you guys want to prevent spambots from registering?
Moderator: MaxCoderz Staff
- elfprince13
- Sir Posts-A-Lot
- Posts: 234
- Joined: Sun 11 Dec, 2005 2:21 am
- Contact:
if they can do OCR, they can do this. And I just though of how to make it incredibly difficult for a bot to hit up.DarkAuron wrote:Why not "what color is this image?" and have it a color that's almost solid, but has a mix of different tones to it. There'd be a textfield that you'd type in the color. I don't know a bot that would be able to figure that out..
- elfprince13
- Sir Posts-A-Lot
- Posts: 234
- Joined: Sun 11 Dec, 2005 2:21 am
- Contact:
anyway, I just finished this project, and it has an even better way of telling if a bot skipped the registration page: it keeps track of the session IDs which have visited the registration page.
http://rancidmoose.unitedti.org/members ... v1.0.0.zip
http://rancidmoose.unitedti.org/members ... v1.0.0.zip
Code: Select all
##############################################################
## MOD Title: eXtreme Antispam
## MOD Author: rancidmoose < elfprince13@gmail.com > (Thomas Dickerson) http://rancidmoose.unitedti.org
## MOD Description: Prevents spambots from registering on your site
## MOD Version: 1.0.0
##
## Installation Level: (Intermediate)
## Installation Time: 10 Minutes
## Files To Edit: templates/subSilver/profile_add_body.tpl,
## includes/usercp_register.php
## Included Files: (antispam.php, includes/antispam_img.php, includes/antispam_test.php, admin/admin_antispam.php, templates/subSilver/antispam_select.tpl, templates/subSilver/admin/admin_main_antispam.tpl, templates/subSilver/admin/admin_edit_antispam.tpl, images/antispam/)
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2
##############################################################
## For security purposes, please check: http://www.phpbb.com/mods/
## for the latest version of this MOD. Although MODs are checked
## before being allowed in the MODs Database there is no guarantee
## that there are no security problems within the MOD. No support
## will be given for MODs not found within the MODs Database which
## can be found at http://www.phpbb.com/mods/
##############################################################
## Author Notes:
##
##all images should be uploaded to the images/antispam/ directory
##
##
##############################################################
## MOD History:
##
## 2006-06-09 - Version 1.0.0
## - fixed templating in includes/antispam_test.php.
## 2006-06-09 - Version 0.9.0
## - caught bug with pic1 and num1 getting confused while generating test.
## 2006-06-09 - Version 0.8.0
## - added script to prevent database from getting clogged.
## 2006-11-09 - Version 0.7.0
## - removed several possible exploits on the registration page.
## 2006-9-09 - Version 0.6.0
## - added javascript based test
## 2006-06-09 - Version 0.5.0
## - improved validation of registration form input
## 2006-05-09 - Version 0.4.0
## - templated admin interface
## 2006-05-09 - Version 0.3.0
## - integrated into registration script
## 2006-05-09 - Version 0.2.0
## - added functionality to admin interface
## 2006-05-09 - Version 0.1.0
## - created admin interface
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ SQL ]------------------------------------------
#
CREATE TABLE `phpbb_antispam` (
`Filename` varchar(32) NOT NULL default '',
`Option1` varchar(32) NOT NULL default '',
`Option2` varchar(32) NOT NULL default '',
`Option3` varchar(32) NOT NULL default '',
`Alt-Text` varchar(32) NOT NULL default '',
`CorrectOption` int(2) NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE phpbb_antispam_auth (
session_id varchar(32) NOT NULL default '',
pic1 int(11) NOT NULL default '0',
pic2 int(11) NOT NULL default '0',
pic3 int(11) NOT NULL default '0',
last_active int(11) NOT NULL default '0'
) TYPE=MyISAM;
#
#-----[ COPY ]------------------------------------------
#
copy includes/antispam_img.php to includes/antispam_img.php
copy includes/antispam_test.php to includes/antispam_test.php
copy antispam.php to antispam.php
copy admin/admin_antispam.php to admin/admin_antispam.php
copy antispam_select.tpl to antispam_select.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy images/antispam/ to images/antispam/
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/profile_add_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<tr>
<td class="catSides" colspan="2" height="28"> </td>
</tr>
<tr>
<th class="thSides" colspan="2" height="25" valign="middle">{L_PROFILE_INFO}</th>
</tr>
<tr>
<td class="row2" colspan="2"><span class="gensmall">{L_PROFILE_INFO_NOTICE}</span></td>
</tr>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
<!-- BEGIN switch_extreme_antispam -->
<tr>
<td class="row1"><span class="gen">Antispam image: *</span><br /><span class="gensmall"><br /> Do not edit this textbox. Instead, click the button next to it and allow that to format your input.<br />Please select the menu item represented by this picture</span></td>
<td class="row2"><span class="gen_med">{AS_ERROR}</span><br /><table cellspacing="1" cellpadding="4" border="0" align="center" class="forumline">
<tr>
<td class="row1" align="center"><input type="text" class="post" name="antispam_test" size="20" /><input type="submit" name="{GET_IDS}" value="{GET_IDS}" class="liteoption" onClick="window.open('{ID_URL}', '_antispamtest', 'HEIGHT=400,resizable=yes,WIDTH=600,scrollbars=yes');return false;" /></td>
</tr>
</table></td>
</tr>
<!-- END switch_extreme_antispam -->
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_register.php
#
#-----[ FIND ]------------------------------------------
#
$passwd_sql = '';
if ( $mode == 'editprofile' )
{
if ( $user_id != $userdata['user_id'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
}
}
else if ( $mode == 'register' )
{
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
}
}
#
#-----[ AFTER, ADD ]------------------------------------------
#
if($mode = 'register')
{
$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
if ( !($result = $db->sql_query($sql)) ) {
message_die(GENERAL_ERROR, 'Error retrieving antispam data', '', __LINE__, __FILE__, $sql);
}
if ( $db->sql_numrows($result) == 0){
$banned_ip=encode_ip(getenv('REMOTE_ADDR'));
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $banned_ip . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban info into database", "", __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_ip = '" . $banned_ip . "'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
}
message_die(GENERAL_MESSAGE, "You have been banned for attempting to bypass registration.", '', __LINE__, __FILE__);
}
$row = $db->sql_fetchrow($result);
$nums = array($db->sql_fetchfield('pic1'),$db->sql_fetchfield('pic2'),$db->sql_fetchfield('pic3'));
$sql = "SELECT * FROM " . $table_prefix . "antispam";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain antispam data', __LINE__, __FILE__, $sql);
}
$ans = array();
for ($counter = 0; $counter<3; $counter++ ) {
$db->sql_rowseek($nums[$counter],$result);
$db->sql_fetchrow($result);
$crct_option = $db->sql_fetchfield('CorrectOption') % 3 + 1;
$option1 = $db->sql_fetchfield('Option1');
$option2 = $db->sql_fetchfield('Option2');
$option3 = $db->sql_fetchfield('Option3');
$ans[$counter] = ($crct_option == 3) ? $option3 : (($crct_option == 2) ? $option2 : $option1);
}
$fans = $ans[0] . ',' . $ans[1] . ',' .$ans[2];
if($_POST['antispam_test'] != $fans ){
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . 'You incorrectly identified one or more of the antispam images.';
}
}
#
#-----[ FIND ]------------------------------------------
#
$html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
$bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode'] ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
$smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
if ( $error )
{
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
'ERROR_MESSAGE' => $error_msg)
);
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
$template->set_filenames(array(
'body' => 'profile_add_body.tpl')
);
if ( $mode == 'editprofile' )
{
$template->assign_block_vars('switch_edit_profile', array());
}
if ( ($mode == 'register') || ($board_config['allow_namechange']) )
{
$template->assign_block_vars('switch_namechange_allowed', array());
}
else
{
$template->assign_block_vars('switch_namechange_disallowed', array());
}
#
#-----[ AFTER, ADD ]------------------------------------------
#
//eXtreme Visual Confirmation
if ( $mode == 'register' )
{
$sql = 'SELECT * FROM ' . $table_prefix . 'antispam';
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
}
$num_antispam_entries = $db->sql_numrows($result);
if($num_antispam_entries != 0)
{
$max = ($num_antispam_entries - 1);
mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
$num1 = mt_rand(0, $max);
$num2 = mt_rand(0, $max);
$num3 = mt_rand(0, $max);
$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
}
if($db->sql_numrows($result) == 0){
$sql = "INSERT INTO " . $table_prefix . "antispam_auth(session_id,pic1,pic2,pic3,last_active) VALUES ('" . $userdata['session_id'] . "'," . $num1 . "," . $num2 . "," . $num3 . "," . $userdata['session_time'] . ");";
} else{
$sql = "UPDATE " . $table_prefix . "antispam_auth SET pic1=" . $num1 . ",pic1=" . $num1 . ",pic2=" . $num2 . ",pic3=" . $num3 . ",last_active=" . $userdata['session_time'] . " WHERE session_id='" . $userdata['session_id'] . "';";
}
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not set antispam data', '', __LINE__, __FILE__, $sql);
}
}
else
{
$as_error = 'ERROR!!! The administration has not yet added any images. Please let them know about this by emailing <a href="mailto:"' . $board_config['board_email'] . '">' . $board_config['board_email'] . '</a>';
}
$template->assign_block_vars('switch_extreme_antispam', array());
}
#
#-----[ FIND ]------------------------------------------
#
'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_FORM_ENCTYPE' => $form_enctype,
'S_PROFILE_ACTION' => append_sid("profile.$phpEx")
#
#-----[ BEFORE, ADD ]------------------------------------------
#
'IMG1' => $num1,
'IMG2' => $num2,
'IMG3' => $num3,
'ID_URL' => append_sid($phpbb_root_path . "antispam.$phpEx"),
'GET_IDS' => 'Take Antispam Test!',
#
#-----[ FIND ]------------------------------------------
#
if ( $coppa )
{
$message = $lang['COPPA'];
$email_template = 'coppa_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
{
$message = $lang['Account_inactive'];
$email_template = 'user_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$message = $lang['Account_inactive_admin'];
$email_template = 'admin_welcome_inactive';
}
else
{
$message = $lang['Account_added'];
$email_template = 'user_welcome';
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$sql = "DELETE FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "' OR " . $userdata['session_time'] . " - last_active >" . $board_config['session_length'] . ";";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not delete old session data from the antispam table.', '', __LINE__, __FILE__, $sql);
}
#
#-----[ DIY INSTRUCTIONS ]------------------------------------------
#
make sure to upload at least three images (preferably more) and enter it into the antispam database from the ACP
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
- elfprince13
- Sir Posts-A-Lot
- Posts: 234
- Joined: Sun 11 Dec, 2005 2:21 am
- Contact:
- elfprince13
- Sir Posts-A-Lot
- Posts: 234
- Joined: Sun 11 Dec, 2005 2:21 am
- Contact:
thanks tr1p. The phpbb forum response seemed to be postive on my first release, but they haven't said anything about the newest one yet.
@patori: the OCR algorithm used to crack the phpBB algorithm works with 98% accuracy. For this they first have to write the code to handle my new mod and specifically target it instead of standard phpBB. then they have 1/27 chance of getting all three correct. I'll takes 3.7% accuracy over 98% accuracy in blocking spam bots any day.
@patori: the OCR algorithm used to crack the phpBB algorithm works with 98% accuracy. For this they first have to write the code to handle my new mod and specifically target it instead of standard phpBB. then they have 1/27 chance of getting all three correct. I'll takes 3.7% accuracy over 98% accuracy in blocking spam bots any day.