Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
Harmor's Bot Protection Details »»
Harmor's Bot Protection
Version: 1.1.0, by harmor19 harmor19 is offline
Developer Last Online: May 2023 Show Printable Version Email this Page

Category: Mini Mods - Version: 3.6.4 Rating:
Released: 04-12-2007 Last Update: 04-13-2007 Installs: 15
Uses Plugins Template Edits
 
No support by the author.

Here is a demo

Let me explain how this works.

On the registration page a potiental user has to enter a random character of a word.
I have done something different though. It randomly selects a username from the database to be used as the word.

Some of you may be asking "Can you explain how it does the checking"?
On the registration page I have a hidden form that contains a hashed version of the correct character. After the form is submitted it checks if the the hashed version of the character you typed against the correct hash.

If you installed this hack you can enable it by going to
vBulletin Options --> User Registration Options
The option to enable/disable the feature and to add your own hash are at the bottom.


If you are upgrading this hack you'll need to edit the "register" template.

Go to your ACP >> Styles & Templates >> Style Manager
Expand the template you want to edit.
Expand the Registration Templates category

Open: register
Find:
HTML Code:
What is the first character of <b>$ahbot[username]</b>?
Replace with:
HTML Code:
What is the $char_loc character of the word <b>$ahbot[username]</b>?

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 04-13-2007, 12:12 PM
Pyrix Pyrix is offline
 
Join Date: Jul 2004
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just thinking, you may be able to secure it a little more by appending the vbulletin license number (or a random string stored in vb options) to the character before you hash it (both times). This is known as 'salting', and would make the 'MD5 hash table' bypass much, much harder. You might want to Google that and read up on it

Don't know what you can do about the other thing though - you could turn it into an image but then what advantage does it give over vb's default captcha?
Reply With Quote
  #13  
Old 04-13-2007, 01:19 PM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can bots read the source code?
Reply With Quote
  #14  
Old 04-13-2007, 01:41 PM
DiSpy's Avatar
DiSpy DiSpy is offline
 
Join Date: Feb 2007
Location: South Florida!!
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pyrix is right, salting the hash would work wonders... may I suggest letting the admins choose their own salt in the admin CP. That way each board has it's own salt.

The second issue about the bot automatically "looking at the webpage" for a value, can also be solved using the admin CP. Just let users customize the question in thier own words, and customize the title (where it says "Harmor's Bot Protection" and "What is the first character of" in the screen shot).

Also, I was thinking... how hard would it be to allow the admin to choose EITHER the 1st, 2nd, 3rd character the users should enter (set via admin cp). This would make is at least not exactly the same on all boards, and since vB has min usernames set at more than 3, it should always work.

Just my $0.02 cents.
Reply With Quote
  #15  
Old 04-13-2007, 02:22 PM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hopefully I increased the security of this hack. It now selects a random character instead of asking the user to enter the first character.

Here is a snippet of code I added.
PHP Code:
if(empty($vbulletin->options['harmor_bot_protection_hash']))
{
  
$vbulletin->options['harmor_bot_protection_hash'] = "gwetg7gaswegty7sawfrtq2w6t";
}

$word $ahbot['username']{$ah_rand 1};
$hash md5(md5($word).$vbulletin->options['harmor_bot_protection_hash']); 
The screenshot has been updated as well. Attachment 63065
Reply With Quote
  #16  
Old 04-13-2007, 04:20 PM
Mr Chad's Avatar
Mr Chad Mr Chad is offline
 
Join Date: Jul 2005
Posts: 911
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by harmor19 View Post
Can bots read the source code?

of course they can...

they filter through the source to find hash's so they can do things (and the hashs were made to stop them).
Reply With Quote
  #17  
Old 04-13-2007, 04:29 PM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Mr Chad View Post
of course they can...

they filter through the source to find hash's so they can do things (and the hashs were made to stop them).
Thanks for answering my question.
Reply With Quote
  #18  
Old 04-13-2007, 09:53 PM
smess smess is offline
 
Join Date: Oct 2002
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??
Reply With Quote
  #19  
Old 04-13-2007, 10:06 PM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by smess View Post
what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??
I didn't take that into account. I'll update the hack soon. Thank you for pointing that out.
Reply With Quote
  #20  
Old 04-14-2007, 07:14 AM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by smess View Post
what happens for example if people have a space in their name so the user name is "no gas" and you ask for the third letter? is it g or space, etc??
I have updated the hack to remove spaces in usernames. "no gas" becomes "nogas".
Reply With Quote
  #21  
Old 04-16-2007, 04:12 AM
TeamDevotion TeamDevotion is offline
 
Join Date: Sep 2006
Location: Westchester County, NY
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Isn't this the point of image verification?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05045 seconds
  • Memory Usage 2,309KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_html
  • (1)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete