Contact Us Visual Authentication - prevent Spam Bots from sending messages!
 

Title : Contact Us Visual Authentication

Version : 1.0

Coder : Andy Calderbank & Jason Williams

Purpose : Make your Contact Us page more secure using an image based verification system.

Why : From my other hack it was requested to make this for the Contact Us page - and this is the same hack to secure the Contact Us page from Spam Bots sending messages.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Installation :

Please note - if you already have my other hack installed you do not need to upload the images - just go to step 2.

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - if you have problems with the .htaccess file, this isn't vital and will work without.
2. Import Product - product-secure_contact_us.xml

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release

Done - if you like please click install!

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Reserved .... I'm only human!!

Thanks, i've been getting a lot of these e-mails in my admin webmail.

Isn't this already a default feature in 3.6.4?

Cool have been looking for something like this ;) to stop them spam emails. If it is a default feature in 3.6.4 where is it?

Finally! An answer to all the viagra, movies, porn, etc 'contact us' emails I get... must be at least 50 a day for me... now if I could just ban all the IP addresses as well so they don't register.... even with email verification and image verification they still manage it and we get about 4 or more of those a day. I finally had to put all registrations on moderated until admin approves. ugh.
clicks install (as soon as my backup finishes downloading....)

vBulletin Options > Site Name / URL / Contact Details > Allow Unregistered Users to use 'Contact Us'

You can set it to Yes, No, or Yes, but Verify Image

But as has been proved with the registration, bots can easily bypass the Captcha system - and I thought it might be handy to port this idea over to the Contact Us page.

This is really good if the Captcha system is not working well on your forum, but for most it does do a pretty good job already. Thanks for doing it for the contact page none the less.

I did this based on one request, and after looking into it, thought it was worthwhile - it was a fairly simple change to make this compatible with the Contact Us page, so this is why I have released this - I don't doubt that enabling the Captcha system does prevent/slow down Bots, but this is just an extra line of defence.