vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Mini Mods - Harmor's Bot Protection (https://vborg.vbsupport.ru/showthread.php?t=144719)

Pyrix 04-13-2007 12:12 PM
Just thinking, you may be able to secure it a little more by appending the vbulletin license number (or a random string stored in vb options) to the character before you hash it (both times). This is known as 'salting', and would make the 'MD5 hash table' bypass much, much harder. You might want to Google that and read up on it :)

Don't know what you can do about the other thing though - you could turn it into an image but then what advantage does it give over vb's default captcha?

harmor19 04-13-2007 01:19 PM
Can bots read the source code?

DiSpy 04-13-2007 01:41 PM
Pyrix is right, salting the hash would work wonders... may I suggest letting the admins choose their own salt in the admin CP. That way each board has it's own salt.

The second issue about the bot automatically "looking at the webpage" for a value, can also be solved using the admin CP. Just let users customize the question in thier own words, and customize the title (where it says "Harmor's Bot Protection" and "What is the first character of" in the screen shot).

Also, I was thinking... how hard would it be to allow the admin to choose EITHER the 1st, 2nd, 3rd character the users should enter (set via admin cp). This would make is at least not exactly the same on all boards, and since vB has min usernames set at more than 3, it should always work.

Just my $0.02 cents.

harmor19 04-13-2007 02:22 PM
Hopefully I increased the security of this hack. It now selects a random character instead of asking the user to enter the first character.

Here is a snippet of code I added.
PHP Code:
if(empty($vbulletin->options['harmor_bot_protection_hash']))
{
  $vbulletin->options['harmor_bot_protection_hash'] = "gwetg7gaswegty7sawfrtq2w6t";
}

$word $ahbot['username']{$ah_rand 1};
$hash md5(md5($word).$vbulletin->options['harmor_bot_protection_hash']); 
The screenshot has been updated as well. Attachment 63065

Mr Chad 04-13-2007 04:20 PM
Quote:
Originally Posted by harmor19 (Post 1226696)
Can bots read the source code?

of course they can...

they filter through the source to find hash's so they can do things (and the hashs were made to stop them).

harmor19 04-13-2007 04:29 PM
Quote:
Originally Posted by Mr Chad (Post 1226844)
of course they can...

they filter through the source to find hash's so they can do things (and the hashs were made to stop them).
Thanks for answering my question.

smess 04-13-2007 09:53 PM
what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??

harmor19 04-13-2007 10:06 PM
Quote:
Originally Posted by smess (Post 1227041)
what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??
I didn't take that into account. I'll update the hack soon. Thank you for pointing that out.

harmor19 04-14-2007 07:14 AM
Quote:
Originally Posted by smess (Post 1227041)
what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??
I have updated the hack to remove spaces in usernames. "no gas" becomes "nogas".

TeamDevotion 04-16-2007 04:12 AM
Isn't this the point of image verification?


All times are GMT. The time now is 02:22 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01096 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete