Miscellaneous Hacks - NoSpam! - an alternative to CAPTCHA images

This hack is for vBulletin 3.6.x. For 3.5.x, please use the one provided in this thread. If you are using 3.7.x, you must use the one in this thread.

This simple hack is meant as a replacement for the default CAPTCHA system in vBulletin. There are two main reasons one might want to do this: firstly, new technology is constantly being developed to crack CAPTCHA images and make spam accounts anyway, and secondly, the more secure the CAPTCHA, the more difficult it is for genuine users to tell what the numbers in the image are. There is also the issue of visually impaired users, and the fact that not all servers are capable of generating CAPTCHA images.

So what does this hack do instead? It asks a question. Any question you want. That's the best part: YOU make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed. You can make one or many questions - if you make many, the hack will pick one at random when a guest attempts to register, search, post or send mail through the Contact Us form. Their input is compared with your specified answer, and voil?, if they get it right they're pretty much guaranteed to be human. If they get it wrong, they're given an error message.

It doesn't have to be a complicated question. Heck, you can just make it "Please type 'blah' into this box." Or you can go with inserting a simple image with HTML and ask what is shown on the image. Or you can ask them to tell you two plus two. It's up to you. In fact, this can also be used as a means of forcing people to read the rules by asking for a certain password found there, or if your forum focuses on a specialized subject, ask a question concerning the subject that all your genuine users will be able to answer, but a random troll or "CAPTCHA-sweatshop-reader" will be scratching their head over.

It's simple to install, too: just one product to import, and that's it.


VERSION HISTORY:

3.0: Added functionality to allow users to specify which pages should use NoSpam!.
2.0: Extended the NoSpam! functionality to guest posts, guest searches and guest "Contact Us" in addition to registration.
1.1: Made template edit automatic (with thanks to Cole2026), added ability to have more than one answer to each question, and made answers case insensitive. To upgrade, I recommend undoing the template edit so you won't have to worry about it anymore (replace $nospamfield in the template register with $imagereg, or if you added $nospamfield above $imagereg, just remove $nospamfield altogether), and then reimport the product through the Admin CP (making sure that Allow Overwrite is set to On).
1.0: Initial release.


INSTALLATION:

Please download NoSpam!.zip, not product-nospam.xml, for the tested version. product.nospam.xml is NoSpam! 4.0 adapted blindly to 3.6, i.e. by editing the XML file for the 3.7 version without actually testing it on a 3.6 board. Theoretically it should work, but I cannot guarantee it at this time. If you download NoSpam!.zip and unzip it, it will contain another file called product.nospam.xml, which you should use.

1. Import product-nospam.xml through the Admin CP product manager.
2. Go to your vBulletin options in the Admin CP and select NoSpam! Settings. Once there, turn the system on and input your questions and answers according to the instructions there.

The system should now be functional and running.


UNINSTALLATION:

Just uninstall the product through the Admin CP.


SUPPORT:

Full support will be given here in this thread. All suggestions are welcome.

Thank you and please click "Mark as Installed" if you like it.


If NoSpam! is not working for you or you are looking for something a little different, you might want to check out Advanced Textual Confirmation.

[class101]

Quote:

Originally Posted by sapper6fd

I've been using this hack now for a while and I must say this is by far one of, if not the best hack I've ever installed.

Prior to using it, I was getting anywhere from 10 - 30 spam bots registering on my forum a day, and around 15 or so spam posts per day. After installing this hack its been reduced to around 1 spam post per day, some times none.

At first the results were minimul (My recomendation - DO NOT use a mathmatical question). My question was "What is 10 + 10". The spam bots go by that no problem. When I changed my questions to "What Company makes the PlayStation 3?" the Spam bots stopped registering almost immediatly. Now the spam posts are all done manualy by kids trying to advertise their own forums, and I'll take that spam any day over porn and pharmacuticals.

Great job!

Of course never use mathematical question they are too easy to be broke, I'm using the human verification system builtin vbulletin 3.7 with 5 questions without any other verification like image or nospam and for now 0 bots registered with theses questions:

• What are the 4 last letters of the word 'Security' ?
• Finish DeNiro's famous phrase in Taxi 'Are you talking to...'
• What's a poc ? An explo...
• G.Bush is president of the US...
• The #1 search engines around the world is Goo...

This stopped 100% bots.

[ZomgStuff]

Edit: Post removed.

[TigerWare]

Oh bravo, never mind actually reporting it *quietly*, just alert every script kiddy that comes here that there may be something to hack. Geez!

[class101]

Quote:

Originally Posted by TigerWare

Oh bravo, never mind actually reporting it *quietly*, just alert every script kiddy that comes here that there may be something to hack. Geez!

What about the few real hackers there is outta there who found that bug and exploited it so far before it has been found ? Thanks for the info ZomgStuff

[eJM]

You aren't doing any of us a bit of good by telling us about this exploit. You are allowing hackers with nothing better to do than to screw up our sites that they have a new project now. The best way to report an exploit is to report it to the developer. That has ALWAYS been the preferred method and probably always will be.

Jim

[ZomgStuff]

I deleted my post, but I just wanted to let you guys know that someone is possible, so you don't have a false sense of security an then bam.

This can be a rather simple fix, and the best part is that you could fix it with a number of different ways.

[class101]

Welcome to the Full-Disclosure world. you didn't have to remove your post... Now you can wait 3month for a new patch... I have been alerting about a zoints tag bug recently and it has been patched the same day... Now do not expect that.

[ZomgStuff]

If it takes more than a week I'll just edit the mod for myself I'll gladly tell someone what to edit to fix it.

[needaltuna]

Thank you for the nice mod.

In your main post, you make no mention of the integration file. I downloaded and opened it on the off chance that I might need it, but I am still unsure whether I do or not. Should the template mods be applied only if the product doesn't install properly?

[Marco van Herwaarden]

Quote:

Originally Posted by ZomgStuff

If it takes more than a week I'll just edit the mod for myself I'll gladly tell someone what to edit to fix it.

Why don't you follow proper procedures and report the found vulnerability so staff can handle it?