Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Enhanced Captcha Image Verification - stop bots from signing up!! Details »»
Enhanced Captcha Image Verification - stop bots from signing up!!
Version: 1.11, by steadicamop steadicamop is offline
Developer Last Online: Dec 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.8 Rating:
Released: 11-25-2006 Last Update: 11-26-2006 Installs: 874
Uses Plugins Template Edits
Additional Files  
No support by the author.

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose
: Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :
  1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
  2. Import Product - product-image_verification.xml

Upgrading :
  1. Upload show.php to the images/verification/ directory.
  2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Download Now

File Type: zip Enhanced Captcha Image Verification.zip (116.4 KB, 5787 views)

Screenshots

File Type: jpg imageverification1.jpg (36.6 KB, 0 views)
File Type: jpg imageverification2.jpg (24.5 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #202  
Old 09-15-2007, 01:16 PM
yoyoyoyo's Avatar
yoyoyoyo yoyoyoyo is offline
 
Join Date: Dec 2004
Location: USA
Posts: 1,612
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am using 3.6.8, and just now installed this, and am getting these errors:

Quote:
Warning: session_start() [function.session-start]: open(/var/sessions/sess_576412532ddd0f178c3d3f7b7934d7a0, O_RDWR) failed: No such file or directory (2) in /register.php(202) : eval()'d code on line 1

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/mysite/public_html/forum/includes/class_core.php:3117) in /register.php(202) : eval()'d code on line 1

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/mysite/public_html/forum/includes/class_core.php:3117) in /register.php(202) : eval()'d code on line 1
Reply With Quote
  #203  
Old 09-15-2007, 02:16 PM
smoknz28's Avatar
smoknz28 smoknz28 is offline
 
Join Date: Sep 2005
Location: SoCal
Posts: 257
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Steadicamop, great hack! I appreciate the fact that coders, like yourself, share your countless hours of coding....so Thank You!!

Next, I want to commend you on a hack that I believe is a much better approach then the standard code in place by vb. I recently installed your hack on vb 3.6.8 with only one issue. I didn't catch on to the fact that you had subdirectories to get to the verification images. I would only recommend that you not have so many sub dirs to get to the images. I had initially uploaded the directory with all the sub dirs for the images and got errors upon trying out the hack from registration. Yes your installation instructions were on track, but many of us knuckle-heads, like myself, don't do so well with reading. We get so damn anxious to get the hacks installed that we don't pay close enough attention at times to instructions. Definitely our fault...but I think you can save yourself some heartache from us knuckle-heads asking you questions on the images or it not working due to the above.

Again, great hack and I'm loving it brother!

I also posted about your hack in the vbulletin.com forums: http://www.vbulletin.com/forum/showt...33#post1420833

Thank you to all you coders for sharing your countless hours of code!

Oh, and I did install this on a heavily moded version of vb 3.6.8 and is working great.

Thanks Steadicamop.
Reply With Quote
  #204  
Old 09-27-2007, 02:07 PM
stryderunknown stryderunknown is offline
 
Join Date: Jul 2005
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I haven't installed the addon, however that's because I'm in the process of look at writing one myself. However I do see a slight flaw in how your addon works (without getting into the reverse engineering of how it works).

The problem is 'finite possibilities', if a Bot were to choose to click(well... emulate a click) the first image every time eventually it would get the right image because of the randomisation process.

It could be beneficial to log the number of attempts (I'd guess in the db session table) and perhaps blacklist those that reach a certain threshold. Some might suggest generating random numbers for your show.php?# , however again a bot would be able to read it.

One way would to be add the addition of say 4-binary digits via the GD library to the bottom of each image, the user can then be asked to type the binary reference as well as click an image. (And the reference doesn't have to be from the same image as they click).

This increases the complexity and lessens the chances that both will fall on the first image (in fact you could alter the randomisation method to not allow them to fall on the same image)

I would hack that version myself, however I've got another one up my sleeve

Other than that keep up the good work (as well as all those that aid people coding/designing)
Reply With Quote
  #205  
Old 09-28-2007, 06:40 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by yoyoyoyo View Post
better yet, simply change it to
PHP Code:
$vboptions[bburl]/images/verification/show.php 
BTW -where are the settings in the ACP for this hack?
I did a LOT of testing with the [bburl] option but it doesn't work correctly - unless I was using it the wrong way, but I could never find a way of pulling the forum url out correctly from the vboptions system - if this is incorrect I will look at changing it, but this is why it is still hardcoded.

There aren't any options in the AdminCP for this, I haven't been able to proceed with the Flash version so may look into an update with an option for how many images to use and enable/disable, just something simple.

HTH

Jason
Reply With Quote
  #206  
Old 09-28-2007, 06:42 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by smoknz28 View Post
Steadicamop, great hack! I appreciate the fact that coders, like yourself, share your countless hours of coding....so Thank You!!

Next, I want to commend you on a hack that I believe is a much better approach then the standard code in place by vb. I recently installed your hack on vb 3.6.8 with only one issue. I didn't catch on to the fact that you had subdirectories to get to the verification images. I would only recommend that you not have so many sub dirs to get to the images. I had initially uploaded the directory with all the sub dirs for the images and got errors upon trying out the hack from registration. Yes your installation instructions were on track, but many of us knuckle-heads, like myself, don't do so well with reading. We get so damn anxious to get the hacks installed that we don't pay close enough attention at times to instructions. Definitely our fault...but I think you can save yourself some heartache from us knuckle-heads asking you questions on the images or it not working due to the above.

Again, great hack and I'm loving it brother!

I also posted about your hack in the vbulletin.com forums: http://www.vbulletin.com/forum/showt...33#post1420833

Thank you to all you coders for sharing your countless hours of code!

Oh, and I did install this on a heavily moded version of vb 3.6.8 and is working great.

Thanks Steadicamop.
Thanks for your kind words - I was just sick of Spam sign ups, so with my limited PHP knowldedge my bro in law and I sat down to code this - it is fairly simple too, but seems to be very useful to other members.

I'm looking into an update in the not too distant future, some extra features.

Thanks again,

Jason
Reply With Quote
  #207  
Old 09-28-2007, 06:45 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by stryderunknown View Post
I haven't installed the addon, however that's because I'm in the process of look at writing one myself. However I do see a slight flaw in how your addon works (without getting into the reverse engineering of how it works).

The problem is 'finite possibilities', if a Bot were to choose to click(well... emulate a click) the first image every time eventually it would get the right image because of the randomisation process.

It could be beneficial to log the number of attempts (I'd guess in the db session table) and perhaps blacklist those that reach a certain threshold. Some might suggest generating random numbers for your show.php?# , however again a bot would be able to read it.

One way would to be add the addition of say 4-binary digits via the GD library to the bottom of each image, the user can then be asked to type the binary reference as well as click an image. (And the reference doesn't have to be from the same image as they click).

This increases the complexity and lessens the chances that both will fall on the first image (in fact you could alter the randomisation method to not allow them to fall on the same image)

I would hack that version myself, however I've got another one up my sleeve

Other than that keep up the good work (as well as all those that aid people coding/designing)
I don't want to step on your toes with this one if you have something in mind, but the digits on the image sounds like a neat idea - it is something that should be fairly easily added, would it be ok with you if I looking into adding this idea into this product - and of course with full credit to yourself.
Reply With Quote
  #208  
Old 09-29-2007, 04:35 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can we confirm this is definately working on 3.6.8? I will change the version on the page to reflect that it's compatible ... I'm still lagging behind on 3.6.2
Reply With Quote
  #209  
Old 09-30-2007, 05:27 PM
Mystery Man Mystery Man is offline
 
Join Date: Sep 2002
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

works flawlessly on 3.6.8
tested with both firefox and ie
marked as installed
thx hopefully this will kill the bot activity
Reply With Quote
  #210  
Old 09-30-2007, 05:33 PM
Alibass's Avatar
Alibass Alibass is offline
 
Join Date: Mar 2007
Posts: 615
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am running this hack on 3.6.8 and your other hack for Contact Us also. Both are working flawlessly. I have both set to display 6 images.

Regards
Reply With Quote
  #211  
Old 10-01-2007, 04:57 AM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've updated to reflect that it's compatible - which I'm very glad about for when I upgrade!

I have another idea in the mix at the moment for making it even more secure - it's based on an idea from this thread.

There may be a new version in the next few weeks....

Jason
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:02 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06244 seconds
  • Memory Usage 2,364KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete