On the registration page a potiental user has to enter a random character of a word.
I have done something different though. It randomly selects a username from the database to be used as the word.
Some of you may be asking "Can you explain how it does the checking"?
On the registration page I have a hidden form that contains a hashed version of the correct character. After the form is submitted it checks if the the hashed version of the character you typed against the correct hash.
If you installed this hack you can enable it by going to vBulletin Options --> User Registration Options
The option to enable/disable the feature and to add your own hash are at the bottom.
If you are upgrading this hack you'll need to edit the "register" template.
Go to your ACP >> Styles & Templates >> Style Manager
Expand the template you want to edit.
Expand the Registration Templates category
Open: register
Find:
HTML Code:
What is the first character of <b>$ahbot[username]</b>?
Replace with:
HTML Code:
What is the $char_loc character of the word <b>$ahbot[username]</b>?
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Nice I like it simple and surely should be affective.
Feature request
Can you make it so the amount of required text can be adjusted? So say instead of just the first letter could be the first 2 or 3 or etc etc? Only problem I see with that is the length of the username that gets picked to display say the username that is showing at registration is only 3 characters long but its set to require the first 4? Something that can be worked around?
I like how this does not require the making of a custom profile field I hate making those.
Nice I like it simple and surely should be affective.
Feature request
Can you make it so the amount of required text can be adjusted? So say instead of just the first letter could be the first 2 or 3 or etc etc? Only problem I see with that is the length of the username that gets picked to display say the username that is showing at registration is only 3 characters long but its set to require the first 4? Something that can be worked around?
I like how this does not require the making of a custom profile field I hate making those.
I thought of that too but I think that randomly selecting the character would be better.
Sorry, but this is incredibly easy to bypass - in fact I can think of two ways that this can be done...
MD5 Hash Table. I could easily create a small array of hashes for each 'possible' answer. As the chances are that most of the time the character will be alphanumeric, i will only need A-Z,a-z and 0-9. All i have to do is hash each of these letters in turn and store them in a small array (62 cells)
Now all i have to do is look up the value stored in the array with the key that matches your 'hidden field' value and put that letter in the field.
Look at the webpage
Alternatively, I could just look at the webpage. Unless I'm missing something, you give me the username in plain text. All i have to do is look for the value given after 'What is the first character of '?
This is the very reason that vBulletin uses CAPTCHA - it's an image so cannot just be 'read' in this way.
You may however get some 'security through obscurity' - bots need to know about your hack before they know what to do. But that would only take time and popularity.
Sorry to rip it apart so badly, but you did ask if there was any way bots could get past it.
Harmor's Bot Protection Details »»
About Developer
Visit Web Site
Uses Plugins 
No support by the author.
04-13-2007, 01:40 AM
