Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
NoSpam! - an alternative to CAPTCHA images Details »»
NoSpam! - an alternative to CAPTCHA images
Version: 3.0, by antialiasis antialiasis is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.x Rating:
Released: 08-23-2006 Last Update: 06-22-2008 Installs: 1568
Uses Plugins Auto-Templates
 
No support by the author.

This hack is for vBulletin 3.6.x. For 3.5.x, please use the one provided in this thread. If you are using 3.7.x, you must use the one in this thread.

This simple hack is meant as a replacement for the default CAPTCHA system in vBulletin. There are two main reasons one might want to do this: firstly, new technology is constantly being developed to crack CAPTCHA images and make spam accounts anyway, and secondly, the more secure the CAPTCHA, the more difficult it is for genuine users to tell what the numbers in the image are. There is also the issue of visually impaired users, and the fact that not all servers are capable of generating CAPTCHA images.

So what does this hack do instead? It asks a question. Any question you want. That's the best part: YOU make up the questions, which means that every forum is unique, which means that it is impossible for spambots to be simply programmed to bypass it at all forums with the hack installed. You can make one or many questions - if you make many, the hack will pick one at random when a guest attempts to register, search, post or send mail through the Contact Us form. Their input is compared with your specified answer, and voil?, if they get it right they're pretty much guaranteed to be human. If they get it wrong, they're given an error message.

It doesn't have to be a complicated question. Heck, you can just make it "Please type 'blah' into this box." Or you can go with inserting a simple image with HTML and ask what is shown on the image. Or you can ask them to tell you two plus two. It's up to you. In fact, this can also be used as a means of forcing people to read the rules by asking for a certain password found there, or if your forum focuses on a specialized subject, ask a question concerning the subject that all your genuine users will be able to answer, but a random troll or "CAPTCHA-sweatshop-reader" will be scratching their head over.

It's simple to install, too: just one product to import, and that's it.


VERSION HISTORY:

3.0: Added functionality to allow users to specify which pages should use NoSpam!.
2.0: Extended the NoSpam! functionality to guest posts, guest searches and guest "Contact Us" in addition to registration.
1.1: Made template edit automatic (with thanks to Cole2026), added ability to have more than one answer to each question, and made answers case insensitive. To upgrade, I recommend undoing the template edit so you won't have to worry about it anymore (replace $nospamfield in the template register with $imagereg, or if you added $nospamfield above $imagereg, just remove $nospamfield altogether), and then reimport the product through the Admin CP (making sure that Allow Overwrite is set to On).
1.0: Initial release.


INSTALLATION:

Please download NoSpam!.zip, not product-nospam.xml, for the tested version. product.nospam.xml is NoSpam! 4.0 adapted blindly to 3.6, i.e. by editing the XML file for the 3.7 version without actually testing it on a 3.6 board. Theoretically it should work, but I cannot guarantee it at this time. If you download NoSpam!.zip and unzip it, it will contain another file called product.nospam.xml, which you should use.

1. Import product-nospam.xml through the Admin CP product manager.
2. Go to your vBulletin options in the Admin CP and select NoSpam! Settings. Once there, turn the system on and input your questions and answers according to the instructions there.

The system should now be functional and running.


UNINSTALLATION:

Just uninstall the product through the Admin CP.


SUPPORT:

Full support will be given here in this thread. All suggestions are welcome.

Thank you and please click "Mark as Installed" if you like it.


If NoSpam! is not working for you or you are looking for something a little different, you might want to check out Advanced Textual Confirmation.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #652  
Old 01-05-2008, 10:13 AM
class101 class101 is offline
 
Join Date: Sep 2007
Location: France
Posts: 134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sapper6fd View Post
I've been using this hack now for a while and I must say this is by far one of, if not the best hack I've ever installed.

Prior to using it, I was getting anywhere from 10 - 30 spam bots registering on my forum a day, and around 15 or so spam posts per day. After installing this hack its been reduced to around 1 spam post per day, some times none.

At first the results were minimul (My recomendation - DO NOT use a mathmatical question). My question was "What is 10 + 10". The spam bots go by that no problem. When I changed my questions to "What Company makes the PlayStation 3?" the Spam bots stopped registering almost immediatly. Now the spam posts are all done manualy by kids trying to advertise their own forums, and I'll take that spam any day over porn and pharmacuticals.

Great job!
Of course never use mathematical question they are too easy to be broke, I'm using the human verification system builtin vbulletin 3.7 with 5 questions without any other verification like image or nospam and for now 0 bots registered with theses questions:
  • What are the 4 last letters of the word 'Security' ?
  • Finish DeNiro's famous phrase in Taxi 'Are you talking to...'
  • What's a poc ? An explo...
  • G.Bush is president of the US...
  • The #1 search engines around the world is Goo...

This stopped 100% bots.
Reply With Quote
  #653  
Old 01-10-2008, 06:07 PM
ZomgStuff ZomgStuff is offline
 
Join Date: Feb 2007
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Edit: Post removed.
Reply With Quote
  #654  
Old 01-10-2008, 06:40 PM
TigerWare TigerWare is offline
 
Join Date: Feb 2007
Location: England, UK
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh bravo, never mind actually reporting it *quietly*, just alert every script kiddy that comes here that there may be something to hack. Geez!
Reply With Quote
  #655  
Old 01-10-2008, 09:35 PM
class101 class101 is offline
 
Join Date: Sep 2007
Location: France
Posts: 134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TigerWare View Post
Oh bravo, never mind actually reporting it *quietly*, just alert every script kiddy that comes here that there may be something to hack. Geez!
What about the few real hackers there is outta there who found that bug and exploited it so far before it has been found ? Thanks for the info ZomgStuff
Reply With Quote
  #656  
Old 01-10-2008, 11:15 PM
eJM's Avatar
eJM eJM is offline
 
Join Date: Sep 2004
Location: teh Ether
Posts: 121
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You aren't doing any of us a bit of good by telling us about this exploit. You are allowing hackers with nothing better to do than to screw up our sites that they have a new project now. The best way to report an exploit is to report it to the developer. That has ALWAYS been the preferred method and probably always will be.

Jim
Reply With Quote
  #657  
Old 01-10-2008, 11:44 PM
ZomgStuff ZomgStuff is offline
 
Join Date: Feb 2007
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I deleted my post, but I just wanted to let you guys know that someone is possible, so you don't have a false sense of security an then bam.

This can be a rather simple fix, and the best part is that you could fix it with a number of different ways.
Reply With Quote
  #658  
Old 01-10-2008, 11:49 PM
class101 class101 is offline
 
Join Date: Sep 2007
Location: France
Posts: 134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Welcome to the Full-Disclosure world. you didn't have to remove your post... Now you can wait 3month for a new patch... I have been alerting about a zoints tag bug recently and it has been patched the same day... Now do not expect that.
Reply With Quote
  #659  
Old 01-10-2008, 11:56 PM
ZomgStuff ZomgStuff is offline
 
Join Date: Feb 2007
Posts: 469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If it takes more than a week I'll just edit the mod for myself I'll gladly tell someone what to edit to fix it.
Reply With Quote
  #660  
Old 01-11-2008, 12:43 AM
needaltuna needaltuna is offline
 
Join Date: Sep 2007
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you for the nice mod.

In your main post, you make no mention of the integration file. I downloaded and opened it on the off chance that I might need it, but I am still unsure whether I do or not. Should the template mods be applied only if the product doesn't install properly?
Reply With Quote
  #661  
Old 01-11-2008, 04:47 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ZomgStuff View Post
If it takes more than a week I'll just edit the mod for myself I'll gladly tell someone what to edit to fix it.
Why don't you follow proper procedures and report the found vulnerability so staff can handle it?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:20 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08622 seconds
  • Memory Usage 2,313KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete