Version: 2.2, by steadicamop
Developer Last Online: Dec 2014
Category: Miscellaneous Hacks -
Version: 3.7.6
Rating:
Released: 06-06-2008
Last Update: 06-08-2008
Installs: 293
Uses Plugins Auto-Templates
Additional Files Translations
No support by the author.
Title : Enhanced Image Captcha
Version : 2.2b
VB Versions : Currently working and tested on 3.8.4 (as of Dec 2014)
Coder : Andy Calderbank & Jason Williams
Purpose : Add extra Image Verification to the registration process, using an alternative system to the Captcha system.
The Enhanced Image Captcha system is a unique system using images versus text to stop spammers signing up to your forum. The script automatically detects images and uses the filename as the title, making adding new images extremely simple. To further improve security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone - and cannot be viewed by trying to access the images directly.
Please note, there is a .htaccess file within the images directory, to keep security tight, this must be kept, without it bots are able to scan the images and make a match, I understand not every server can utilist .htaccess but cannot get around this.
Important : This has been tested on 3.7 and 3.6.2 - as far as I know this should be backwards and forwards compatible.
My thanks go to all the guys who have helped with this, all the suggestions and feedback, all has been take on board and where necessary included in this new version - members in particular are : King Kovifor, Danny.VBT, Lynne and RCK.
Also thanks to ogameclub for the Turkish translated version.
I must thank Opserty too for their hard work in making me understand where I was going wrong!!
New features from original 1.11 release!!
Admin settable options:
Number of images to display
Path to image directory (so you can change if you prefer)
Resize image between 50% - 150% of original image
Number of images to display before a line break (see History)
I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.
Installation :
Upload show.php to your forum root directory (or wherever register.php is).
Upload the images/verification directory, this can be moved to the forum root or have the verification name changed, but needs updating in the Enhanced Image Captcha AdminCP options.
Make sure that you check that the Images Path is correct in AdminCP -> VBulletin Options -> Enhanced Image Captcha.
You can also select how many images and what size from the original you would prefer.
Upgrading:
Import Product - product-enhanced_image_captcha.xml - overwrite if necessary.
Set any options you need in AdminCP -> VBulletin Options -> Enhanced Image Captcha.
Upgrading from v1.xx :
Remove the images/verification directory and all images inside.
Uninstall the product - Enhanced Captcha Image Verification - important for phrase and template removal!
Upload show.php to your forum root directory (or wherever register.php is).
Upload the images/verification directory, this can be moved to the forum root or have the verification name changed, but needs updating in the Enhanced Image Captcha AdminCP options.
Import Product - product-enhanced_image_captcha.xml - overwrite if necessary.
Make sure that you check that the Images Path is correct in AdminCP -> VBulletin Options -> Enhanced Image Captcha.
You can also select how many images and what size from the original you would prefer.
Requirements : GD Libraries installed
File uploads : 53 (including images)
Files to Import : 1
New Templates : 2
New Phrases : 15
Uses Hooks : 1
New Queries : 0
History :
v2.0b
Original Beta release
v2.1b
Added Enable/Disable Option
Also added Turkish Translated version
Added new image page
v2.2b
Bug Fix : Opera browsers, any number over around 8 images disappears over side of screen, added number of images before line break function to stop this happening
Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Humm there is a huge flaw that has been in this since v1.
Ok, basicly the bot goes to the page, detects its this style of auth and instead of trying to guess the correct image, it just does them all. What i mean is... it loads this page /register.php?clicked=1 increasing the clicked number each time using the same cookies. Once it guesses the correct number, it can continue to register.
~Cmd
The above still seems to be an issue. You do not need to even look at the images. Just go to a forum running this mod and click on the first image you see. If you are wrong it will tell you to go back. Instead of going back, change where it says "/register.php?clicked=1" in the address bar to "/register.php?clicked=2". If 2 isn't the right image, enter 3 and so forth. Once you get to the number where the correct image is located, you are allowed to register. If you have a total of 8 images, it only takes 7 attempts max to get through.
It would be nice to combine this with image captcha so that each time you guess a wrong image, you have to re-enter a word in an image. That would really bullet-proof this mod.
The above still seems to be an issue. You do not need to even look at the images. Just go to a forum running this mod and click on the first image you see. If you are wrong it will tell you to go back. Instead of going back, change where it says "/register.php?clicked=1" in the address bar to "/register.php?clicked=2". If 2 isn't the right image, enter 3 and so forth. Once you get to the number where the correct image is located, you are allowed to register. If you have a total of 8 images, it only takes 7 attempts max to get through.
It would be nice to combine this with image captcha so that each time you guess a wrong image, you have to re-enter a word in an image. That would really bullet-proof this mod.
I think no matter what system you come up with, some bot somewhere will defeat it, it's just finding ways of making it much harder, and admittedly, this does allow some in, as I've found, but it does slow their work. Maybe instead, turn the text into a graphic, fair enough which can still be read by a bot, but have the enter it in too -- then that way, it takes two processes to pass this part. I did think about trying to include the standard VB captcha as well ... but I've not had time to investigate how this would work.
Quick update on this .. I have just tested this on 3.8 RC1, seems to have no problems at all .... the demo should be back up and running now, I will try and change this over to 3.8 compatible now.
I like what I see but unfortunately I get this error when I installed on to the latest 3.8"
Quote:
Fatal error: Call to undefined function: session_start() in /home/XXXXXXXX/www/rippersplace.com/forum/register.php(204) : eval()'d code on line 3