Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Enhanced Captcha Image Verification - stop bots from signing up!! Details »»
Enhanced Captcha Image Verification - stop bots from signing up!!
Version: 1.11, by steadicamop steadicamop is offline
Developer Last Online: Dec 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.8 Rating:
Released: 11-25-2006 Last Update: 11-26-2006 Installs: 874
Uses Plugins Template Edits
Additional Files  
No support by the author.

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose
: Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :
  1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
  2. Import Product - product-image_verification.xml

Upgrading :
  1. Upload show.php to the images/verification/ directory.
  2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Download Now

File Type: zip Enhanced Captcha Image Verification.zip (116.4 KB, 5787 views)

Screenshots

File Type: jpg imageverification1.jpg (36.6 KB, 0 views)
File Type: jpg imageverification2.jpg (24.5 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #72  
Old 12-01-2006, 06:33 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The most obvious problem is with the structure - if you check the thread above it shows how to check and correct if it's not right - if all else fails I can check your forum and see if I can figure it out from that.

The only real reasons for the images not showing are GD libraries aren't installed and the /verification directory isn't in the correct place.

Let me know and we can go from there.

Cheers

Jason
Reply With Quote
  #73  
Old 12-01-2006, 08:09 PM
soniceffect's Avatar
soniceffect soniceffect is offline
 
Join Date: Feb 2005
Location: UK
Posts: 453
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ok ... the reason for the 2 different images not showing on here .. (ie the one with red x and one just with writing) is by the looks of it depenedant on whether firefox or explorer is used ..... explorer shows the crosses, and firefox doesnt..

Anyways, checked the gd in the php.ini and is same as your example .... also right clicked on red cross and clicked properties, and it does show the correct path to show.php so guessing it has to be something there... Is a windows server dunno if that makes a difference.... Any other ideas?
Reply With Quote
  #74  
Old 12-02-2006, 03:02 AM
Jeordie015 Jeordie015 is offline
 
Join Date: Nov 2002
Location: Illinois, USA
Posts: 125
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I was using vB 3.6.0 and it worked fine. I just upgraded to 3.6.4 and it doesn't work. It just goes to the rules page when you click Register.
Reply With Quote
  #75  
Old 12-02-2006, 06:34 AM
SportsZone's Avatar
SportsZone SportsZone is offline
 
Join Date: Aug 2006
Posts: 86
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jeordie015
I just upgraded to 3.6.4 and it doesn't work. It just goes to the rules page when you click Register.
Same here. I got the images once, but now they don't reappear. I cleared my cookies and it worked again.

edit

to get around the image verification page, all you have to do is go to register, click back when on the image verification page, then then go to re-register, and you don't get the verification page again :/
Reply With Quote
  #76  
Old 12-02-2006, 09:20 AM
PamelaE PamelaE is offline
 
Join Date: Feb 2005
Posts: 158
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by steadicamop View Post
All I will say is give it a try - you've nothing to lose by trying. So far I have had NO spam bots sign up on my forum, I'm very tempted to disable it to see how many I get in 24 hours, then enable it and see how many more I get in a further 24 hours.

I don't see how a peice of software can read what an image is - yes it can understand text but how would it know that it's a picture of an aeroplane, or a car, or a person, or a banana .....
Thanks steadicamop,

I implemented this solution and did not receive any spam until today. so that was about 4 or 5 days without spam when we were getting loads. So it did work but now they are getting through again.

How is that possible ? Im no techie but these people who make these bots need to get decent jobs because they must be a rather intelligent bunch.
Reply With Quote
  #77  
Old 12-02-2006, 09:22 AM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is likely they are just getting lucky with "clicks" they are finding the right combination, plus they may also know about this thread and have combatted how it works - I'm going to try and get on to the strike system to see if it's possible to make it more secure.

I'm PM'ing people with problems to try and help solve these issues.

Cheers

Jason
Reply With Quote
  #78  
Old 12-02-2006, 11:39 AM
PamelaE PamelaE is offline
 
Join Date: Feb 2005
Posts: 158
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks.

Im wondering if making the number of images displayed change an extra layer of security or perhaps it makes no difference to how the bots work. So like sometimes its 5 images.

But regardless of the fact they have made it through now , it has 100% cut down on the number we were getting and the latest was not porn.
Reply With Quote
  #79  
Old 12-02-2006, 02:17 PM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you'd like to use more than 5 I can knock up a quick hack to change this - it's something I'm working into version 2 as well, an option to select how many images you can show.
Reply With Quote
  #80  
Old 12-04-2006, 04:08 PM
aceofspades's Avatar
aceofspades aceofspades is offline
 
Join Date: Apr 2006
Posts: 306
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Guys don't you see, the bots arnt guessing the right image, its humans signing up and then passing the details onto the computer bots who do all the posting work.

There is nothing you can do about that other than delete their posts.
Reply With Quote
  #81  
Old 12-06-2006, 01:57 AM
Simetrical Simetrical is offline
 
Join Date: Nov 2006
Location: New York City
Posts: 28
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is no defense against anything programmed to defeat it. All it would have to do is keep on clicking image #1 until it happened to be right. So basically this only works for things that aren't programmed to defeat it, and given that, you may as well just add an extra clickthrough page to confuse the bot just as effectively but with less inconvenience to human registrants and web admins alike.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:45 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05631 seconds
  • Memory Usage 2,346KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete