Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Enhanced Captcha Image Verification - stop bots from signing up!! Details »
Enhanced Captcha Image Verification - stop bots from signing up!!
Mod Version: 1.11, by steadicamop (Member) steadicamop is offline
Developer Last Online: Dec 2014 I like it Show Printable Version Email this Page

vB Version: 3.6.8 Rating: (63 votes - 4.89 average) Installs: 870
Released: 26 Nov 2006 Last Update: 27 Nov 2006 Downloads: 4752
Not Supported Uses Plugins Template Edits Additional Files  

Title : Enhanced Captcha Image Verification

Version : 1.1

Coder : Andy Calderbank & Jason Williams

Purpose
: Add extra Image Verification to the registration process, using an alternative system to the Captcha system.

Why : It would appear that spammers can now "read" the Captcha codes and overcome the verification process.

How : This extra feature uses images which are harder for a spam program/bot to interpret than text characters. The user has a choice of 4 randomly displayed images, and the answer is given below. The user must click on that image to proceed, if the incorrect image is selected an error message is shown. The images are randomly shown (from however many are in the directory - you can have as many as you want, just has to be more that 4!) and are automatically created from the images/verification/ directory - all on the fly. Sample images are included with this release, but you can use your own - I recommend using 100 x 100 pixels, in .jpg format and naming the image with a meaningful title (ie A House.jpg) - the extension is stripped so only the filename itself is shown.

To further enhance security, the images are passed through a script which means that none of the images on the screen have file names - and cannot be associated to the question by title alone.

I have been testing this on my forum and have found it to be effective - I cannot guarantee that this will stop all spamming, but this relies more on human input than a computer "reading" the image.

Important : This has been tested on 3.6.2 - I cannot guarantee it will work on anything above, please test with caution - and as always BACKUP FIRST! This will not work on anything below 3.6.0.

Demo : http://www.steadiforum.com/register.php

I hope this is help to the VBulletin community as I know this is a growing problem. I don't fancy the thought of trawling through hundreds of new members deleting stupid usernames and spam posts.

Installation :
  1. Upload the verification/ directory to your images/ folder - make sure .htaccess and show.php are present - otherwise it won't work.
  2. Import Product - product-image_verification.xml

Upgrading :
  1. Upload show.php to the images/verification/ directory.
  2. Import Product - product-image_verification.xml - select Allow Overwrite to enable upgrade.

Requirements : GD Libraries installed

File uploads : 39 (including images)
Files to Import : 1
New Templates : 1
New Phrases : 5
Uses Hooks : 1
New Queries : 0

History :
v1.0 - Original release
v1.01 - Slight code change for forums in sub-directories (thanks go to Barakat for solving this one)
v1.1 - Issue resolved with Windows servers also template clean up for xhtml compliance
v1.11 - Added version check function, minor upgrade.

Done - if you like please click install! (and I won't ask for any donations as long as you click Nominate for MOTM!)

Don't forget you don't have to use the provided images - you can customise these to any you wish - I've used ones that are hopefully universal and everyone will recognise.

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	imageverification1.jpg
Views:	8581
Size:	36.6 KB
ID:	56611   Click image for larger version

Name:	imageverification2.jpg
Views:	4472
Size:	24.5 KB
ID:	56612  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Miscellaneous Hacks Enhanced Image Captcha - Stop bots from signing up! steadicamop vBulletin 3.7 Add-ons 165 21 May 2015 00:36

  #46  
Old 27 Nov 2006, 13:35
jmke jmke is offline
 
Join Date: May 2002
Installed and working fine,

http://www.madshrimps.be/vbulletin/register.php

thanks a lot for this!
__________________
The Madshrimps HW site!

Last edited by jmke; 21 Jun 2007 at 07:54.
Reply With Quote
  #47  
Old 27 Nov 2006, 15:08
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Real name: Jason Williams
Looking good - you know you don't have to use _ between words, just name the file and include spaces, the script reads the files as they are and displays the answer as shown in the filename.
Reply With Quote
  #48  
Old 27 Nov 2006, 22:01
guvner guvner is offline
 
Join Date: Mar 2003
Real name: Mike
Great hack - thank you very much - working well on 3.6.3 (patched to .4)

Once question - how would I be able to make the image phrase bold - i.e.

Bart Simpson instead of Bart Simpson - can't find the phrases anywhere so I'm guessing your script draws them from the image title?

Mike
Reply With Quote
  #49  
Old 28 Nov 2006, 05:00
beishe8 beishe8 is offline
 
Join Date: Nov 2005
Originally Posted by steadicamop View Post
Then you should be good to go - all this does is stop the directory from being listed.
Thanks Jason !
Reply With Quote
  #50  
Old 28 Nov 2006, 08:38
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Real name: Jason Williams
Originally Posted by guvner View Post
Great hack - thank you very much - working well on 3.6.3 (patched to .4)

Once question - how would I be able to make the image phrase bold - i.e.

Bart Simpson instead of Bart Simpson - can't find the phrases anywhere so I'm guessing your script draws them from the image title?

Mike
This will sort that -

AdminCP -> Styles & Templates -> Style Manager -> [the style you use] -> Edit Templates

Find the image_verification template and open that, look for this code


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and replace with this


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just tried that out and it works fine for me.

HTH

Jason
Reply With Quote
  #51  
Old 28 Nov 2006, 09:32
tazping2000 tazping2000 is offline
 
Join Date: Apr 2006
Figured out my problemo. It appears one of the pictures didn't upload for some reason, so must have confused it.

Fully working now. Thanks a lot
Reply With Quote
  #52  
Old 28 Nov 2006, 19:10
guvner guvner is offline
 
Join Date: Mar 2003
Real name: Mike
Originally Posted by steadicamop View Post
This will sort that
Thanks - that did it
Reply With Quote
  #53  
Old 28 Nov 2006, 21:21
jonathang jonathang is offline
 
Join Date: Jan 2006
I installed the plugin on vB 3.6.3. When I try to run it I get the following two error messages:

Warning: dir(images/verification/): failed to open dir: No such file or directory in /register.php(202) : eval()'d code on line 6

Fatal error: Call to a member function on a non-object in /[path]/forum/register.php(202) : eval()'d code on line 7


Seems like maybe I installed the "verification/" dir in the wrong place. I first put it in my "wp-includes/images/" dir, but it produced the error messages shown above. Then I created an "images/" dir in the home dir of my vB installation and moved the "verification/" dir into it. Same error messages. Should I put the "verification/" dir elsewhere or is something else causing the problem here?

Thanks.
Reply With Quote
  #54  
Old 29 Nov 2006, 00:31
Bounce's Avatar
Bounce Bounce is offline
 
Join Date: Mar 2004
Real name: J
installed on 3.6.4,working a treat ..

thank you

Originally Posted by jonathang View Post
Should I put the "verification/" dir elsewhere or is something else causing the problem here?

Thanks.
upload JUST the "images" folder within the Image Verification file to your /forums/images folder
__________________
Thanks for your help

J
Reply With Quote
  #55  
Old 29 Nov 2006, 01:03
John_Shaft John_Shaft is offline
 
Join Date: Mar 2006
The longer term problem, as I see it...

Steadi, first of all I commend you on a great effort to defeat the (to me) tremendously growing problem of spam wrecking forums.

Originally Posted by steadicamop View Post
I can't comment on this hack as I haven't installed or tested it - although I feel that a text based version could be defeated - this is why I created this one, using images that only real people can interpret.
Originally Posted by steadicamop View Post
I don't see how a peice of software can read what an image is - yes it can understand text but how would it know that it's a picture of an aeroplane, or a car, or a person, or a banana .....
Ah, but there's the rub. _It doesn't have to_. A real person isn't at all needed to defeat it.

I was thinking of installing this (as I need a solution from somewhere) but I see an inherent problem with this that will surely allow it to be defeated with absolute ease, should it ever reach the popularity that it's worth spending a little time (and that's all it would take) to deal with it.

Quite simply, it doesn't need to be programmed to read the image or anything complicated like that. It has four pictures of which it has to click the right one to proceed. The easy way to beat it is to code the bot to just click on images, and go back and repeatedly click on images, until it reaches the accepted part of the page (birthdate or whatever). As there's only four images it's going to do it in a handfull of tries.

Whether they get around to coding that I don't know, but if they do it's instantly sunk as far as I can see.

The one way I can see to deal with bots doing that is to have the user type in the name of a single image (i.e. "cloud"). That's why captcha is a tougher problem (even though it's beaten atm) because there's a massive amount of inputs that need to be tried, rather than just "pick a number, 1 to 4".

Has this occured to you, or do you just believe they won't specifically target your hack, even if it gets popular?
Reply With Quote
  #56  
Old 29 Nov 2006, 01:09
jonathang jonathang is offline
 
Join Date: Jan 2006
hiBEES,

Right you are, and thanks. Turns out I installed it in my WordPress installation instead of vBulletin. Now I've installed it in the right place and it works fine.

Reply With Quote
  #57  
Old 29 Nov 2006, 08:42
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Real name: Jason Williams
Originally Posted by John_Shaft View Post
Steadi, first of all I commend you on a great effort to defeat the (to me) tremendously growing problem of spam wrecking forums.





Ah, but there's the rub. _It doesn't have to_. A real person isn't at all needed to defeat it.

I was thinking of installing this (as I need a solution from somewhere) but I see an inherent problem with this that will surely allow it to be defeated with absolute ease, should it ever reach the popularity that it's worth spending a little time (and that's all it would take) to deal with it.

Quite simply, it doesn't need to be programmed to read the image or anything complicated like that. It has four pictures of which it has to click the right one to proceed. The easy way to beat it is to code the bot to just click on images, and go back and repeatedly click on images, until it reaches the accepted part of the page (birthdate or whatever). As there's only four images it's going to do it in a handfull of tries.

Whether they get around to coding that I don't know, but if they do it's instantly sunk as far as I can see.

The one way I can see to deal with bots doing that is to have the user type in the name of a single image (i.e. "cloud"). That's why captcha is a tougher problem (even though it's beaten atm) because there's a massive amount of inputs that need to be tried, rather than just "pick a number, 1 to 4".

Has this occured to you, or do you just believe they won't specifically target your hack, even if it gets popular?
I understand that no matter how hard you make the security - it will be cracked eventually - I'm working on making this slightly more harder for bots, it will give you four attempts to get it right then it locks you out from using the register page for a set amount of time (I was thinking of 24 hours) - I do realise that repeat clicking, going back and clicking again will eventually find the correct one - but for me this has stopped bots signing up - I'm working on making it more secure with different measures.

I appreciate your feedback.

Jason
Reply With Quote
  #58  
Old 29 Nov 2006, 10:29
pete_brady pete_brady is offline
 
Join Date: Mar 2002
thanks for this hack - I installed it yesterday, so far no spam signups. one question - is there a log kept anywhere of failed attempts?

regarding whether it can be cracked or not - sure, it probably can. But the object of the exercise is to defeat automated software, so perhaps introducing more randomness is what's needed rather than any one approach. For example, sometimes you ask for an image to be identified, sometimes you ask a simple arithmetic question, sometimes you need a picture clicked on... introducing more random aspects like this would make it increasingly difficult to program a bot for. I think.
__________________
thumped.com
Reply With Quote
  #59  
Old 29 Nov 2006, 12:31
steadicamop's Avatar
steadicamop steadicamop is offline
 
Join Date: Jul 2004
Real name: Jason Williams
There isn't any log of failed attempts - it may be something I can work into an update, I like your suggestion, something even more random to confuse bots.

Cheers

Jason
Reply With Quote
  #60  
Old 29 Nov 2006, 22:56
el fuego el fuego is offline
 
Join Date: Mar 2006
Could you have it re-order the 4 pictures each time they are presented? So that a click on image #1 would sometimes be correct and sometimes not? Also have the required image name be changed. For instance, one time it asks for the butterfly, the next it may ask for the soccer ball (randomly of course), and each time it changes both the question, and the location of the proper response?
Possibly also expand the hack to include many more possible images, but only randomly choose 4 at a time to display.
Along with your idea of a 24hr lock out for "x" amount of wrong answers, this could be a formidable hack.

I'm no coder... so I have no idea how hard this would be. But it seems to me that this randomness would keep the Bots at bay for quite some time.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 20:30.

Layout Options | Width: Wide Color: