Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!!

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :

1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
2. Import Product - product-image_verification.xml

Upgrading :

1. Upload show.php to the images/verification/ directory.
2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

[vbreal]

i like

[yesfans]

INSTALLED, works fine on 3.6.0

[Bluetiereign]

How about instead of chosing just one image - you had to chose 2 or 3 of them correctly in the random order they were presented ?

I gave up and have resorted to just approving members manually. The people programming these bots are using some very recognizable footprints when registering (and leaving some board specific questions unanswered ) - so they stand out like a sore thumb when registering. They have now resorted to spamming our 'contact us' link.

[joeysdad]

Just add all bots not on this to the .htaccess file, this will keep them out. Make sure you place it in your root dir.

Quote:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Extreme\ Picture\ Finder [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JoBo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteCopy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^teleport [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebBandit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Webdup [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSnake [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebMiner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^mister\ pix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PICgrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/2.0\ \(compatible;\ NEWT\ ActiveX;\ Win32\) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebPix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailMagnet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailReaper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtractor [NC,OR]
RewriteCond %{REMOTE_ADDR} ^63.148.99.2(2[4-9]|[3-4][0-9]|5[0-5])$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]
RewriteCond %{REMOTE_ADDR} ^12.148.196.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [NC,OR]
RewriteCond %{REMOTE_ADDR} ^12.148.209.(19[2-9]|2[0-4][0-9]|25[0-5])$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot [NC,OR]
RewriteCond %{REMOTE_ADDR} ^64.140.49.6([6-9])$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ClariaBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Diamond [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z]+$ [NC]
RewriteRule ^.* - [F,L]

[Keyser S?ze]

im not new to hacks, i wish this had an install.txt but i think ive done everything right, i have GD libraries installed and i set the right permissions on the files, yet still images dont show they are just dead Xs

im also using the hack that u have to have a minimum of posts on certain words or it is set to moderation, that hack has seem to stopped bots

[Silverstangs]

Wow I like this hack I wish there was one for 3.0.0... I guess I'm gonna need to upgrade a few dozen forums...

**I need more $$$ to fund that thou.. maybe one forum at a time..

[crazymeezer]

This is wonderful, has stopped all spam sign ups dead. Thanks so much!

[CrashfAB]

Will have to give this a try...

[grizwald]

thanks for this, it is working great on my website:

http://moi-alizee.us/forums/register.php

[masterme]

Nice one, specialy because my visitors are not able to see the letters/numbers in the standard way.