vb.org Archive - Miscellaneous Hacks - Enhanced Captcha Image Verification

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)

- - Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!! (https://vborg.vbsupport.ru/showthread.php?t=132482)

Figured out my problemo. It appears one of the pictures didn't upload for some reason, so must have confused it.

Fully working now. Thanks a lot :)

Quote:

Originally Posted by steadicamop (Post 1127038)

This will sort that

Thanks - that did it :)

I installed the plugin on vB 3.6.3. When I try to run it I get the following two error messages:

Warning: dir(images/verification/): failed to open dir: No such file or directory in /register.php(202) : eval()'d code on line 6

Fatal error: Call to a member function on a non-object in /[path]/forum/register.php(202) : eval()'d code on line 7

Seems like maybe I installed the "verification/" dir in the wrong place. I first put it in my "wp-includes/images/" dir, but it produced the error messages shown above. Then I created an "images/" dir in the home dir of my vB installation and moved the "verification/" dir into it. Same error messages. Should I put the "verification/" dir elsewhere or is something else causing the problem here?

Thanks.

installed on 3.6.4,working a treat ..

thank you :cool:

Quote:

Originally Posted by jonathang (Post 1127555)

Should I put the "verification/" dir elsewhere or is something else causing the problem here?

Thanks.

upload JUST the "images" folder within the Image Verification file to your /forums/images folder

Steadi, first of all I commend you on a great effort to defeat the (to me) tremendously growing problem of spam wrecking forums.

Quote:

Originally Posted by steadicamop (Post 1125764)

I can't comment on this hack as I haven't installed or tested it - although I feel that a text based version could be defeated - this is why I created this one, using images that only real people can interpret.

Quote:

Originally Posted by steadicamop (Post 1125948)

I don't see how a peice of software can read what an image is - yes it can understand text but how would it know that it's a picture of an aeroplane, or a car, or a person, or a banana .....

Ah, but there's the rub. _It doesn't have to_. A real person isn't at all needed to defeat it.

I was thinking of installing this (as I need a solution from somewhere) but I see an inherent problem with this that will surely allow it to be defeated with absolute ease, should it ever reach the popularity that it's worth spending a little time (and that's all it would take) to deal with it.

Quite simply, it doesn't need to be programmed to read the image or anything complicated like that. It has four pictures of which it has to click the right one to proceed. The easy way to beat it is to code the bot to just click on images, and go back and repeatedly click on images, until it reaches the accepted part of the page (birthdate or whatever). As there's only four images it's going to do it in a handfull of tries.

Whether they get around to coding that I don't know, but if they do it's instantly sunk as far as I can see.

The one way I can see to deal with bots doing that is to have the user type in the name of a single image (i.e. "cloud"). That's why captcha is a tougher problem (even though it's beaten atm) because there's a massive amount of inputs that need to be tried, rather than just "pick a number, 1 to 4".

Has this occured to you, or do you just believe they won't specifically target your hack, even if it gets popular?

hiBEES,

Right you are, and thanks. Turns out I installed it in my WordPress installation instead of vBulletin. Now I've installed it in the right place and it works fine.

;)

Quote:

Originally Posted by John_Shaft (Post 1127699)

Steadi, first of all I commend you on a great effort to defeat the (to me) tremendously growing problem of spam wrecking forums.

Ah, but there's the rub. _It doesn't have to_. A real person isn't at all needed to defeat it.

I was thinking of installing this (as I need a solution from somewhere) but I see an inherent problem with this that will surely allow it to be defeated with absolute ease, should it ever reach the popularity that it's worth spending a little time (and that's all it would take) to deal with it.

Quite simply, it doesn't need to be programmed to read the image or anything complicated like that. It has four pictures of which it has to click the right one to proceed. The easy way to beat it is to code the bot to just click on images, and go back and repeatedly click on images, until it reaches the accepted part of the page (birthdate or whatever). As there's only four images it's going to do it in a handfull of tries.

Whether they get around to coding that I don't know, but if they do it's instantly sunk as far as I can see.

The one way I can see to deal with bots doing that is to have the user type in the name of a single image (i.e. "cloud"). That's why captcha is a tougher problem (even though it's beaten atm) because there's a massive amount of inputs that need to be tried, rather than just "pick a number, 1 to 4".

Has this occured to you, or do you just believe they won't specifically target your hack, even if it gets popular?

I understand that no matter how hard you make the security - it will be cracked eventually - I'm working on making this slightly more harder for bots, it will give you four attempts to get it right then it locks you out from using the register page for a set amount of time (I was thinking of 24 hours) - I do realise that repeat clicking, going back and clicking again will eventually find the correct one - but for me this has stopped bots signing up - I'm working on making it more secure with different measures.

I appreciate your feedback.

Jason

thanks for this hack - I installed it yesterday, so far no spam signups. one question - is there a log kept anywhere of failed attempts?

regarding whether it can be cracked or not - sure, it probably can. But the object of the exercise is to defeat automated software, so perhaps introducing more randomness is what's needed rather than any one approach. For example, sometimes you ask for an image to be identified, sometimes you ask a simple arithmetic question, sometimes you need a picture clicked on... introducing more random aspects like this would make it increasingly difficult to program a bot for. I think.

There isn't any log of failed attempts - it may be something I can work into an update, I like your suggestion, something even more random to confuse bots.

Cheers

Jason

Could you have it re-order the 4 pictures each time they are presented? So that a click on image #1 would sometimes be correct and sometimes not? Also have the required image name be changed. For instance, one time it asks for the butterfly, the next it may ask for the soccer ball (randomly of course), and each time it changes both the question, and the location of the proper response?
Possibly also expand the hack to include many more possible images, but only randomly choose 4 at a time to display.
Along with your idea of a 24hr lock out for "x" amount of wrong answers, this could be a formidable hack.

I'm no coder... so I have no idea how hard this would be. But it seems to me that this randomness would keep the Bots at bay for quite some time.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01417 seconds Memory Usage 1,753KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: