had been breached.
If you contact me, I will try to provide more information. Otherwise, you are probably far more knowledgeable about security than I am and I am just passing this info along.
Thank you! for helping us solve our hacker-bots problem.
Bobby