Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!!

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

[footose]

I have the same problem no images showing up.

http://www.generationdub.com/images.jpg

I know for a fact GD works
I set the PHP to execute

And also the header doesn't show up at the top when the image verification is on screen.

gd
GD Support enabled
GD Version bundled (2.0.28 compatible)
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled

[steadicamop]

Right click on one of the crosses and click Properties - check that it shows in the right directory (ie forumroot/images/vertification).

If it still isn't working I will check further into this.

[steadicamop]

Quote:

Originally Posted by cavyspirit

Based on your research, what's your opinion of this hack: https://vborg.vbsupport.ru/showthread.php?t=124828 which asks an admin-defined, forum-specific random question? Which way is better to go. Can/should we install both?

I can't comment on this hack as I haven't installed or tested it - although I feel that a text based version could be defeated - this is why I created this one, using images that only real people can interpret.

There's definately no harm in having both - but I would advise caution - if you have too many verification systems people may not register for the lengthy process .... ? Just my opinion though.

[PamelaE]

Does this actually work ? Can someone suffering from these spambots recommend it ?

My forum is getting it ten fold, its not a matter of being just pain as some have stated, they are posting porn pics every 10 minutes on my forums.

Its getting to the point where the forums will have to shut down because its high profile and highly embaressing.

Speaking to people at Digitalspy.co.uk they don't seem to suffer from is using older version of Vbulletin and it never seems to happen on UBB.

Anyway I hope this solution works, its pain that users have an extra layer during the registration process.

Plus I wonder how accessible image verification is. I'm not sure what the laws are in the US but in the UK sites have to meet accessability criteria.

thanks

[footose]

When I right click on it I get the following.

http://forums.generationdub.com/imag...ion/show.php?1

I'm assuming the "="'s sign is missing?

[steadicamop]

It's something I'm working on currently - it would appear it's not a GD issue - mine is installed correctly and working - I'm looking into why and a solution and will post an update if necessary.

[steadicamop]

Quote:

Originally Posted by footose

When I right click on it I get the following.

http://forums.generationdub.com/imag...ion/show.php?1

I'm assuming the "="'s sign is missing?

Issue fixed - it would appear windows servers didn't like the existing code - this has been changed and now works 100%, just re-upload show.php to the images/verification directory - make sure you overwrite the old file.

The package now contains this updated file.

Jason

[steadicamop]

Quote:

Originally Posted by PamelaE

Does this actually work ? Can someone suffering from these spambots recommend it ?

My forum is getting it ten fold, its not a matter of being just pain as some have stated, they are posting porn pics every 10 minutes on my forums.

Its getting to the point where the forums will have to shut down because its high profile and highly embaressing.

Speaking to people at Digitalspy.co.uk they don't seem to suffer from is using older version of Vbulletin and it never seems to happen on UBB.

Anyway I hope this solution works, its pain that users have an extra layer during the registration process.

Plus I wonder how accessible image verification is. I'm not sure what the laws are in the US but in the UK sites have to meet accessability criteria.

thanks

All I will say is give it a try - you've nothing to lose by trying. So far I have had NO spam bots sign up on my forum, I'm very tempted to disable it to see how many I get in 24 hours, then enable it and see how many more I get in a further 24 hours.

I don't see how a peice of software can read what an image is - yes it can understand text but how would it know that it's a picture of an aeroplane, or a car, or a person, or a banana .....

[bongwater]

hey, just giving everybody a headz up. This hack works. I run a relatively large forum (60-80 new signups a day) but in the past 2 weeks I've been getting 120 signups daily. Thought it was a good thing but it was actually bad. I noticed the spamming for vioxx, viagra, and some webcam & porn sites on my site. Noticed the signups were all born March 28, 1983, and so I found a pattern, it was all bogus. Searched and installed this hack (im running 3.6.0) only one day now, and no spam-bots cracked through the image verification hack. It's still too early to tell , but I am pleased. Best hack i recently installed . Good job (clicked installed yesterday)

bongwater

[beishe8]

Quote:

...make sure .htaccess and show.php are present - otherwise it won't work.

Sad... I cannot upload .htaccess (The dot is the problem with my host)