vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Prevent Automated Registrations (https://vborg.vbsupport.ru/showthread.php?t=48443)

Mystis 02-01-2003 10:00 PM

Prevent Automated Registrations
 
Smallish hack here, basically it emulates Yahoo's, among other's, system of generating an image with a random series of characters that a user must enter correctly into a text box to register. The screenshots will illustrate this well:

Screenshots
----------------
Registration Screen
Results on Failure
Results on Success

Installation Instructions
----------------
See install.txt in the attachment

Minimods
----------------
Text-only version for people without access to the GD library

The font may be customized by taking a font desired, in TrueType format, and uploading it in place of the font.ttf included. the gd image library IS required to use this hack.

If you like it, install it!

Mystis 02-02-2003 04:25 PM

Screenshot: Registration form

Mystis 02-02-2003 04:26 PM

Screenshot: Success

Mystis 02-02-2003 04:26 PM

Screenshot: Failure

Boofo 02-02-2003 04:43 PM

Will give it a shot, thanks! ;)

afterlab 02-02-2003 04:45 PM

Are the images (in which the user must input the text on it) just created images?

Crinos 02-02-2003 04:52 PM

This is a great idea ... I'll try it later, thanks!

Dean C 02-02-2003 04:54 PM

Wow you beat Slynderdale to this :)

Nice hack buddy :D

- miSt

Mystis 02-02-2003 05:05 PM

Quote:

Originally posted by afterlab
Are the images (in which the user must input the text on it) just created images?
Yes, they're create via the gd image library and destroyed once they are used.

And my apologies to slynderdale, I didn't know somebody was in the process of coding this. I saw this request last night and I thought that it might be good practice, so I made it. My apologies.

Chris Gwynne 02-02-2003 05:20 PM

This was near completion by Slynderdale......

Chris M 02-02-2003 05:35 PM

Sounds cool:)

Satan

Boofo 02-02-2003 05:39 PM

I just installed this and I am only getting an X where the image is supposed to ne. I checked the path to the font.ttf and it is correct. Any fix for this?

I'm not sure if the server I am on had the gd image library installed. If not, is there a way to make this hack use random text instead of the images?

Dean C 02-02-2003 05:44 PM

Quote:

Originally posted by Mystis

Yes, they're create via the gd image library and destroyed once they are used.

And my apologies to slynderdale, I didn't know somebody was in the process of coding this. I saw this request last night and I thought that it might be good practice, so I made it. My apologies.

There's no need to apologise. Perhaps you can compare code :)

- miSt

Mystis 02-02-2003 05:58 PM

Quote:

Originally posted by Boofo
I just installed this and I am only getting an X where the image is supposed to ne. I checked the path to the font.ttf and it is correct. Any fix for this?

I'm not sure if the server I am on had the gd image library installed. If not, is there a way to make this hack use random text instead of the images?

To see if you are using the gd library try running a phpinfo, you should need v2 or higher. What's the url to your reg_image.php file? It may generate an error message that could be useful. The most likely cause of the problem is, however, the gd version/lack of it at all. I apologize, but I'm afraid there's no fix to that one, unelss you can get your host to upgrade.

Mephisteus 02-02-2003 06:41 PM

nice hack :) I'll definetly install it :)

Boofo 02-02-2003 06:52 PM

Quote:

Originally posted by Mystis


To see if you are using the gd library try running a phpinfo, you should need v2 or higher. What's the url to your reg_image.php file? It may generate an error message that could be useful. The most likely cause of the problem is, however, the gd version/lack of it at all. I apologize, but I'm afraid there's no fix to that one, unless you can get your host to upgrade.

I ran the phpinfo and say nothing about the gd library. Chances are (knowing my host) it is not installed. Thanks, anyway. ;)

dirtymerc 02-02-2003 06:55 PM

Excellent hack thanks

Davey 02-02-2003 07:42 PM

WOW this is a good hack dude.
Thanks for releasing!
I'll definately install this if possible hehehe.
Mind you I dunno if (and doubt) lycos runs the requirements for this.
Still worth a try though.

Dave.

Neo 02-02-2003 07:48 PM

Excellent bro.

squawell 02-02-2003 07:53 PM

about the path how should i do?? i have little confuse...

if my address is http://www.xxx.com.tw/xxx/forum/index.php

Velocd 02-02-2003 11:37 PM

Awesome hack Mystis, I had wondered when something like this for vBulletin might come along.

The only question I have is what kind of service would somebody be using that is processing an automated registration for one's forum? This is just a generic question, as I've wondered the same for those Lycos/Yahoo sites. I'm guessing some kind of bot, although the chances of one doing so on a vBulletin seems less likely.

[high]* Velocd clicks install ;)[/high]

Mystis 02-03-2003 12:03 AM

Quote:

Originally posted by squawell
about the path how should i do?? i have little confuse...

if my address is http://www.xxx.com.tw/xxx/forum/index.php

You're looking for the absolute server path to your forums' root directory. So in your example, if you're running on a linux server then a possiblity could be '/home/xxx/public_html/xxx/forum/font.ttf'. On Windows, it might be something like: "c://htdocs//users//xxx//xxx//forum//font.ttf'. I can't tell you for sure though, your best bet would be inquiring your host.

Quote:

Originally posted by Velocd
Awesome hack Mystis, I had wondered when something like this for vBulletin might come along.

The only question I have is what kind of service would somebody be using that is processing an automated registration for one's forum? This is just a generic question, as I've wondered the same for those Lycos/Yahoo sites. I'm guessing some kind of bot, although the chances of one doing so on a vBulletin seems less likely.

I'ts very easy to set up a bot that can process a form repeatedly and automatically. I obviously won't give out details as to how, but it is very possible and potentially damaging to the server if it does that frequently enough. The person that I wrote the hack for actually got 10,000+ fake registrations in under a day.

Quote:

Originally posted by Boofo
I ran the phpinfo and say nothing about the gd library. Chances are (knowing my host) it is not installed. Thanks, anyway.
If it isn't in phpinfo, then it likely isn't installed. I aplogize. I'll work on a text only version workaround, although it isn't nearly as secure.

Quote:

Originally posted by Davey
WOW this is a good hack dude.
Thanks for releasing!
I'll definately install this if possible hehehe.
Mind you I dunno if (and doubt) lycos runs the requirements for this.
Still worth a try though.

Dave.

Sorry, but I'm pretty sure that Lycos won't run the gd. Again, keep an eye out for the text version workaround, which I'll figure out and include in my next post :)

Mystis 02-03-2003 12:23 AM

TEXT ONLY FIX

In the 'registeradult' template, find

PHP Code:

    <tr>
        <
td bgcolor="{firstaltcolor}"><normalfont><b>Automatic Registration Prevention</b></normalfont><br>
        <
smallfont>Please enter the text in the box below to the text box to the right.  This is to prevent automatic registrations.<br><br><img src="reg_image.php?text=$image_var&colorbg={firstaltcolor}&colortext={pagetextcolor}" /><br></smallfont></td>
        <
td bgcolor="{firstaltcolor}"><normalfont>
            <
input type="text" class="bginput" name="autoveri" size="25" maxlength="15">
            <
input type="hidden" name="autovero" value ="$image_var">
        </
normalfont></td>
    </
tr

and replace it with
PHP Code:

<tr>
    <
td bgcolor="{firstaltcolor}"><normalfont><b>Automatic Registration Prevention</b></normalfont><br>
    <
smallfont>Please enter the registration key below to the text box to the right.  This is to prevent automatic registrations.<normalfont><br><br><smallfont><b>Registration key$image_var<smallfont>
        </
td><td><input type="text" class="bginput" name="autoveri" size="25" maxlength="15">
        <
input type="hidden" name="autovero" value ="$image_var">
    </
normalfont></td>
</
tr


Martin64 02-03-2003 12:30 AM

Very nice, I'll install it some other night when the clock isn't 3:20 am *yawn*

Good job. :)

Yo. 02-03-2003 12:32 AM

Forgive me if I'm wrong..but if the image_var is in the output source of both the image and text versions, how is the text version any less secure?

Slynderdale 02-03-2003 02:11 AM

This wont prevent auto verification at all, all some one has to do is use fopen on the page and look for
<input type="hidden" name="autovero" value ="$image_var">
and get the value real esily, this will stop auto registration as much as not having it, also using gd every time the page is loaded will have a high load to the server, thats why im adding a cahceing option and the other options to my hack so prevent the gd causing high loads. Also there are some ways to extract this text from the image as well, you dont distort the image in any way so a bot could look through the image and compare it to others and get the text from it, the non gd support for my hack uses hash images so not even a bot can get the value from them and also alow cacheing and session limits, so if the user idles for to long it creates a new session verification value automaticly.

Also I'm not trying to put down this hack, It was a great idea, Im just stating there are some major flaws in the script.

Slynderdale 02-03-2003 02:12 AM

https://vborg.vbsupport.ru/showthrea...threadid=48240

Im planning on releasing my hack tomarrow.


https://vborg.vbsupport.ru/attachmen...&postid=348489

Theres the current admin options for it.

DWZ 02-03-2003 04:19 AM

Just a small note/warning.

Some of the more "smarter" auto register bot thingys can "read" images to see the registration code if it's in the normal Arial/Times New Roman type font, so you really should use some weird font if you really want to protect yourself.

You can see sites such as AltaVista doing this.

EDIT: oh, and yeah, nice hack :)

Slynderdale 02-03-2003 04:28 AM

Quote:

Originally posted by DWZ
Just a small note/warning.

Some of the more "smarter" auto register bot thingys can "read" images to see the registration code if it's in the normal Arial/Times New Roman type font, so you really should use some weird font if you really want to protect yourself.

You can see sites such as AltaVista doing this.

EDIT: oh, and yeah, nice hack :)

You dont need to worry about that with this hack..it already has the verification number publicly displayed in the html...

Boofo 02-03-2003 04:46 AM

Quote:

Originally posted by Slynderdale


You dont need to worry about that with this hack..it already has the verification number publicly displayed in the html...

Is there a way to use something other than the gd library to display the images (since alot of hosts don't have it installed)? If the text only version can be got around that easy, there must be another way. ;)

Slynderdale 02-03-2003 05:15 AM

Quote:

Originally posted by Boofo


Is there a way to use something other than the gd library to display the images (since alot of hosts don't have it installed)? If the text only version can be got around that easy, there must be another way. ;)

Yea, I already made that into my hack, you have 3 choices on how the output images are, two are for gd, one is for non gd, the gd options are:
Creating one verification image from multiple others like a.jpg 4.jpg anf so on
Creating one image with the text written in the center of it

and the non gd:
Displaying multiple images for each char that bots and users cant trace back to the actual image and get the value of it.

Boofo 02-03-2003 05:18 AM

Sounds great! I'm ready when you are. ;)

Slynderdale 02-03-2003 05:22 AM

Quote:

Originally posted by Boofo
Sounds great! I'm ready when you are. ;)
Code:

<tr>
        <td bgcolor="{tableheadbgcolor}" colspan="2"><normalfont color="{tableheadtextcolor}"><b>Image Verification</b></normalfont></td>
</tr>
<!-- *** -->
<tr>
        <td bgcolor="{firstaltcolor}"><normalfont><b>Image Verification</b></normalfont><br>
        <smallfont>Please enter the numbers and text that you see on the image. This is to help prevent automated registration.</smallfont><br>
        <img src="imagegen.php?hash=$verifydata[hash]"></td>
        <td bgcolor="{secondaltcolor}"><normalfont>
        <input type="text" class="bginput" name="verification_value" size="25" maxlength="100">
        <input type="hidden" name="verification_hash" value="$verifydata[hash]">
        </normalfont></td>
</tr>

Thats the template I use for my hack to display the image in the register section, verification hash isnt the actual value of the image, its the hash of the current register verification session, this makes it impossible for ats to get the actual value of the image.

Boofo 02-03-2003 05:24 AM

Looks good. Can't wait to try it out. ;)

TECK 02-03-2003 05:39 AM

You should make your letters to change position, in different angles and also place some grids over... I know it can be done, FireFly showed me something cool like that...

If you get it to do this, OCR software cannot scan the letters and insert them automatically. :)

Slynderdale 02-03-2003 05:45 AM

Quote:

Originally posted by TECK
You should make your letters to change position, in different angles and also place some grids over... I know it can be done, FireFly showed me something cool like that...

If you get it to do this, OCR software cannot scan the letters and insert them automatically. :)

I already added that to my hack, if you look here:
https://vborg.vbsupport.ru/attachmen...&postid=348489

If you have distort image set to yes, it distorts it with grids and other effects to its readable by the human eye but not by bots.

ManagerJosh 02-03-2003 05:47 AM

Definitely goint to install this....as soon as Teck's suggestion is added in :D

Slynderdale 02-03-2003 07:20 AM

My verify image hack is almost complete, if you run a test forums and wanna try the aplha version of the installer you can find it in this post, please read the post before hand though.

https://vborg.vbsupport.ru/showthrea...886#post349886

VeoMorphine 02-03-2003 11:15 AM

Great hack. Some script kiddys are always flooding my board(i just emtpy the user table of all waiting for e-mail group members)

this will help alot.

Quote:

Originally posted by a-drive
This was near completion by Slynderdale......
Well now its completed.

Slynderdale 02-03-2003 01:51 PM

Quote:

Originally posted by VeoMorphine
Great hack. Some script kiddys are always flooding my board(i just emtpy the user table of all waiting for e-mail group members)

this will help alot.



Well now its completed.

Its almost complete, at the moment im at my classes, but when i return home ill release the final version of my hack and also another hack that many of you might like that I started before I left for my classes.


All times are GMT. The time now is 10:29 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01345 seconds
  • Memory Usage 1,849KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_php_printable
  • (15)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete