Image verification really sucks

Discussion in 'Forum Suggestions' started by langer, Jan 10, 2006.

  1. langer

    langer New Member

    Hi. Sorry that this is my 1st post, but I just signed up and it took 5 attempts. I could only sign up once there was no doubt if I was being presented with a capital "H" or capital "K". The image verification makes these 2 letters indistinguishable - you may wish to remove them from the available characters.

    Cheers!

    Nicholas
     
  2. falko

    falko Super Moderator Howtoforge Staff

    I think this is normal. I myself had this problem dozens of times on other sites where I couldn't distinguish between 1 and l or o and 0...
    But there's nothing you can do about it if you don't want to open up all your forms to spam robots... :(
     
  3. Belicoso_Fino

    Belicoso_Fino New Member

    I agree with this. I run a vBulletin site and I am planning to upgrade from 3.5.3 to 3.6.5 to overcome this problem. A much better image verification exists in the 3.6.x train.
     
  4. edge

    edge Active Member Moderator

    What I do not get is how they are still postig spam on this forum?

    I know that "captcha" is hacked, but are that many programs allready using this "captcha" hack?

    Also.. It looks like most spam is always in the ISPconfig forum... Why is this?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Its really abit strange that nearly all spam is in the ISPconfig general forum. maybe they scan for the word "General" in the forum name?

    Another possibility might be that these spams are from poeple paid for re3gistering to a forum and spamming and not from bots??
     
  6. Belicoso_Fino

    Belicoso_Fino New Member

    I have the same problem, but the script kiddies can bypass captcha and other "anti-spam" measures...I have installed them all.

    After going to a captcha-based image verification system, my spam registrations went from 10-15 a day to 1-3 a day immediately. It works, but it's not perfect.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    Which vBulletin version do you use?
     
  8. Belicoso_Fino

    Belicoso_Fino New Member

    I run a heaivily modded vB 3.5.3.
     
  9. falko

    falko Super Moderator Howtoforge Staff

    I've read that the captcha has become more difficult to crack in vBulletin 3.6. But we're using 3.5.4.
     
  10. alexillsley

    alexillsley New Member

    I run a phpbb forum and it gets quite a bit of spam so i made a little filter and searches there profile for dogy websites and intrests becuase most spam bots are stupid enough to put that in there profile, and it has been very effective:)
     
  11. falko

    falko Super Moderator Howtoforge Staff

    Can you post how you did that? Might be interesting for users who run a phpbb forum. :)
     
  12. alexillsley

    alexillsley New Member

    Sure, nice to give something back here :)

    Should i post it here or write it as a how to?
     
  13. falko

    falko Super Moderator Howtoforge Staff

    Post it here. :)
     
  14. sjau

    sjau Local Meanie Moderator

    I still think you should run your own captcha program... not one provided by vbulletin because the more people use the same system the more interesting it becomes to hack... however if you are the only one using a certain captcha who would bother to hack it?
     
  15. alexillsley

    alexillsley New Member

    This post will hopefully stop spammers from signing up on your phpbb forum. Just follow the steps below:

    1. First open the file in the phpbb root, /includes/usercp_register.php

    2. Find this part in the script:
    PHP:
        else if ( $mode == 'register' )
        {
            if ( empty(
    $username) || empty($new_password) || empty($password_confirm) || empty($email) )
            {
                
    $error TRUE;
                
    $error_msg .= ( ( isset($error_msg) ) ? '<br />' '' ) . $lang['Fields_empty'];
            }
    3. Now add the following exactly below it:

    PHP:
    // ----  check not a dogy user ------
    // By Alex Illsley 2006
    // www.fireproductions.co.uk

    function user_dogy_check($word) {
    if(
    stristr(strtolower($_POST['occupation']), $word)) { return "TRUE"; }
    if(
    stristr(strtolower($_POST['interests']), $word)){ return "TRUE"; }
    if(
    stristr(strtolower($_POST['website']), $word)) { return "TRUE"; }

    }

    if (
    user_dogy_check("sex"
    OR 
    user_dogy_check("anal"
    OR 
    user_dogy_check("****"
    OR 
    user_dogy_check("tramadol")
    OR 
    user_dogy_check("pharm")
    OR 
    user_dogy_check("viagra"
    OR 
    user_dogy_check("dating")
    OR 
    user_dogy_check("nude")) 
    $error=TRUE$error_msg .= ( ( isset($error_msg) ) ? '<br />' '' ) . "Dogy User Profile, ACCESS DENIED!"; }

    // CHECK END 

    I also made my own PHP capatcha aswell for my phpbb forum, i get like no spam bots now.

    I hope this helps someone,
    Alex
     
  16. sjau

    sjau Local Meanie Moderator

    another spambot wave hits the forums here... I'm still of the opinion that an own verification service/captcha service would be better because adaptation will be less likely...

    Once you hack the default vb mechanisms you can spam on ever vb board that uses those ones.

    Although it might very well be, that the registration of accs is done manually and once the acc is confirmed use the spambots.
     
  17. TheRudy

    TheRudy Member

    The never ending war :)

    I'm went over lots of CAPTCHAs including my own and none of them was so successfull as the one i'm using now. recaptcha.net, its free, its for a good cause and so far its not been beatable by a OCR.

    You even have it set for this forum: http://www.vbulletin.org/forum/showthread.php?t=151824

    Of course sometimes spammers do get over this protection by using real people to post spam.
     
    Last edited: Jun 7, 2008

Share This Page