Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
We have enabled sitewide CAPTCHA; however spammers with accounts are still able to create attachments without filling in a CAPTCHA.
This seems to be a hole in the CAPTCHA system as I'd expect any update to a page to require the user to jump through CAPTCHA hoops.
(I noticed this because they started creating HTML attachments full of links).