Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!!

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

[Skyrider]

Sooo.. How do I add my own images and questions? I don't see any options for it.

[Baldeadly]

Mod of the Month!!

[TAIFUN_T]

Installed hack... Thx

[steadicamop]

Quote:

Originally Posted by FF|Skyrider

Sooo.. How do I add my own images and questions? I don't see any options for it.

Just add you own images, as far as I can remember, the stock ones are avatars, mainly as they're all the same size. You will need to make sure the file name reflects what the image actually shows (ie A Tree.jpg - this will result in the image being called A Tree). The script dynamically picks up any images in the directory and doesn't require any options to be enabled.

Thanks,

Jason

[steadicamop]

Quote:

Originally Posted by Biker_GA

You can prevent known proxies from signing up by listing them in the banned list in vBulletin or by listing them in .htaccess (my preferred method). This will pretty much stop the majority of proxy signups, but not all.

Thanks for bringing this to my attention, I will see if I can create an extra option to prevent proxies reading the images

[KarlPurk]

Actually, the way they're getting through is by specifying the POST variables for the user agreement, and the registration form pops-up, bypassing the CAPTCHA completely. As the bots access that page, this is absolutely useless unless you check for the session variables once they've clicked the register button.

[speedracer68]

Is there any way for me to do this? They get passed this and one I have installed that asks a question.

[Biker_GA]

Everything that you toss up in front of the registration process won't prevent a human spammer from registering.

[PattiOz]

This is in the 3.8 forum so can I assume it works with 3.8 eventhough is says 3.6 in the intro?

[Biker_GA]

Using it on 3.8.2.