Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
NoSpam! - an alternative to CAPTCHA images Details »»
NoSpam! - an alternative to CAPTCHA images
Version: 3.0, by antialiasis antialiasis is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.x Rating:
Released: 08-23-2006 Last Update: 06-22-2008 Installs: 1568
Uses Plugins Auto-Templates
 
No support by the author.

This hack is for vBulletin 3.6.x. For 3.5.x, please use the one provided in this thread. If you are using 3.7.x, you must use the one in this thread.

This simple hack is meant as a replacement for the default CAPTCHA system in vBulletin. There are two main reasons one might want to do this: firstly, new technology is constantly being developed to crack CAPTCHA images and make spam accounts anyway, and secondly, the more secure the CAPTCHA, the more difficult it is for genuine users to tell what the numbers in the image are. There is also the issue of visually impaired users, and the fact that not all servers are capable of generating CAPTCHA images.

So what does this hack do instead? It asks a question. Any question you want. That's the best part: YOU make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed. You can make one or many questions - if you make many, the hack will pick one at random when a guest attempts to register, search, post or send mail through the Contact Us form. Their input is compared with your specified answer, and voil?, if they get it right they're pretty much guaranteed to be human. If they get it wrong, they're given an error message.

It doesn't have to be a complicated question. Heck, you can just make it "Please type 'blah' into this box." Or you can go with inserting a simple image with HTML and ask what is shown on the image. Or you can ask them to tell you two plus two. It's up to you. In fact, this can also be used as a means of forcing people to read the rules by asking for a certain password found there, or if your forum focuses on a specialized subject, ask a question concerning the subject that all your genuine users will be able to answer, but a random troll or "CAPTCHA-sweatshop-reader" will be scratching their head over.

It's simple to install, too: just one product to import, and that's it.


VERSION HISTORY:

3.0: Added functionality to allow users to specify which pages should use NoSpam!.
2.0: Extended the NoSpam! functionality to guest posts, guest searches and guest "Contact Us" in addition to registration.
1.1: Made template edit automatic (with thanks to Cole2026), added ability to have more than one answer to each question, and made answers case insensitive. To upgrade, I recommend undoing the template edit so you won't have to worry about it anymore (replace $nospamfield in the template register with $imagereg, or if you added $nospamfield above $imagereg, just remove $nospamfield altogether), and then reimport the product through the Admin CP (making sure that Allow Overwrite is set to On).
1.0: Initial release.


INSTALLATION:

Please download NoSpam!.zip, not product-nospam.xml, for the tested version. product.nospam.xml is NoSpam! 4.0 adapted blindly to 3.6, i.e. by editing the XML file for the 3.7 version without actually testing it on a 3.6 board. Theoretically it should work, but I cannot guarantee it at this time. If you download NoSpam!.zip and unzip it, it will contain another file called product.nospam.xml, which you should use.

1. Import product-nospam.xml through the Admin CP product manager.
2. Go to your vBulletin options in the Admin CP and select NoSpam! Settings. Once there, turn the system on and input your questions and answers according to the instructions there.

The system should now be functional and running.


UNINSTALLATION:

Just uninstall the product through the Admin CP.


SUPPORT:

Full support will be given here in this thread. All suggestions are welcome.

Thank you and please click "Mark as Installed" if you like it.


If NoSpam! is not working for you or you are looking for something a little different, you might want to check out Advanced Textual Confirmation.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #662  
Old 01-11-2008, 04:21 PM
ZomgStuff ZomgStuff is offline
 
Join Date: Feb 2007
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
Why don't you follow proper procedures and report the found vulnerability so staff can handle it?
I already did before I made the post.

Sorry about all the drama.
Reply With Quote
  #663  
Old 01-15-2008, 01:17 AM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eJM View Post
I think some people don't fully understand how to keep bots out and let real people register or post. I have no idea what company makes Playstations. I know it's a game, but beyond that, it's obviously something that would keep me and many others from being able to participate on your forums and maybe learning more about a technology and product I might want to use.
All one would have to do is quickly Google Playstation 3 to find out who makes it. The idea of these questions is to make it impossible for a bot to guess. But even a question you don't have immediate knowledge of is still suitable if the question is easily sought out. If a person is getting into computer games for the first time, this is one of the first things he would come across. Not to mention, a page refresh and you'd get a new question.
Reply With Quote
  #664  
Old 01-15-2008, 04:23 AM
eJM's Avatar
eJM eJM is offline
 
Join Date: Sep 2004
Location: teh Ether
Posts: 121
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Digital Jedi View Post
All one would have to do is quickly Google Playstation 3 to find out who makes it.
Don't make people jump through hoops to use your site. Security is one thing, requiring anyone to first search Google to find the answer to your security question will only cause people to leave.

Quote:
The idea of these questions is to make it impossible for a bot to guess.
It has been proven over and over that it doesn't take a difficult question to thwart bots. Just "keep it simple stupid." It's the site owner/manager that should be doing the work (staying on top of the security game), not the user you want to visit your site. Make it too simple for them and too hard for the bots. It ain't a difficult concept. It's an ego that always seems to get in the way of simplicity. Most folks already know you have smarts - you had enough to develop the site. Don't rub it in with inane questions.

Quote:
Not to mention, a page refresh and you'd get a new question.
Maybe on your site. I only need one question. I want members to join my site. If I don't make it easy enough for them, they'll join another site. It seems to work for me. I have ZERO spam registrations - I never have had to kill one since installing this hack.

Jim
Reply With Quote
  #665  
Old 01-16-2008, 12:48 PM
jalmz's Avatar
jalmz jalmz is offline
 
Join Date: Aug 2005
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hi guys,

i got 1 spam using this anti machine.... maybe they hack this mod...
Reply With Quote
  #666  
Old 01-20-2008, 08:30 AM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eJM View Post
Don't make people jump through hoops to use your site. Security is one thing, requiring anyone to first search Google to find the answer to your security question will only cause people to leave.
I'd hardly call it a hoop jump. If people coming to my site are interested in learning more about the site's subject, then how is directing them to one of the very basics of the subject a deterrent? If you've come to my site to learn more about Video Games, but looking up an easy to find answer makes you leave, then I can't imagine you were all that interested in learning in the first place. I once visited a boat site where the nospam question was in relation to motors and sizes. I didn't have a clue what that was, but I really needed to get registered. I Googled the question, found it and got in. And it was a much harder question then who makes PlayStation.

Quote:
It has been proven over and over that it doesn't take a difficult question to thwart bots. Just "keep it simple stupid." It's the site owner/manager that should be doing the work (staying on top of the security game), not the user you want to visit your site. Make it too simple for them and too hard for the bots. It ain't a difficult concept. It's an ego that always seems to get in the way of simplicity. Most folks already know you have smarts - you had enough to develop the site. Don't rub it in with inane questions.
Your still under the presumption that this is a difficult question. If your into video games even in the most marginal sense, you already know the answer. If your not even remotely interested in Video Games, then its highly unlikely that you would be trying to join such a forum for legitimate purposes. Even a casual gamer already knows the answer to that question. Sony is kind of a well know company.

Quote:
Maybe on your site. I only need one question.
Well, that kind of defeats the purpose of the mod. I'm sure on a more conservative forum, only one is needed (for now). Certain sites are more heavily targeted by such bots, and single question can eventually be worked around.

Quote:
I want members to join my site. If I don't make it easy enough for them, they'll join another site. It seems to work for me. I have ZERO spam registrations - I never have had to kill one since installing this hack.
I have a specialty forum, devoted to TCG gaming. I don't really need it to be that easy, in that I only need one question. Besides, what color is the sky, what color is a banana and Darth Vader is from _____ Wars aren't exactly brain teasers for the crowd we draw.

Your also under the, very common, impression that most vB.com members seem to be under, in that all of us are looking to draw each-and-every single member we can get our grubby little hands on. And that's simply not true. A good portion of us would rather have a conservative, active membership of people who at least have basic intelligence to look up who Darth Vader is, then a million page memberlist of users who register and never return. It's a matter of necessity. That's why the mod was created to support multiple questions. One question wouldn't do much for forums that are hit by 30+ spam bots on a daily basis.

Quote:
Originally Posted by jalmz View Post
hi guys,

i got 1 spam using this anti machine.... maybe they hack this mod...
There isn't a form of spam protection that's 100% fool proof. A real person can very easily register an account for his bot to post in, or he can post the stuff himself.
Reply With Quote
  #667  
Old 01-20-2008, 09:36 AM
eJM's Avatar
eJM eJM is offline
 
Join Date: Sep 2004
Location: teh Ether
Posts: 121
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

DJ, you go boy. Do what you want. I don't feel like arguing with pomposity. What a waste of quotes.
Reply With Quote
  #668  
Old 01-20-2008, 11:40 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pomposity? Who was arguing? I was making my point. You suggested that a question was too hard and that more then one was too many. I was pointing out that both depend on your forum's needs. Nothing more. Nothing less.
Reply With Quote
  #669  
Old 01-21-2008, 07:18 PM
CaffeineGibbs CaffeineGibbs is offline
 
Join Date: Oct 2005
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Installed it on my forums, and two days straight no spammers signed up. great!
I do have one question though, if I have "Multiple registrations per user" enabled, and if a user tried to sign up, he still gets the "No Spam! question hasn't been answered correctly" eventhough there was no NoSpam! question displayed in the first place. i gather i have to edit the template, but I'm not certain which one and what code to add and where.
Reply With Quote
  #670  
Old 01-25-2008, 10:06 AM
raubin raubin is offline
 
Join Date: Sep 2007
Location: Spain
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hopefully this will put an end to all the spam registrations that I get, I must get over 20 spam registrations per day and it was really starting to p*** me off!

Lets hope this stops it..

Thanks
Reply With Quote
  #671  
Old 01-31-2008, 04:04 PM
sinucello sinucello is offline
 
Join Date: Apr 2006
Location: dutch-german border
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi,

this is a very helpful add-on. In the last weeks we got so many spam registrations that managing them became really annoying and time consuming. Since we installed your tool, that`s over and only human-created registrations come through.

thank you - all the best,
Sacha
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:45 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04988 seconds
  • Memory Usage 2,338KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete