Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!!

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

[steadicamop]

Quote:

Originally Posted by SuprSurfr

Any chance on getting this working with 3.6.6?

Have you tried installing it - I'm still on 3.6.2 so will be upgrading soon, I will fix any compatibility problems as soon as I do.

[Ian Montgomerie]

Unfortunately, if this hack comes into common use then spambots will just defeat it by repeatedly trying to register and picking random images. Use 8 images and on average they'll succeed in about 4 tries. Captcha is immune to a simple "brute force" attack because there are too many combinations of words and letters that it can generate.

Right now this hack works because of security through obscurity - no spambots have been coded to deal with it.

[extreme-mobile]

i dont get any images showing just the words vbsecurereg or somethig any idea?

[Jeff Bade]

Reloaded everything and it is working now.

One problem I have is that the Name of the image it is asking for is not one of the 4 images.

I expanded it to 6 images and still no go.
I expanded it to 12 and most of the time the image is there.
But not all the time.

Anyone ever see that before?

Also the Red X images are there.
I think it is any non-image file in that directory which is causing this.
one time I was asked for the picture of index.
Which since I have index.html instead of .htaccess that makes sense.

[FatalBreeze]

My forum is based on Hebrew and not on English. I've seen in your code that the $question variable, is the one that stores the image to click and he gets its value by substr - by the image name. My question is, if i translate all the names of the images to hebrew, will it work?

EDIT:
I installed your hack, and it didn't work when i translated the titles of the pictures.
The result is that it displayed the 4 pictures, however it didn't say which picture to click as if the $question variable is empty.

[FatalBreeze]

you think i can fix it with two arrays: one in Engish and one in Hebrew, and work with preg_replace($english_array,$hebrew_array,$questio n); ?

[steadicamop]

Quote:

Originally Posted by Jeff Bade

Reloaded everything and it is working now.

One problem I have is that the Name of the image it is asking for is not one of the 4 images.

I expanded it to 6 images and still no go.
I expanded it to 12 and most of the time the image is there.
But not all the time.

Anyone ever see that before?

Also the Red X images are there.
I think it is any non-image file in that directory which is causing this.
one time I was asked for the picture of index.
Which since I have index.html instead of .htaccess that makes sense.

Sounds a little strange - I know other people are having issues with one or two images loading - I am looking into this and will do any necessary changes but I suspect it's a server thing - but will do testing to find this out.

If you have any other files than .htaccess, thumbs.db/Thumbs.db then they will show up, as those files are excluded - it is possible to exclude index.html by adding this in the show.php file:

PHP Code:

if ($entry != '.' && $entry != '..' && $entry != 'show.php' && $entry != '.htaccess' && $entry != 'Thumbs.db') 


If you want to add index.html to that change it to:

PHP Code:

if ($entry != '.' && $entry != '..' && $entry != 'show.php' && $entry != '.htaccess' && $entry != 'Thumbs.db' && $entry != 'index.html') 


For any other files just add

PHP Code:

&& $entry != 'whateverfilename.ext' 


to the end of the line before the closing bracket ")".

HTH

Jason

[steadicamop]

Quote:

Originally Posted by FatalBreeze

you think i can fix it with two arrays: one in Engish and one in Hebrew, and work with preg_replace($english_array,$hebrew_array,$questio n); ?

Give it a try - I'm not too clued up with preg_replace, but it can't hurt , if you have problems, let me know and I'll see what I can sort.

Cheers

Jason

[MissKalunji]

is there a way to add this to sendmessage.php?

[Dragons76]

I'm on VB 3.6.7

I have installed this hack, but i want to register, i have this message :

PHP Code:

Warning: dir() [function.dir]: Unable to access lesavoir/images/verification/ in /register.php(202) : eval()'d code on line 6
 
Warning: dir(lesavoir/images/verification/) [function.dir]: failed to open dir: No such file or directory in /register.php(202) : eval()'d code on line 6
 
Fatal error: Call to a member function read() on a non-object in /home/evox/lesavoir/httpdocs/lesavoir/register.php(202) : eval()'d code on line 7 


I have made the modif who is posted here : https://vborg.vbsupport.ru/showpost....&postcount=109

Any body can help me ?