Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!!

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

[maxignition]

Looks good, I'll reserve in case I need it.

[LieuR]

You cant disable this plugin ? Or i have to remove it if i want to disable it ?

[Dreamgun]

Been using this for months without bot issues, 10+/- registrations a day. The script works, but it's generating errors somewhere and placing them into an error_log file on my host's server.

Code:

PHP Warning:  imagejpeg(): supplied argument is not a valid Image resource in /home/username/public_html/forums/images/verification/show.php on line 23

PHP Warning:  imagedestroy(): supplied argument is not a valid Image resource in /home/username/public_html/forums/images/verification/show.php on line 24

PHP Warning:  imagecreatefromjpeg() [<a href='function.imagecreatefromjpeg'>function.imagecreatefromjpeg</a>]: gd-jpeg: JPEG library reports unrecoverable error:  in /home/username/public_html/forums/images/verification/show.php on line 21

PHP Warning:  imagecreatefromjpeg() [<a href='function.imagecreatefromjpeg'>function.imagecreatefromjpeg</a>]: 'error_log' is not a valid JPEG file in /home/username/public_html/forums/images/verification/show.php on line 21

PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/username/public_html/forums/images/verification/show.php:21) in /home/username/public_html/forums/images/verification/show.php on line 22

There are some, any idea? Is it possible it's bots generating these?

[-=Leb=-]

gj on this great plugin

[k1klass]

3.8.3 and get internal server error when clicking register button, disable and runs normal

[Itchy Nips]

i installed this today, disabled one of my other mods that cross references IP's and usersnames with a known db of spammers. I got two spammers registered on my forum, today. I had the other mod installed for over about a month and I didnt get a single spammer.

I have checked and verified that this mod IS working but spammers are still making it thru.

any ideas?

[RrCoX22]

how do you go about editing in a picture that I would like to be used for every question/registration?

[hyperspin]

This mod doesn't appear to be working on my site now... When the correct image is clicked on it says that the image clicked was incorrect.

We just recently upgraded our webserver and moved the site, but I don't see anything that would be causing this to be happening.

We did just upgrade to 3.8.4, but I read above that it was working on 3.8.4.

[hyperspin]

Any ideas as to what needs to be updated on this mod to get it to work with 3.8.4? Since this mod broke our forum has been getting nailed by spammers and with this mod it kept out a BIG majority of the spammers.

This appears to be some kind of session problem that's happening on 3.8.4

[KubisForce]

I would also love to see this with vb 3.8.4.

Does it work with 3.8.1?