Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Prevent Automated Registrations Details »»
Prevent Automated Registrations
Version: 1.00, by Mystis Mystis is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 02-01-2003 Last Update: Never Installs: 32
 
No support by the author.

Smallish hack here, basically it emulates Yahoo's, among other's, system of generating an image with a random series of characters that a user must enter correctly into a text box to register. The screenshots will illustrate this well:

Screenshots
----------------
Registration Screen
Results on Failure
Results on Success

Installation Instructions
----------------
See install.txt in the attachment

Minimods
----------------
Text-only version for people without access to the GD library

The font may be customized by taking a font desired, in TrueType format, and uploading it in place of the font.ttf included. the gd image library IS required to use this hack.

If you like it, install it!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 02-02-2003, 11:37 PM
Velocd's Avatar
Velocd Velocd is offline
 
Join Date: Mar 2002
Location: CA University
Posts: 1,696
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Awesome hack Mystis, I had wondered when something like this for vBulletin might come along.

The only question I have is what kind of service would somebody be using that is processing an automated registration for one's forum? This is just a generic question, as I've wondered the same for those Lycos/Yahoo sites. I'm guessing some kind of bot, although the chances of one doing so on a vBulletin seems less likely.

[high]* Velocd clicks install [/high]
Reply With Quote
  #23  
Old 02-03-2003, 12:03 AM
Mystis's Avatar
Mystis Mystis is offline
 
Join Date: Jul 2002
Location: Minnesota
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by squawell
about the path how should i do?? i have little confuse...

if my address is http://www.xxx.com.tw/xxx/forum/index.php
You're looking for the absolute server path to your forums' root directory. So in your example, if you're running on a linux server then a possiblity could be '/home/xxx/public_html/xxx/forum/font.ttf'. On Windows, it might be something like: "c://htdocs//users//xxx//xxx//forum//font.ttf'. I can't tell you for sure though, your best bet would be inquiring your host.

Quote:
Originally posted by Velocd
Awesome hack Mystis, I had wondered when something like this for vBulletin might come along.

The only question I have is what kind of service would somebody be using that is processing an automated registration for one's forum? This is just a generic question, as I've wondered the same for those Lycos/Yahoo sites. I'm guessing some kind of bot, although the chances of one doing so on a vBulletin seems less likely.
I'ts very easy to set up a bot that can process a form repeatedly and automatically. I obviously won't give out details as to how, but it is very possible and potentially damaging to the server if it does that frequently enough. The person that I wrote the hack for actually got 10,000+ fake registrations in under a day.

Quote:
Originally posted by Boofo
I ran the phpinfo and say nothing about the gd library. Chances are (knowing my host) it is not installed. Thanks, anyway.
If it isn't in phpinfo, then it likely isn't installed. I aplogize. I'll work on a text only version workaround, although it isn't nearly as secure.

Quote:
Originally posted by Davey
WOW this is a good hack dude.
Thanks for releasing!
I'll definately install this if possible hehehe.
Mind you I dunno if (and doubt) lycos runs the requirements for this.
Still worth a try though.

Dave.
Sorry, but I'm pretty sure that Lycos won't run the gd. Again, keep an eye out for the text version workaround, which I'll figure out and include in my next post
Reply With Quote
  #24  
Old 02-03-2003, 12:23 AM
Mystis's Avatar
Mystis Mystis is offline
 
Join Date: Jul 2002
Location: Minnesota
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

TEXT ONLY FIX

In the 'registeradult' template, find

PHP Code:
    <tr>
        <
td bgcolor="{firstaltcolor}"><normalfont><b>Automatic Registration Prevention</b></normalfont><br>
        <
smallfont>Please enter the text in the box below to the text box to the right.  This is to prevent automatic registrations.<br><br><img src="reg_image.php?text=$image_var&colorbg={firstaltcolor}&colortext={pagetextcolor}" /><br></smallfont></td>
        <
td bgcolor="{firstaltcolor}"><normalfont>
            <
input type="text" class="bginput" name="autoveri" size="25" maxlength="15">
            <
input type="hidden" name="autovero" value ="$image_var">
        </
normalfont></td>
    </
tr
and replace it with
PHP Code:
<tr>
    <
td bgcolor="{firstaltcolor}"><normalfont><b>Automatic Registration Prevention</b></normalfont><br>
    <
smallfont>Please enter the registration key below to the text box to the right.  This is to prevent automatic registrations.<normalfont><br><br><smallfont><b>Registration key$image_var<smallfont>
        </
td><td><input type="text" class="bginput" name="autoveri" size="25" maxlength="15">
        <
input type="hidden" name="autovero" value ="$image_var">
    </
normalfont></td>
</
tr
Reply With Quote
  #25  
Old 02-03-2003, 12:30 AM
Martin64's Avatar
Martin64 Martin64 is offline
 
Join Date: Nov 2001
Posts: 390
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very nice, I'll install it some other night when the clock isn't 3:20 am *yawn*

Good job.
Reply With Quote
  #26  
Old 02-03-2003, 12:32 AM
Yo. Yo. is offline
 
Join Date: Jan 2003
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Forgive me if I'm wrong..but if the image_var is in the output source of both the image and text versions, how is the text version any less secure?
Reply With Quote
  #27  
Old 02-03-2003, 02:11 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This wont prevent auto verification at all, all some one has to do is use fopen on the page and look for
<input type="hidden" name="autovero" value ="$image_var">
and get the value real esily, this will stop auto registration as much as not having it, also using gd every time the page is loaded will have a high load to the server, thats why im adding a cahceing option and the other options to my hack so prevent the gd causing high loads. Also there are some ways to extract this text from the image as well, you dont distort the image in any way so a bot could look through the image and compare it to others and get the text from it, the non gd support for my hack uses hash images so not even a bot can get the value from them and also alow cacheing and session limits, so if the user idles for to long it creates a new session verification value automaticly.

Also I'm not trying to put down this hack, It was a great idea, Im just stating there are some major flaws in the script.
Reply With Quote
  #28  
Old 02-03-2003, 02:12 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

https://vborg.vbsupport.ru/showthrea...threadid=48240

Im planning on releasing my hack tomarrow.


https://vborg.vbsupport.ru/attachmen...&postid=348489

Theres the current admin options for it.
Reply With Quote
  #29  
Old 02-03-2003, 04:19 AM
DWZ's Avatar
DWZ DWZ is offline
 
Join Date: Dec 2001
Posts: 207
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just a small note/warning.

Some of the more "smarter" auto register bot thingys can "read" images to see the registration code if it's in the normal Arial/Times New Roman type font, so you really should use some weird font if you really want to protect yourself.

You can see sites such as AltaVista doing this.

EDIT: oh, and yeah, nice hack
Reply With Quote
  #30  
Old 02-03-2003, 04:28 AM
Slynderdale Slynderdale is offline
 
Join Date: Mar 2002
Location: New York State
Posts: 576
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by DWZ
Just a small note/warning.

Some of the more "smarter" auto register bot thingys can "read" images to see the registration code if it's in the normal Arial/Times New Roman type font, so you really should use some weird font if you really want to protect yourself.

You can see sites such as AltaVista doing this.

EDIT: oh, and yeah, nice hack
You dont need to worry about that with this hack..it already has the verification number publicly displayed in the html...
Reply With Quote
  #31  
Old 02-03-2003, 04:46 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Slynderdale


You dont need to worry about that with this hack..it already has the verification number publicly displayed in the html...
Is there a way to use something other than the gd library to display the images (since alot of hosts don't have it installed)? If the text only version can be got around that easy, there must be another way.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:05 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05253 seconds
  • Memory Usage 2,335KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete