Miscellaneous Hacks - NoSpam! - an alternative to CAPTCHA images

This hack is for vBulletin 3.6.x. For 3.5.x, please use the one provided in this thread. If you are using 3.7.x, you must use the one in this thread.

This simple hack is meant as a replacement for the default CAPTCHA system in vBulletin. There are two main reasons one might want to do this: firstly, new technology is constantly being developed to crack CAPTCHA images and make spam accounts anyway, and secondly, the more secure the CAPTCHA, the more difficult it is for genuine users to tell what the numbers in the image are. There is also the issue of visually impaired users, and the fact that not all servers are capable of generating CAPTCHA images.

So what does this hack do instead? It asks a question. Any question you want. That's the best part: YOU make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed. You can make one or many questions - if you make many, the hack will pick one at random when a guest attempts to register, search, post or send mail through the Contact Us form. Their input is compared with your specified answer, and voil?, if they get it right they're pretty much guaranteed to be human. If they get it wrong, they're given an error message.

It doesn't have to be a complicated question. Heck, you can just make it "Please type 'blah' into this box." Or you can go with inserting a simple image with HTML and ask what is shown on the image. Or you can ask them to tell you two plus two. It's up to you. In fact, this can also be used as a means of forcing people to read the rules by asking for a certain password found there, or if your forum focuses on a specialized subject, ask a question concerning the subject that all your genuine users will be able to answer, but a random troll or "CAPTCHA-sweatshop-reader" will be scratching their head over.

It's simple to install, too: just one product to import, and that's it.


VERSION HISTORY:

3.0: Added functionality to allow users to specify which pages should use NoSpam!.
2.0: Extended the NoSpam! functionality to guest posts, guest searches and guest "Contact Us" in addition to registration.
1.1: Made template edit automatic (with thanks to Cole2026), added ability to have more than one answer to each question, and made answers case insensitive. To upgrade, I recommend undoing the template edit so you won't have to worry about it anymore (replace $nospamfield in the template register with $imagereg, or if you added $nospamfield above $imagereg, just remove $nospamfield altogether), and then reimport the product through the Admin CP (making sure that Allow Overwrite is set to On).
1.0: Initial release.


INSTALLATION:

Please download NoSpam!.zip, not product-nospam.xml, for the tested version. product.nospam.xml is NoSpam! 4.0 adapted blindly to 3.6, i.e. by editing the XML file for the 3.7 version without actually testing it on a 3.6 board. Theoretically it should work, but I cannot guarantee it at this time. If you download NoSpam!.zip and unzip it, it will contain another file called product.nospam.xml, which you should use.

1. Import product-nospam.xml through the Admin CP product manager.
2. Go to your vBulletin options in the Admin CP and select NoSpam! Settings. Once there, turn the system on and input your questions and answers according to the instructions there.

The system should now be functional and running.


UNINSTALLATION:

Just uninstall the product through the Admin CP.


SUPPORT:

Full support will be given here in this thread. All suggestions are welcome.

Thank you and please click "Mark as Installed" if you like it.


If NoSpam! is not working for you or you are looking for something a little different, you might want to check out Advanced Textual Confirmation.

[Maxman1544]

This has been a life saver. Haven't had to delete one new user since this was installed. The spammers were out of control!

Thank You!!!

[Hardcoreweather]

Those March 28th 1983 accounts can now be a thing of the past . Thanks

[antialiasis]

Quote:

Originally Posted by Sore Eyes

Hi Antialiasis,

are you still thinking of adding support for the silly question in the search and the 'contact us' functions of vB?

Or is there anyone else who applied the hack there and can help me?

Thx a lot

Hmm, I've got a lot to do these days, but yes, I was working on that and was in fact very close to finishing it - I got it working perfectly on the Contact Us form and for guest posts, but the search was being annoying. I should start messing around with it again in my Christmas break.

[Smoothie]

How about adding a feature where a guest has x number of attempts to answer the question(s) and if it can't be answered within that limit it locks them out of the registration for x number of minutes. Now that would be awesome.

[antialiasis]

Well, such a thing would always be easy to bypass unless one went into some major IP-checking - you can lock people out of logging in because you can block logins for the account, but for registrations, there is no foolproof way of knowing whether two registration attempts are being performed by the same user; you can of course plant a cookie, but few things are easier than deleting cookies, and then all that would be left would be using some sort of careful tracking of the IPs of registration attempts, which I think would just be a major headache to code for very little benefit - especially if you have multiple questions, a script that attempts random letter combinations in hopes of getting the right answer by chance would just take way too long for such an awfully small benefit - spam registration at one forum - that they wouldn't bother making such a script and instead just let the bot turn to some other victim that doesn't have this hack installed. In the spam industry it's all about posting as many advertisements in as little time as possible in as cheap a way as possible. Making things very difficult for them, as this hack does, will simply mean they will turn somewhere else; they have absolutely no motivation to attack your forum rather than that neighbour forum that's much easier to attack, and as such they're going to attack the other one because it takes less time and thus maximizes the profits per day.

For short, I think your board is quite safe from spam even if the bots get an infinite number of attempts.

[GTAce]

I just wanted to say, this is a brilliant idea for a mod. I used to not have much of a problem with spambots, but the last few months have been horrible...We'd average 1-3 spambots per day and sometimes as many as 5 or more. I hadn't installed any extra protection because from everything I had read, the spambots were even finding ways around these mods...but I've been following your mod here and it looked to be pretty foolproof, and so far, it is. I've been running it for a few days now and haven't had a single spambot register..Without this mod, I probably would have had 10 spambots if not more since then.

Great work and let's hope I'm not speaking too soon

[Skatiechik]

Has anyone got this to install on 3.5.2? I haven't tried, but one of the adminstrators has, and followed the template change, but still gets lots of errors apparently.

[dartho]

Haha! Die you spamming Rusky!

Still no spammers since installation

@SkatieChick - I have this running under 3.5.4 which I would imagine to be minimally different to 3.5.2
Install the XML from this post: https://vborg.vbsupport.ru/showpost....6&postcount=36
and then in the Register template, search for the line:

PHP Code:

<if condition="$show['regimagecheck']"> 


and add

PHP Code:

$nospamfield 


immediately above it

Perhaps AntiAlais can add this to the install instructions?

[antialiasis]

Version 2.0 at last! The NoSpam! functionality has been added to guest searches, guest posts and guest "Contact Us" as well as the original registration. To upgrade, just download the new zip file and import the new product through the Admin CP with Allow Overwrite set to On.

An "official" 3.5.x version is coming as well as soon as I've gotten 3.5 to install on my test board and can mess with making the template edits automatic.

[PoetJA-1975]

Quote:

Originally Posted by antialiasis

Version 2.0 at last! The NoSpam! functionality has been added to guest searches, guest posts and guest "Contact Us" as well as the original registration. To upgrade, just download the new zip file and import the new product through the Admin CP with Allow Overwrite set to On.

An "official" 3.5.x version is coming as well as soon as I've gotten 3.5 to install on my test board and can mess with making the template edits automatic.

AWESOME! Anyway that you can get this to work on the Quick Register form as well?

Thanx - especially for the 3.5 version

Excellent mod!

Jacquii.