vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=327350

[BetoPho] reCaptcha v3 Login Integration
by BetoPho
04 Jul 2019 18:43

2 Attachment(s)
There are several requests to make this around the forum, so I guess I would contribute one.

Product Information
Provide reCaptcha intergration for vBulletin 4's login process that can check for bots or unsafe traffics using Google's famous reCaptcha engine.

Main Features
  • Ultilizing reCaptcha v3 advantages: invisible checks that can determine how safe a user/traffic is, from very likely human to very likely bot, using reCaptcha's 'score' system.
  • Performing specific actions to unsafe users/traffics, reject the login or redirect to another URL.
  • Bad traffic users captured by the product will just be displayed with an invalid login screen.
  • Ability to exclude users that won't be checked by reCaptcha.
  • Lightweight and easy to configure.
  • Simple installation: Install - Get reCaptcha keys - Configure the action - Done.

Future Versions Planning
  • Expanding integration with other forum sections, like thread/post posting, PM, album, etc.
  • Expanding integration with other activities, like register, search, page viewing, etc.
  • Combining suport with reCaptcha v2, adding additional layer of human verification, for example, only when reCaptcha v3 detected likely unsafe traffic, verification form from v2 will show for the user to verify.
  • Admincp Dashboard to view all failed login attemps captured by reCaptcha.
  • Support for vBulletin 3 & 5.
  • You name it.

Details
  • Files upload: none
  • Plugins: 6
  • Templates: 3 (2 templates, 1 CSS template)
  • Phrases: 2

Instructions
  1. (Preparation) Have your reCaptcha v3 keys ready first. reCaptcha homepage.
  2. Import the product XML file using Product section.
  3. Go to Options > [BetoPho] reCaptcha Integration.
  4. Insert the keys first (this product won't work without the keys).
  5. Configure and start using.

Additional Instructions
  1. To check if automatic template works, after putting the keys and configuring everything, view the homepage source (with the login form) as a Guest user and search for this code:

    Block Disabled:      (Update License Status)  
    Suspended or Unlicensed Members Cannot View Code.

    If found, it's good. If not found, it means you are using modified templates/style.
  2. In case it's not found, modify the template with the login form (usually 'header' template, might be other one depends on your style), search for the login form:

    Block Disabled:      (Update License Status)  
    Suspended or Unlicensed Members Cannot View Code.

    When found, insert the product code in the #1 section into anywhere inside of the form. For example, it will look like this:

    Block Disabled:      (Update License Status)  
    Suspended or Unlicensed Members Cannot View Code.

    Then it will work.

Let me know if you have any questions or suggestions.
Thank you :)

Changelog
1.0.0 - Jul 05 2019
  • Initial Release
1.1.0 - Jul 07 2019
  • Fix Admincp/Modcp locked out issue
  • Cleaning up codes and preparation for additional features

BetoPho 04 Jul 2019 18:48

Issues
  • Being locked out from logging into Admincp/Modcp
    This issue is fixed since v1.1.0.

Gadget_Guy 05 Jul 2019 01:35

Thanks! Been waiting for this!

D

stangger5 05 Jul 2019 02:24

Thanks!!

Gadget_Guy 05 Jul 2019 23:17

I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D

BetoPho 06 Jul 2019 00:31

Quote:

Originally Posted by Gadget_Guy (Post 2599730)
I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D

You can edit config.php, add this line to globally disabling all plugins:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

After that, login into your Admincp, please whitelist yourself by putting your user ID into the Excluded users field. Then remove that line again to re-enable the plugins.

Can you let me know on which steps you did that made you being locked out of the Admincp?

Gadget_Guy 06 Jul 2019 14:21

Thanks,

I was able to disable the plugins, disable, and got the site back to normal.

All I did was add the plug-in, then whenever I tried to log in to adminCP it wouldn't accept my password and it locked my account out from number of failed attempts.

No matter what I did, it wouldn't let me log in.


Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?

D

BetoPho 06 Jul 2019 18:00

You can download the latest version, v1.1.0 and update the product, it will fix the issue.

Quote:

Originally Posted by Gadget_Guy (Post 2599736)
Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?

The main concept of this product is to prevent brute force password attack and any kind of non-human automatically trying to login via the HTML form.

Currently, vBulletin's Human Verification system only supports these type of actions: Register, Post, Search, Contact Us, and Recover Lost Password. So there won't be a way to hook Login action using vBulletin hook system.

For your question, here is the full process of how this product works:
  1. User logging in;
  2. The product captures reCaptcha check value from the login form and send to Google server;
  3. Google checks and return the 'score' value to the product;
  4. If the score is less than the defined 'human' score, we assume this is either not human or an unsafe traffic;
  5. Do the provided actions (eg. redirect them to another URL).

So when the user is treated like a bot, even if the username/password combination is correct, their login will be rejected and being sent to another URL (if you choose that), making the board a little bit safer.

Gadget_Guy 08 Jul 2019 01:15

Thanks for the explanation.

I like what you did.

I will try the updated version later this week when I can make sure I have time to test.

Much appreciated.

D

dknelson 28 Jul 2019 12:34

I just installed it this morning. Trying about everything I can. My forum has been running for well over 10 years and though I've had the occasional registration spam, it exploded about 2 3 days ago and I've had well over a thousand since them. Hope this helps.

dknelson 28 Jul 2019 13:12

I have this installed. I checked the code from the registration page and it is indeed present.

My question is how do I set the "Human Verification Settings" under Options in the control panel. I I select "ReCaptcha", it shows my KEYS but when I try to register, it says "Image not Selected Properly" or so something like that. Do I just turn off all verification under Options?

BetoPho 28 Jul 2019 20:35

Quote:

Originally Posted by dknelson (Post 2599993)
I have this installed. I checked the code from the registration page and it is indeed present.

My question is how do I set the "Human Verification Settings" under Options in the control panel. I I select "ReCaptcha", it shows my KEYS but when I try to register, it says "Image not Selected Properly" or so something like that. Do I just turn off all verification under Options?

The product currently does not integrate with vBulletin native Human Verification system, as the system doesn't support Captcha check for login.

For now, the product is intended to prevent bot logins, which could partly solve the issues you're having, since it's no use for bots to just registered but unable to post. I will add integration support to vBulletin Human Verification system on another future version.

dknelson 28 Jul 2019 20:43

I understand. So should I turn off all the native Human Verification settings or does this not interfere with it?

BetoPho 28 Jul 2019 21:20

You don't have to turn it off, this product will work safely together with vBulletin native verification system :)

dknelson 28 Jul 2019 22:10

Thanks. I have it installed but honestly don't know if it's doing anything or not. If it is supposed to stop spam registrations, it doesn't seem to help much. Will give it a few days.


All times are GMT. The time now is 15:08.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.