vb.org Archive - Miscellaneous Hacks - NoSpam! - an alternative to CAPTCHA images

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)

- - Miscellaneous Hacks - NoSpam! - an alternative to CAPTCHA images (https://vborg.vbsupport.ru/showthread.php?t=124828)

NoSpam! - an alternative to CAPTCHA images

This hack is for vBulletin 3.6.x. For 3.5.x, please use the one provided in this thread. If you are using 3.7.x, you must use the one in this thread.

This simple hack is meant as a replacement for the default CAPTCHA system in vBulletin. There are two main reasons one might want to do this: firstly, new technology is constantly being developed to crack CAPTCHA images and make spam accounts anyway, and secondly, the more secure the CAPTCHA, the more difficult it is for genuine users to tell what the numbers in the image are. There is also the issue of visually impaired users, and the fact that not all servers are capable of generating CAPTCHA images.

So what does this hack do instead? It asks a question. Any question you want. That's the best part: YOU make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed. You can make one or many questions - if you make many, the hack will pick one at random when a guest attempts to register, search, post or send mail through the Contact Us form. Their input is compared with your specified answer, and voil?, if they get it right they're pretty much guaranteed to be human. If they get it wrong, they're given an error message.

It doesn't have to be a complicated question. Heck, you can just make it "Please type 'blah' into this box." Or you can go with inserting a simple image with HTML and ask what is shown on the image. Or you can ask them to tell you two plus two. It's up to you. In fact, this can also be used as a means of forcing people to read the rules by asking for a certain password found there, or if your forum focuses on a specialized subject, ask a question concerning the subject that all your genuine users will be able to answer, but a random troll or "CAPTCHA-sweatshop-reader" will be scratching their head over.

It's simple to install, too: just one product to import, and that's it.

VERSION HISTORY:

3.0: Added functionality to allow users to specify which pages should use NoSpam!.
2.0: Extended the NoSpam! functionality to guest posts, guest searches and guest "Contact Us" in addition to registration.
1.1: Made template edit automatic (with thanks to Cole2026), added ability to have more than one answer to each question, and made answers case insensitive. To upgrade, I recommend undoing the template edit so you won't have to worry about it anymore (replace $nospamfield in the template register with $imagereg, or if you added $nospamfield above $imagereg, just remove $nospamfield altogether), and then reimport the product through the Admin CP (making sure that Allow Overwrite is set to On).
1.0: Initial release.

INSTALLATION:

Please download NoSpam!.zip, not product-nospam.xml, for the tested version. product.nospam.xml is NoSpam! 4.0 adapted blindly to 3.6, i.e. by editing the XML file for the 3.7 version without actually testing it on a 3.6 board. Theoretically it should work, but I cannot guarantee it at this time. If you download NoSpam!.zip and unzip it, it will contain another file called product.nospam.xml, which you should use.

1. Import product-nospam.xml through the Admin CP product manager.
2. Go to your vBulletin options in the Admin CP and select NoSpam! Settings. Once there, turn the system on and input your questions and answers according to the instructions there.

The system should now be functional and running. :)

UNINSTALLATION:

Just uninstall the product through the Admin CP.

SUPPORT:

Full support will be given here in this thread. All suggestions are welcome.

Thank you and please click "Mark as Installed" if you like it.

If NoSpam! is not working for you or you are looking for something a little different, you might want to check out Advanced Textual Confirmation.

Wow...first to say thanks! I'll be installing this as soon as I'm done with my server mainenance!

Saw this on another forum the other day, it was pretty awesome. Good work.. Maybe I'll find it useful in the future.

On another forum? Can't have been the same thing, because I just made this up and haven't posted it anywhere else, but I wouldn't be surprised if you found something similar sometime.

This is awesome easy and easy awesome :) thanks

[high]* utw-Mephisto installs[/high]

Quote:

Originally Posted by antialiasis

On another forum? Can't have been the same thing, because I just made this up and haven't posted it anywhere else, but I wouldn't be surprised if you found something similar sometime.

I too have seen this on another forum. Good idea -- but couldn't a script be programmed to simply input the appropriate answer, assuming there was only one question.

I'm sure there's a slew of possible questions in the database. Maybe even an option to use your own? :)

Downloaded, installing later.... Thanks.

Installed and appears to be working fine. Thanks!

Quote:

Originally Posted by y2krazy

I'm sure there's a slew of possible questions in the database. Maybe even an option to use your own? :)

If I understand correctly that is the point of this.
You create the custom question and answer.

Really nice idea, thanks :)

umm, you could easily code a bot that grabs the string and adds the two numbers to produce the answer.

Quote:

Originally Posted by Mr Chad

umm, you could easily code a bot that grabs the string and adds the two numbers to produce the answer.

Then you could simply create a different question and answer. Some example:

Quote:

What do you put in your car to make it go? Gas
What company makes the Xbox? Microsoft
Do you stop or go at a green light? Go
What is the main ingredient in cheese cake? Cheese
Is it hot or cold outside in the winter? Cold

What I'd like to know, as I have not tried this yet, is does this support multiple questions/answers? Can I create question/answer list as above and they will randomly appear? Also are the answers case senstive?

If yes to my first question....I'll be installing this asap! Please make it not case sensitive. :)
Would be nice to see a screeny of the AdminCP for this!

The questions and answers are, as I thought I had made completely clear in the first post, completely customizable. There are no default questions or question formats that the bot could robotically answer. There is just an input field where you specify your questions and answers, which can be literally anything:

Quote:

So what does this hack do instead? It asks a question. Any question you want. That's the best part: you make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed.

Yes, it supports multiple questions:

Quote:

You can make one or many questions - if you make many, the hack will pick one at random when a user attempts to register.

The answers are case sensitive at the moment, but I was now thinking about giving it a little more flexibility, both by making it case insensitive and allowing you to specify multiple possible answers to the same question (for example, if you were using the first question in your list, I believe the British would answer it with "Petrol" rather than "Gas").

I'll give you an admin CP screenshot when I've done those tweaks.

This is great! You can use it not only to prevent spambots from registering with your site but also as an aptitude prerequisite. ;) This would help to filter a lot of fools out of your membership. I keed, I keed (partially). ....:D

You can have lots of fun making up your own customized questions.

Can this be used in conjunction with CAPTCHA?

Quote:

Originally Posted by blankoboy

What do you put in your car to make it go? Gas

Petrol!

Now avaible for german vb users, Thanks antialiasis

Installed

Quote:

Originally Posted by Smoothie

Can this be used in conjunction with CAPTCHA?

YES, you sure can!

I just installed this MOD in Vb 3.6.0 and it's terrific. Works like a charm. If you want your users to get in on the fun, just post a message asking THEM for questions to use! ha, ha This is a BLAST! Many Thanxx antialiasis!:laugh:

Watch out for users with Dyslexia... Spelling can be an issue.

You can eliminate the template edit (preventing you from editting a template, easier for upgrades.) by putting this code into the register_start hook location:

PHP Code:


		
			
$vbulletin->templatecache['register'] = str_replace('$imagereg', '$nospamfield', $vbulletin->templatecache['register']);

Does anybody know if it works for 3.5 also?

So they modify their code to cpature this snipet of text and then use a human to enter the form number like they have before. It will only work so well for so long. I do feel its not a bad idea but im sure it won't be too hard for them to figure their way around this one.

If they are using a human to enter the answer, it is a problem, yes - but there is not exactly much else that can be done about human CAPTCHA readers, either. Your best bet is, as I mentioned, if you have a forum concerning a special topic and you ask a question relating to the topic which genuine users will be able to answer easily but an average human CAPTCHA reader won't. (Additionally, there is the fact that a lot of spamming companies are based in for example Russia, and while anybody can read a couple of numbers on an image, they would have to know a fair bit of English - or whichever language the forum is in - to be able to both understand and answer such a question.)

Thanks for the bit about avoiding the template edit, Cole2026 - I was thinking it could be handy to do that for this hack, but was too lazy to look up how to do that since I've never done it before.

And yes, it can be used in conjunction with the regular CAPTCHA - then just be sure to add the template edit above instead of replacing.

Dyslexic users should be able to refresh and get another question until they have one they can definitely spell - administrators should accommodate dyslexic users by not making the answers to all the questions overly difficult. I can't do much about that myself. (In any case, users whose dyslexia is so problematic that they have difficulties with fairly simple words are most likely not very common on internet forums that are entirely about reading and typing messages.)

I'm fine-tuning the upgrade with multiple answers and case insensitivity - should be up in just a little while.

EDIT: Version 1.1.

Quote:

Originally Posted by antialiasis

On another forum? Can't have been the same thing, because I just made this up and haven't posted it anywhere else, but I wouldn't be surprised if you found something similar sometime.

It came from vbulletin.com forums which I'd bet many people acted on to stop their forums from being spammed.

If you make this plugin/hack backwards compatible for the diff. versions of VB, many folks will LOVE you for it.

It's a similar concept, yes, but at its core a completely different hack - it's based on one plugin and a custom profile field, with only one question and one answer, and not a matter of controlling things through the admin CP at all.

I already think this should more or less work for 3.5 with a couple of minor edits to the product XML to remove the 3.6-only stuff, given that it's fairly simple and not really interacting much with any default vBulletin functions...

Quote:

Originally Posted by antialiasis

And yes, it can be used in conjunction with the regular CAPTCHA - then just be sure to add the template edit above instead of replacing.
EDIT: Version 1.1.

Question for those of us who've already installed your previous version: I kept the CAPTCHA code and placed your's in front of it.(figure one more layer of security is better) So how do I install this updated version?

By that, I mean will it remove the CAPTCHA code from my template? Or reverse the order I have them in? Do I need to UNinstall, revert my templates, then install this new version -or- can I just import the .xml and overwrite?

Sorry so many questions, but I'm quite new (i.e. 3wks) at all this.

Thanxx, AD

The new updated product doesn't have the code that Cole2026 suggested in it. :confused:

It does... There was already a plugin at register_start, and I added the code there (inside the if statement).

adwade - what you should do is simply to remove the $nospamfield from the template (or revert it, unless you've got other edits in it), and then import the new product through the Admin CP, making sure that Allow Overwrite is on. (You don't need to uninstall it first or anything.) That's all you have to do.

hmm... I redownloaded it just to be sure... but I don't see Cole's code anywhere in the xml file. I uploaded the .xml file that I have just for comparison's sake (I downloaded it just a moment ago and checked it with the same results).

That's version 1.0...

Don't ask me how the heck this keeps happening to me. I have the zip file right here on my computer - the very same one I attached to the first post a couple of minutes after I last edited the files in it - and the file in there is the correct one. How the 1.0 file landed in the zip file attached to the post is completely beyond me if it did, and I apologize. The correct one is definitely there now, though, as I downloaded it after attaching it and it has the right file.

antialiasis - your profile says you are using VB 3.5.4 - will you be releasing this for 3.5 also? I really like the idea!

Oh, that's an error in my profile, actually.

Editing the XML for 3.5 shouldn't be too hard, though - just removing a couple of things, and it should work just fine. :/ In fact... I attached an XML file that I think should in theory work for 3.5. Not tested at all, though.

Downloaded and installed the "product-nospam-3-5.xml" Installed OK, I sleected YES to enable, added a question and saved - but still got the old image verification on the registration screen :(

the nospam template is there, and there are 2 no spam plugins:

Hook Location : register_addmember_process
Check if NoSpam! question has been answered correctly

Hook Location : register_start
Generate NoSpam! question

Any ideas for me to try?

Thanks!

Hmm, there should be one more plugin... o_O A cache_templates one?

The normal image verification isn't supposed to disappear, by the way - you need to manually disable it if you want to use only NoSpam!. But if the NoSpam! isn't appearing... well, that's weird. Try making the template edit manually (adding $nospamfield above $imagereg in the register template).

Version 1.1 also translated for german vb users

There in may lay the problem - there is no "$imagereg" See template code below:

I added in a $nospamfield just above this, and it all came togther - thanks!

Code:

                        <if condition="$show['regimagecheck']">

                        <fieldset class="fieldset">

                                <legend>$vbphrase[image_verification]</legend>

                                <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">

                                <tr>

                                        <td>

                                                $vbphrase[enter_text_image_right]

                                        </td>

                                        <td rowspan="2"><img src="image.php?$session[sessionurl]type=regcheck&amp;imagehash=$imagehash" alt="$vbphrase[registration_image]" width="201" height="61" border="0" /></td>

                                </tr>

                                <tr>

                                        <td><input type="text" class="bginput" name="imagestamp" size="50" maxlength="6" /><input type="hidden" name="imagehash" value="$imagehash" /></td>

                                </tr>

                                </table>

                        </fieldset>

                        </if>

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02541 seconds Memory Usage 1,845KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)bbcode_php_printable (10)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (40)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: