Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
stupid_captcha
about
Simple stupid captcha, use it with flash.
how it works
- Flash ask for captcha, for example at /captcha.json
- get json with id and img
- send post with data, captcha_id and captcha_input
- validate captcha on serwer side
- save data
settings
create file config/stupid_captcha.rb and set StupidCaptcha settings
use rake secret to generate some good salt
if defined?(StupidCaptcha)
StupidCaptcha.setup do |config|
# salt, use rake secret to generate goog salt
config.salt = "5b213328a3ed873013c553f15......."
# fonts path, point to directory, default GEM_RROT/assets/fonts
config.fonts_path = Rails.root.join('artwork/fonts').to_s
# set fonts array directly (fonts_path is not used), you can find default fonts in GEM_RROT/assets/fonts
config.fonts = [
Rails.root.join('artwork/fonts/1.ttf').to_s
]
# backgrounds path, point to directory, default GEM_RROT/assets/backgrounds
config.backgrounds_path = Rails.root.join('artwork/backgrounds').to_s
# set backgrounds array directly (backgrounds_path is not used), you can find default fonts in GEM_RROT/assets/backgrounds
config.backgrounds = [
Rails.root.join('artwork/backgrounds/1.png').to_s
]
# colors
config.colors = %w{black}
end
end
use it
create captcha controller
require 'base64'
class CaptchaController < ApplicationController
def index
c = StupidCaptcha::Captcha.new
c.reset
respond_to do |wants|
wants.json do
render text: {
id: c.hash,
img: Base64.encode64(c.to_blob)
}.to_json
end
end
end
end
create data controller
class DataController < ApplicationController
def create
@data = Data.new(params[:data])
respond_to do |wants|
if StupidCaptcha::Captcha.new.check(params[:captcha_id], params[:captcha_input]) && @data.save
flash[:notice] = 'Data was successfully created.'
wants.html { redirect_to(@data) }
wants.xml { render :xml => @data, :status => :created, :location => @data }
else
wants.html { render :action => "new" }
wants.xml { render :xml => @data.errors, :status => :unprocessable_entity }
end
end
end
end
routing
get '/captcha', :controller => "captcha", :action => 'index'
post '/data' , :controller => "data" , :action => 'create'
Help
Looking for help?
email to me: lisukorin [at] gmail [dot] com,
don't forget write 'stupid captcha' in subject or my mail client will treat your message as spam.
FAQs
Unknown package
We found that stupid_captcha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Nov 2011
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025