- Issue created by @RoSk0
- π©πͺGermany macdev_drupal Wiesbaden
Same here. We got several requests like this which came through the form within under a minute. So either it is remote post or a client with selenium I guess. But they would have to record this before. Anyway they got past Antibot.
The requests contain some SQL Injection patterns.Cookie: M1R4X=1700663570xCaY4D9A6Vmrb; SSESS90efd8bd784fa77255ffa5094c2e07f7=dp1%2CS2R0Iv-hC5RvWNZJrsVnoCE6J2ey9ZCFZfjvrOMPL0Ns User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 --e862924b-I-- anrede%5bselect%5d=%5fother%5f&anrede%5bother%5d=1&vorname=gjIjhtUZ&nachname=gjIjhtUZ&ihre%5fe%5fmail%5fadresse=testing%40example%2ecom&url%5fbzw%5fquellenangabe%5fder%5fbarriere=1&beschreibung=1&antibot%5fkey=c5vdMtXZaktbnbWNUD7JIFgSxV31bEBrDmJ%5f2VHUuYI&form%5fbuild%5fid=%2d1+OR+2%2b215%2d215%2d1%3d0%2b0%2b0%2b1+%2d%2d+&form%5fid=webform%5fsubmission%5fbarriere%5fmelden%5fparagraph%5f7180%5fadd%5fform HTTP/1.1 303 See Other Location: https://drupal.website.de/webform/barriere_melden/confirmation?token=mkgaCOgK_gh6Q4oQO04FcY_95SavIlL7yffSJoY0uZwWe did capture this with modsecurity.
Maybe somone with deeper knowledge of Antibot could shine some light on this.
And eventually improve the module. - π©πͺGermany Mortarion
I can confirm, that spam still bypasses antibot at version 2.0.3
Unfortunately I can not add valuable information to that matter, since I am just facing the resulting spam.