![]() |
Prevent Automated Registrations
Smallish hack here, basically it emulates Yahoo's, among other's, system of generating an image with a random series of characters that a user must enter correctly into a text box to register. The screenshots will illustrate this well:
Screenshots ---------------- Registration Screen Results on Failure Results on Success Installation Instructions ---------------- See install.txt in the attachment Minimods ---------------- Text-only version for people without access to the GD library The font may be customized by taking a font desired, in TrueType format, and uploading it in place of the font.ttf included. the gd image library IS required to use this hack. If you like it, install it! |
Screenshot: Registration form
|
Screenshot: Success
|
Screenshot: Failure
|
Will give it a shot, thanks! ;)
|
Are the images (in which the user must input the text on it) just created images?
|
This is a great idea ... I'll try it later, thanks!
|
Wow you beat Slynderdale to this :)
Nice hack buddy :D - miSt |
Quote:
And my apologies to slynderdale, I didn't know somebody was in the process of coding this. I saw this request last night and I thought that it might be good practice, so I made it. My apologies. |
This was near completion by Slynderdale......
|
Sounds cool:)
Satan |
I just installed this and I am only getting an X where the image is supposed to ne. I checked the path to the font.ttf and it is correct. Any fix for this?
I'm not sure if the server I am on had the gd image library installed. If not, is there a way to make this hack use random text instead of the images? |
Quote:
- miSt |
Quote:
|
nice hack :) I'll definetly install it :)
|
Quote:
|
Excellent hack thanks
|
WOW this is a good hack dude.
Thanks for releasing! I'll definately install this if possible hehehe. Mind you I dunno if (and doubt) lycos runs the requirements for this. Still worth a try though. Dave. |
Excellent bro.
|
about the path how should i do?? i have little confuse...
if my address is http://www.xxx.com.tw/xxx/forum/index.php |
Awesome hack Mystis, I had wondered when something like this for vBulletin might come along.
The only question I have is what kind of service would somebody be using that is processing an automated registration for one's forum? This is just a generic question, as I've wondered the same for those Lycos/Yahoo sites. I'm guessing some kind of bot, although the chances of one doing so on a vBulletin seems less likely. [high]* Velocd clicks install ;)[/high] |
Quote:
Quote:
Quote:
Quote:
|
TEXT ONLY FIX
In the 'registeradult' template, find PHP Code:
PHP Code:
|
Very nice, I'll install it some other night when the clock isn't 3:20 am *yawn*
Good job. :) |
Forgive me if I'm wrong..but if the image_var is in the output source of both the image and text versions, how is the text version any less secure?
|
This wont prevent auto verification at all, all some one has to do is use fopen on the page and look for
<input type="hidden" name="autovero" value ="$image_var"> and get the value real esily, this will stop auto registration as much as not having it, also using gd every time the page is loaded will have a high load to the server, thats why im adding a cahceing option and the other options to my hack so prevent the gd causing high loads. Also there are some ways to extract this text from the image as well, you dont distort the image in any way so a bot could look through the image and compare it to others and get the text from it, the non gd support for my hack uses hash images so not even a bot can get the value from them and also alow cacheing and session limits, so if the user idles for to long it creates a new session verification value automaticly. Also I'm not trying to put down this hack, It was a great idea, Im just stating there are some major flaws in the script. |
https://vborg.vbsupport.ru/showthrea...threadid=48240
Im planning on releasing my hack tomarrow. https://vborg.vbsupport.ru/attachmen...&postid=348489 Theres the current admin options for it. |
Just a small note/warning.
Some of the more "smarter" auto register bot thingys can "read" images to see the registration code if it's in the normal Arial/Times New Roman type font, so you really should use some weird font if you really want to protect yourself. You can see sites such as AltaVista doing this. EDIT: oh, and yeah, nice hack :) |
Quote:
|
Quote:
|
Quote:
Creating one verification image from multiple others like a.jpg 4.jpg anf so on Creating one image with the text written in the center of it and the non gd: Displaying multiple images for each char that bots and users cant trace back to the actual image and get the value of it. |
Sounds great! I'm ready when you are. ;)
|
Quote:
Code:
<tr> |
Looks good. Can't wait to try it out. ;)
|
You should make your letters to change position, in different angles and also place some grids over... I know it can be done, FireFly showed me something cool like that...
If you get it to do this, OCR software cannot scan the letters and insert them automatically. :) |
Quote:
https://vborg.vbsupport.ru/attachmen...&postid=348489 If you have distort image set to yes, it distorts it with grids and other effects to its readable by the human eye but not by bots. |
Definitely goint to install this....as soon as Teck's suggestion is added in :D
|
My verify image hack is almost complete, if you run a test forums and wanna try the aplha version of the installer you can find it in this post, please read the post before hand though.
https://vborg.vbsupport.ru/showthrea...886#post349886 |
Great hack. Some script kiddys are always flooding my board(i just emtpy the user table of all waiting for e-mail group members)
this will help alot. Quote:
|
Quote:
|
All times are GMT. The time now is 10:29 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|