Anti-Spam Options - [BetoPho] reCaptcha v3 Login Integration

There are several requests to make this around the forum, so I guess I would contribute one.

Product Information
Provide reCaptcha intergration for vBulletin 4's login process that can check for bots or unsafe traffics using Google's famous reCaptcha engine.

Main Features

• Ultilizing reCaptcha v3 advantages: invisible checks that can determine how safe a user/traffic is, from very likely human to very likely bot, using reCaptcha's 'score' system.
• Performing specific actions to unsafe users/traffics, reject the login or redirect to another URL.
• Bad traffic users captured by the product will just be displayed with an invalid login screen.
• Ability to exclude users that won't be checked by reCaptcha.
• Lightweight and easy to configure.
• Simple installation: Install - Get reCaptcha keys - Configure the action - Done.

Future Versions Planning

• Expanding integration with other forum sections, like thread/post posting, PM, album, etc.
• Expanding integration with other activities, like register, search, page viewing, etc.
• Combining suport with reCaptcha v2, adding additional layer of human verification, for example, only when reCaptcha v3 detected likely unsafe traffic, verification form from v2 will show for the user to verify.
• Admincp Dashboard to view all failed login attemps captured by reCaptcha.
• Support for vBulletin 3 & 5.
• You name it.

Details

• Files upload: none
• Plugins: 6
• Templates: 3 (2 templates, 1 CSS template)
• Phrases: 2

Instructions

1. (Preparation) Have your reCaptcha v3 keys ready first. reCaptcha homepage.
2. Import the product XML file using Product section.
3. Go to Options > [BetoPho] reCaptcha Integration.
4. Insert the keys first (this product won't work without the keys).
5. Configure and start using.

Additional Instructions

1. To check if automatic template works, after putting the keys and configuring everything, view the homepage source (with the login form) as a Guest user and search for this code:
   
   HTML Code:

   <input type="hidden" name="btp_rcaptcha_response" id="btp_rcaptcha_input">

   If found, it's good. If not found, it means you are using modified templates/style.
2. In case it's not found, modify the template with the login form (usually 'header' template, might be other one depends on your style), search for the login form:
   
   HTML Code:

   action="login.php?do=login"

   When found, insert the product code in the #1 section into anywhere inside of the form. For example, it will look like this:
   
   Code:

   <form id="navbar_loginform" action="login.php?do=login" method="post" (other codes...)>
   ...
   <input type="hidden" name="btp_rcaptcha_response" id="btp_rcaptcha_input">
   ...
   </form>

   Then it will work.

Let me know if you have any questions or suggestions.
Thank you

Changelog
1.0.0 - Jul 05 2019

• Initial Release

1.1.0 - Jul 07 2019

• Fix Admincp/Modcp locked out issue
• Cleaning up codes and preparation for additional features

[BetoPho]

Issues

• Being locked out from logging into Admincp/Modcp
  This issue is fixed since v1.1.0.

[Gadget_Guy]

Thanks! Been waiting for this!

D

[stangger5]

Thanks!!

[Gadget_Guy]

I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D

[BetoPho]

Quote:

Originally Posted by Gadget_Guy

I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D

You can edit config.php, add this line to globally disabling all plugins:

PHP Code:

define('DISABLE_HOOKS', 1); 


After that, login into your Admincp, please whitelist yourself by putting your user ID into the Excluded users field. Then remove that line again to re-enable the plugins.

Can you let me know on which steps you did that made you being locked out of the Admincp?

[Gadget_Guy]

Thanks,

I was able to disable the plugins, disable, and got the site back to normal.

All I did was add the plug-in, then whenever I tried to log in to adminCP it wouldn't accept my password and it locked my account out from number of failed attempts.

No matter what I did, it wouldn't let me log in.

Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?

D

[BetoPho]

You can download the latest version, v1.1.0 and update the product, it will fix the issue.

Quote:

Originally Posted by Gadget_Guy

Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?

The main concept of this product is to prevent brute force password attack and any kind of non-human automatically trying to login via the HTML form.

Currently, vBulletin's Human Verification system only supports these type of actions: Register, Post, Search, Contact Us, and Recover Lost Password. So there won't be a way to hook Login action using vBulletin hook system.

For your question, here is the full process of how this product works:

1. User logging in;
2. The product captures reCaptcha check value from the login form and send to Google server;
3. Google checks and return the 'score' value to the product;
4. If the score is less than the defined 'human' score, we assume this is either not human or an unsafe traffic;
5. Do the provided actions (eg. redirect them to another URL).

So when the user is treated like a bot, even if the username/password combination is correct, their login will be rejected and being sent to another URL (if you choose that), making the board a little bit safer.

[Gadget_Guy]

Thanks for the explanation.

I like what you did.

I will try the updated version later this week when I can make sure I have time to test.

Much appreciated.

D

[dknelson]

I just installed it this morning. Trying about everything I can. My forum has been running for well over 10 years and though I've had the occasional registration spam, it exploded about 2 3 days ago and I've had well over a thousand since them. Hope this helps.