Login Protection Captcha Image

  • Resolved gwdlarry

    (@gwdlarry)


    2 years, 11 months ago

    Hello there,
    we are using Ninja Firewall for all our sites and are very satisfied.

    However, we noticed that, although the Login Protection Captcha Image prompts the user with a mix of digits, uppercase and lowercase letters, the input is case-INsensitive.

    So e.g. when I am prompted to enter “5Tcd7X”, I can enter “5tcd7x” and it works all the same.

    Any idea?
    Thanks and best regards,
    Larry

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    That’s correct, and that’s normal: captcha are not case-sensitive. A few are, but I really don’t know why.
    It’s not a password, it can’t be cracked, reversed or decrypted, and it can’t even be brute-forced (every failed attempt would generate a new captcha).

    However, the image shows uppercase and lowercase letters because its purpose it to prevent a bot for reading it and to force it to search for a wider range of characters. Even if the bot had an OCR engine and could read an ‘A’, it would enter ‘A’, not ‘a’.

    Thread Starter gwdlarry

    (@gwdlarry)

    Thanks for your reply.
    Best, Larry

    If the bot has ocr, then why not ask the user to use lowercase only and deliberately block any response that has exactly the same case as all the letters entered, i.e. identical. That way even ocr bots are blocked.

    Plugin Author nintechnet

    (@nintechnet)

    @stevesi There’s no real need for that, because you can change the font and use one that is more much difficult to read: make sure it’s a True Type Font file, name it font.ttf and upload it into the /wp-content/nfwlog/ folder.

    Thanks for reply
    If I was a hacker, I would delete all font html entries to remove any weird fonts and allow OCR to work…

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Login Protection Captcha Image’ is closed to new replies.