Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Enhanced Captcha Image Verification - stop bots from signing up!! Details »»
Enhanced Captcha Image Verification - stop bots from signing up!!
Version: 1.11, by steadicamop steadicamop is offline
Developer Last Online: Dec 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.8 Rating:
Released: 11-25-2006 Last Update: 11-26-2006 Installs: 874
Uses Plugins Template Edits
Additional Files  
No support by the author.

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose
: Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :
  1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
  2. Import Product - product-image_verification.xml

Upgrading :
  1. Upload show.php to the images/verification/ directory.
  2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Download Now

File Type: zip Enhanced Captcha Image Verification.zip (116.4 KB, 5787 views)

Screenshots

File Type: jpg imageverification1.jpg (36.6 KB, 0 views)
File Type: jpg imageverification2.jpg (24.5 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #152  
Old 05-20-2007, 08:29 AM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by SuprSurfr View Post
Any chance on getting this working with 3.6.6?
Have you tried installing it - I'm still on 3.6.2 so will be upgrading soon, I will fix any compatibility problems as soon as I do.
Reply With Quote
  #153  
Old 05-20-2007, 05:46 PM
Ian Montgomerie Ian Montgomerie is offline
 
Join Date: Dec 2003
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Unfortunately, if this hack comes into common use then spambots will just defeat it by repeatedly trying to register and picking random images. Use 8 images and on average they'll succeed in about 4 tries. Captcha is immune to a simple "brute force" attack because there are too many combinations of words and letters that it can generate.

Right now this hack works because of security through obscurity - no spambots have been coded to deal with it.
Reply With Quote
  #154  
Old 05-20-2007, 06:49 PM
extreme-mobile extreme-mobile is offline
 
Join Date: Dec 2006
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i dont get any images showing just the words vbsecurereg or somethig any idea?
Reply With Quote
  #155  
Old 05-21-2007, 05:27 PM
Jeff Bade Jeff Bade is offline
 
Join Date: Apr 2005
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Reloaded everything and it is working now.

One problem I have is that the Name of the image it is asking for is not one of the 4 images.

I expanded it to 6 images and still no go.
I expanded it to 12 and most of the time the image is there.
But not all the time.

Anyone ever see that before?

Also the Red X images are there.
I think it is any non-image file in that directory which is causing this.
one time I was asked for the picture of index.
Which since I have index.html instead of .htaccess that makes sense.
Reply With Quote
  #156  
Old 05-22-2007, 10:06 AM
FatalBreeze FatalBreeze is offline
 
Join Date: Apr 2004
Location: Haifa - Israel
Posts: 163
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My forum is based on Hebrew and not on English. I've seen in your code that the $question variable, is the one that stores the image to click and he gets its value by substr - by the image name. My question is, if i translate all the names of the images to hebrew, will it work?

EDIT:
I installed your hack, and it didn't work when i translated the titles of the pictures.
The result is that it displayed the 4 pictures, however it didn't say which picture to click as if the $question variable is empty.
Reply With Quote
  #157  
Old 05-23-2007, 02:26 PM
FatalBreeze FatalBreeze is offline
 
Join Date: Apr 2004
Location: Haifa - Israel
Posts: 163
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you think i can fix it with two arrays: one in Engish and one in Hebrew, and work with preg_replace($english_array,$hebrew_array,$questio n); ?
Reply With Quote
  #158  
Old 05-27-2007, 09:33 AM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Jeff Bade View Post
Reloaded everything and it is working now.

One problem I have is that the Name of the image it is asking for is not one of the 4 images.

I expanded it to 6 images and still no go.
I expanded it to 12 and most of the time the image is there.
But not all the time.

Anyone ever see that before?

Also the Red X images are there.
I think it is any non-image file in that directory which is causing this.
one time I was asked for the picture of index.
Which since I have index.html instead of .htaccess that makes sense.
Sounds a little strange - I know other people are having issues with one or two images loading - I am looking into this and will do any necessary changes but I suspect it's a server thing - but will do testing to find this out.

If you have any other files than .htaccess, thumbs.db/Thumbs.db then they will show up, as those files are excluded - it is possible to exclude index.html by adding this in the show.php file:

PHP Code:
if ($entry != '.' && $entry != '..' && $entry != 'show.php' && $entry != '.htaccess' && $entry != 'Thumbs.db'
If you want to add index.html to that change it to:

PHP Code:
if ($entry != '.' && $entry != '..' && $entry != 'show.php' && $entry != '.htaccess' && $entry != 'Thumbs.db' && $entry != 'index.html'
For any other files just add
PHP Code:
&& $entry != 'whateverfilename.ext' 
to the end of the line before the closing bracket ")".

HTH

Jason
Reply With Quote
  #159  
Old 05-27-2007, 09:35 AM
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Location: Lancashire, UK
Posts: 379
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by FatalBreeze View Post
you think i can fix it with two arrays: one in Engish and one in Hebrew, and work with preg_replace($english_array,$hebrew_array,$questio n); ?
Give it a try - I'm not too clued up with preg_replace, but it can't hurt , if you have problems, let me know and I'll see what I can sort.

Cheers

Jason
Reply With Quote
  #160  
Old 05-31-2007, 12:32 PM
MissKalunji's Avatar
MissKalunji MissKalunji is offline
 
Join Date: Aug 2003
Location: Canada
Posts: 2,845
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is there a way to add this to sendmessage.php?
Reply With Quote
  #161  
Old 05-31-2007, 06:12 PM
Dragons76 Dragons76 is offline
 
Join Date: Mar 2007
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm on VB 3.6.7

I have installed this hack, but i want to register, i have this message :

PHP Code:
Warningdir() [function.dir]: Unable to access lesavoir/images/verificationin /register.php(202) : eval()'d code on line 6
 
Warning: dir(lesavoir/images/verification/) [function.dir]: failed to open dir: No such file or directory in /register.php(202) : eval()'
d code on line 6
 
Fatal error
Call to a member function read() on a non-object in /home/evox/lesavoir/httpdocs/lesavoir/register.php(202) : eval()'d code on line 7 
I have made the modif who is posted here : https://vborg.vbsupport.ru/showpost....&postcount=109

Any body can help me ?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:02 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05602 seconds
  • Memory Usage 2,361KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete