The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Enhanced Captcha Image Verification - stop bots from signing up!! Details »» | |||||||||||||||||||||||||||||||||
Enhanced Captcha Image Verification - stop bots from signing up!!
Developer Last Online: Dec 2014
Title : Enhanced Captcha Image Verification
Version : 1.1 Coder : Andy Calderbank & Jason Williams Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system. Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process. How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown. To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone. I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image. Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0. Demo : http://www.steadiforum.com/register.php I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts. Installation :
Upgrading :
Requirements : GD Libraries installed File uploads : 39 (including images) Files to Import : 1 New Templates : 1 New Phrases : 5 Uses Hooks : 1 New Queries : 0 History : v1.0 - Original release v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one) v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance v1.11 - Added version check function, minor upgrade. Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!) Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise. Download Now
Screenshots
Show Your Support
|
Comments |
#72
|
||||
|
||||
The most obvious problem is with the structure - if you check the thread above it shows how to check and correct if it's not right - if all else fails I can check your forum and see if I can figure it out from that.
The only real reasons for the images not showing are GD libraries aren't installed and the /verification directory isn't in the correct place. Let me know and we can go from there. Cheers Jason |
#73
|
||||
|
||||
ok ... the reason for the 2 different images not showing on here .. (ie the one with red x and one just with writing) is by the looks of it depenedant on whether firefox or explorer is used ..... explorer shows the crosses, and firefox doesnt..
Anyways, checked the gd in the php.ini and is same as your example .... also right clicked on red cross and clicked properties, and it does show the correct path to show.php so guessing it has to be something there... Is a windows server dunno if that makes a difference.... Any other ideas? |
#74
|
|||
|
|||
I was using vB 3.6.0 and it worked fine. I just upgraded to 3.6.4 and it doesn't work. It just goes to the rules page when you click Register.
|
#75
|
||||
|
||||
Quote:
edit to get around the image verification page, all you have to do is go to register, click back when on the image verification page, then then go to re-register, and you don't get the verification page again :/ |
#76
|
|||
|
|||
Quote:
I implemented this solution and did not receive any spam until today. so that was about 4 or 5 days without spam when we were getting loads. So it did work but now they are getting through again. How is that possible ? Im no techie but these people who make these bots need to get decent jobs because they must be a rather intelligent bunch. |
#77
|
||||
|
||||
It is likely they are just getting lucky with "clicks" they are finding the right combination, plus they may also know about this thread and have combatted how it works - I'm going to try and get on to the strike system to see if it's possible to make it more secure.
I'm PM'ing people with problems to try and help solve these issues. Cheers Jason |
#78
|
|||
|
|||
Thanks.
Im wondering if making the number of images displayed change an extra layer of security or perhaps it makes no difference to how the bots work. So like sometimes its 5 images. But regardless of the fact they have made it through now , it has 100% cut down on the number we were getting and the latest was not porn. |
#79
|
||||
|
||||
If you'd like to use more than 5 I can knock up a quick hack to change this - it's something I'm working into version 2 as well, an option to select how many images you can show.
|
#80
|
||||
|
||||
Guys don't you see, the bots arnt guessing the right image, its humans signing up and then passing the details onto the computer bots who do all the posting work.
There is nothing you can do about that other than delete their posts. |
#81
|
|||
|
|||
This is no defense against anything programmed to defeat it. All it would have to do is keep on clicking image #1 until it happened to be right. So basically this only works for things that aren't programmed to defeat it, and given that, you may as well just add an extra clickthrough page to confuse the bot just as effectively but with less inconvenience to human registrants and web admins alike.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|