Enhanced Captcha Image Verification - stop bots from signing up!!
 

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Reserved ..... just in case :)

very cool - thanks

Reserving for a just in case...

You never know ;)

thax you so nice

i installed this... i put the verification in the images directory... it had the show.php and the htaccess file in it..... i then imported.... the images show... but when i click the correct one... i get the 404 error.. The requested page http://theblackpoet.com/register.php?clicked=3 cannot be found.

i disabled the image verification in my adminCP and tried this one.... when i chose the correct image... it let me go to the next page (register).... thanks...
Installed

Nice hack! I might give this a try... ;)

I've tested it thoroughly on mine and I still have Captcha active - and had no problems, bit of a mind bender as to figuring things out but it should work perfect every time.

Check you have the image_verification template - but you should not get any 404 errors - if you still have problems I'll look into it.

HTH

Jason

While creating this I had to research into what was being used to spam forums - I won't name the software but it's a sneaky peice of kit, all done legally I might add - but nonetheless annoying for us Administrators. I searched for one particular post the spambot makes - and I got a few thousand hits back. It's a BIG problem.

Not everyone will be bothered about it - I understand that, but I personally don't like the fact robots are posting adverts on my forum.

The one thing I will say is that they claim the software works around EVERY possible type of protection - now understand text is one thing - interpreting an image is something else, PLUS you can use ANY image you like, it will make it VERY VERY hard to any program to decypher what the image actually is.

I did come up with a few other ideas but this seemed to be the best way around it - and at this point I have had NO bots sign up on my site - and I hope this is the same for all those who have installed this.

Jason

Using v3.6.4 i get the same error.

thedvs,

The first post says:

Hmmm I will investigate this - I suspect there are changes between 3.6.2 and 3.6.4 - will see what I can come up with.

@ rich if we don't leave feedback, then the coders can't see what's what, it wasn't a gripe aimed at steadicamop!

It's no problem - I need to upgrade to 3.6.4 so it's a good a time as any to resolve any issues - there do appear to be template changes from 3.6.2 -I will check into this and release an update as soon as I can.

just in the image_verification template need to change the links ......
that if you have a subfourm fourm
and its works on 3.6.4

works greate thanks

<font color="DarkGreen">Version 1.01 is out now - thanks to Barakat for the info that solved the issue - checking on version 3.6.4 now for any others.</font>

Now it works brilliantly on 3.6.4, many thanks steadicamop :)

Tried to install it but the pictures don't show up... any thoughts?

[Edited to Add:] In light of GNeRaL's message immediately after mine, let me add that I don't get red Xes, I just get empty space where the pics should be.

Working on this one - I used a clean install of 3.6.4 and have the same problem, will get back with an update very soon.

that worked!!!! thank you for sticking to it and solving the issue!! now i feel like my site is more secure....!!!

thanks very much for being so attentive to the issue!

It looks like you don't have GD Libraries installed, the images are processed through that for security reasons - unfortunately at this point there's no way around it - if you run your own server it's possible to get this installed fairly easily or maybe ask your ISP if they can install it for you.

Sorry I can be of more help.

Jason

You will need to check if you have GD installed - you can check this in the AdminCP -> Maintanence -> View PHP Info then scroll down and find GD - image attached to show if it is installed and working.

This is a requirement of the script to secure the images from being read.

Yup, installed and working for me.

I would like to install this but I don't see show.php anyplace in my tree. What is it, how do I get it, and what location should it be in?

Thanks!!!!!

show.php should be in same directory as your "verification" folder is..

/forum-root/images/verification <-there you should have .htaccess and show.php and all the images used for verification.

Based on your research, what's your opinion of this hack: https://vborg.vbsupport.ru/showthread.php?t=124828 which asks an admin-defined, forum-specific random question? Which way is better to go. Can/should we install both?

I have the same problem no images showing up.

http://www.generationdub.com/images.jpg

I know for a fact GD works
I set the PHP to execute

And also the header doesn't show up at the top when the image verification is on screen.

gd
GD Support enabled
GD Version bundled (2.0.28 compatible)
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled

Right click on one of the crosses and click Properties - check that it shows in the right directory (ie forumroot/images/vertification).

If it still isn't working I will check further into this.

I can't comment on this hack as I haven't installed or tested it - although I feel that a text based version could be defeated - this is why I created this one, using images that only real people can interpret.

There's definately no harm in having both - but I would advise caution - if you have too many verification systems people may not register for the lengthy process .... ? Just my opinion though.

Does this actually work ? Can someone suffering from these spambots recommend it ?

My forum is getting it ten fold, its not a matter of being just pain as some have stated, they are posting porn pics every 10 minutes on my forums.

Its getting to the point where the forums will have to shut down because its high profile and highly embaressing.

Speaking to people at Digitalspy.co.uk they don't seem to suffer from is using older version of Vbulletin and it never seems to happen on UBB.

Anyway I hope this solution works, its pain that users have an extra layer during the registration process.

Plus I wonder how accessible image verification is. I'm not sure what the laws are in the US but in the UK sites have to meet accessability criteria.

thanks :D

When I right click on it I get the following.

http://forums.generationdub.com/imag...ion/show.php?1

I'm assuming the "="'s sign is missing?

It's something I'm working on currently - it would appear it's not a GD issue - mine is installed correctly and working - I'm looking into why and a solution and will post an update if necessary.

Issue fixed - it would appear windows servers didn't like the existing code - this has been changed and now works 100%, just re-upload show.php to the images/verification directory - make sure you overwrite the old file.

The package now contains this updated file.

Jason

All I will say is give it a try - you've nothing to lose by trying. So far I have had NO spam bots sign up on my forum, I'm very tempted to disable it to see how many I get in 24 hours, then enable it and see how many more I get in a further 24 hours.

I don't see how a peice of software can read what an image is - yes it can understand text but how would it know that it's a picture of an aeroplane, or a car, or a person, or a banana .....

hey, just giving everybody a headz up. This hack works. I run a relatively large forum (60-80 new signups a day) but in the past 2 weeks I've been getting 120 signups daily. Thought it was a good thing but it was actually bad. I noticed the spamming for vioxx, viagra, and some webcam & porn sites on my site. Noticed the signups were all born March 28, 1983, and so I found a pattern, it was all bogus. Searched and installed this hack (im running 3.6.0) only one day now, and no spam-bots cracked through the image verification hack. It's still too early to tell , but I am pleased. Best hack i recently installed . Good job (clicked installed yesterday)

bongwater

Sad... I cannot upload .htaccess (The dot is the problem with my host)