you guys want to prevent spambots from registering?

Post by **DarkAuron** » Sat 10 Jun, 2006 2:00 am

Why not "what color is this image?" and have it a color that's almost solid, but has a mix of different tones to it. There'd be a textfield that you'd type in the color. I don't know a bot that would be able to figure that out..

elfprince13 · Post by **elfprince13** » Sat 10 Jun, 2006 2:39 am

DarkAuron wrote:Why not "what color is this image?" and have it a color that's almost solid, but has a mix of different tones to it. There'd be a textfield that you'd type in the color. I don't know a bot that would be able to figure that out..

if they can do OCR, they can do this. And I just though of how to make it incredibly difficult for a bot to hit up.

anykey · Post by **anykey** » Sat 10 Jun, 2006 3:09 pm

Typing in the color would prove difficult, since one color could have many names associated with it (violet, purple). A bot would have no problem figuring it out, and colorblind users would hate you forever.

elfprince13 · Post by **elfprince13** » Sun 11 Jun, 2006 7:05 am

anyway, I just finished this project, and it has an even better way of telling if a bot skipped the registration page: it keeps track of the session IDs which have visited the registration page.

http://rancidmoose.unitedti.org/members ... v1.0.0.zip

Code: Select all

############################################################## 
## MOD Title: eXtreme Antispam
## MOD Author: rancidmoose < elfprince13@gmail.com > (Thomas Dickerson) http://rancidmoose.unitedti.org 
## MOD Description: Prevents spambots from registering on your site 
## MOD Version: 1.0.0 
## 
## Installation Level: (Intermediate) 
## Installation Time: 10 Minutes 
## Files To Edit: templates/subSilver/profile_add_body.tpl, 
##      includes/usercp_register.php 
## Included Files: (antispam.php, includes/antispam_img.php, includes/antispam_test.php, admin/admin_antispam.php, templates/subSilver/antispam_select.tpl, templates/subSilver/admin/admin_main_antispam.tpl, templates/subSilver/admin/admin_edit_antispam.tpl, images/antispam/) 
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2 
############################################################## 
## For security purposes, please check: http://www.phpbb.com/mods/ 
## for the latest version of this MOD. Although MODs are checked 
## before being allowed in the MODs Database there is no guarantee 
## that there are no security problems within the MOD. No support 
## will be given for MODs not found within the MODs Database which 
## can be found at http://www.phpbb.com/mods/ 
############################################################## 
## Author Notes: 
## 
##all images should be uploaded to the images/antispam/ directory
##
##
############################################################## 
## MOD History: 
##
##   2006-06-09 - Version 1.0.0 
##      - fixed templating in includes/antispam_test.php.
##   2006-06-09 - Version 0.9.0 
##      - caught bug with pic1 and num1 getting confused while generating test.
##   2006-06-09 - Version 0.8.0 
##      - added script to prevent database from getting clogged.
##   2006-11-09 - Version 0.7.0 
##      - removed several possible exploits on the registration page.
##   2006-9-09 - Version 0.6.0 
##      - added javascript based test
##   2006-06-09 - Version 0.5.0 
##      - improved validation of registration form input
##   2006-05-09 - Version 0.4.0 
##      - templated admin interface
##   2006-05-09 - Version 0.3.0 
##      - integrated into registration script
##   2006-05-09 - Version 0.2.0 
##      - added functionality to admin interface
##   2006-05-09 - Version 0.1.0 
##      - created admin interface 
## 
############################################################## 
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
############################################################## 

# 
#-----[ SQL ]------------------------------------------ 
# 
CREATE TABLE `phpbb_antispam` (
  `Filename` varchar(32) NOT NULL default '',
  `Option1` varchar(32) NOT NULL default '',
  `Option2` varchar(32) NOT NULL default '',
  `Option3` varchar(32) NOT NULL default '',
  `Alt-Text` varchar(32) NOT NULL default '',
  `CorrectOption` int(2) NOT NULL default '0'
) TYPE=MyISAM;

CREATE TABLE phpbb_antispam_auth (
  session_id varchar(32) NOT NULL default '',
  pic1 int(11) NOT NULL default '0',
  pic2 int(11) NOT NULL default '0',
  pic3 int(11) NOT NULL default '0',
  last_active int(11) NOT NULL default '0'
) TYPE=MyISAM;

# 
#-----[ COPY ]------------------------------------------ 
# 
copy includes/antispam_img.php to includes/antispam_img.php
copy includes/antispam_test.php to includes/antispam_test.php
copy antispam.php to antispam.php
copy admin/admin_antispam.php to admin/admin_antispam.php
copy antispam_select.tpl to antispam_select.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy images/antispam/ to images/antispam/
# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_add_body.tpl
# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr> 
	  <td class="catSides" colspan="2" height="28">&nbsp;</td>
	</tr>
	<tr> 
	  <th class="thSides" colspan="2" height="25" valign="middle">{L_PROFILE_INFO}</th>
	</tr>
	<tr> 
	  <td class="row2" colspan="2"><span class="gensmall">{L_PROFILE_INFO_NOTICE}</span></td>
	</tr>
# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 
	<!-- BEGIN switch_extreme_antispam -->
	<tr> 
	  <td class="row1"><span class="gen">Antispam image: *</span><br /><span class="gensmall"><br /> Do not edit this textbox. Instead, click the button next to it and allow that to format your input.<br />Please select the menu item represented by this picture</span></td>
	 	

	  <td class="row2"><span class="gen_med">{AS_ERROR}</span><br /><table cellspacing="1" cellpadding="4" border="0" align="center" class="forumline">
		<tr>
			<td class="row1" align="center"><input type="text" class="post" name="antispam_test" size="20" /><input type="submit" name="{GET_IDS}" value="{GET_IDS}" class="liteoption" onClick="window.open('{ID_URL}', '_antispamtest', 'HEIGHT=400,resizable=yes,WIDTH=600,scrollbars=yes');return false;" /></td>
		</tr>
		</table></td>
	</tr>
	<!-- END switch_extreme_antispam -->
# 
#-----[ OPEN ]------------------------------------------ 
# 
includes/usercp_register.php
#
#-----[ FIND ]------------------------------------------ 
#
	$passwd_sql = '';
	if ( $mode == 'editprofile' )
	{
		if ( $user_id != $userdata['user_id'] )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
		}
	}
	else if ( $mode == 'register' )
	{
		if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
		}
	}
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
	if($mode = 'register')
	{
		
		
		$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
		if ( !($result = $db->sql_query($sql)) ) {
			message_die(GENERAL_ERROR, 'Error retrieving antispam data', '', __LINE__, __FILE__, $sql);
		}
		if ( $db->sql_numrows($result) == 0){
			$banned_ip=encode_ip(getenv('REMOTE_ADDR'));

   			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $banned_ip . "')";
   			if ( !$db->sql_query($sql) )
   			{
    			message_die(GENERAL_ERROR, "Couldn't insert ban info into database", "", __LINE__, __FILE__, $sql);
   			}
   			$sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_ip = '" . $banned_ip . "'";
   			if ( !$db->sql_query($sql) )
 			{
    			message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
			}
			message_die(GENERAL_MESSAGE, "You have been banned for attempting to bypass registration.", '', __LINE__, __FILE__);

		} 
		
		$row = $db->sql_fetchrow($result);
		$nums = array($db->sql_fetchfield('pic1'),$db->sql_fetchfield('pic2'),$db->sql_fetchfield('pic3'));
		$sql = "SELECT * FROM " . $table_prefix . "antispam";
		if (!($result = $db->sql_query($sql)))
		{
			message_die(GENERAL_ERROR, 'Could not obtain antispam data', __LINE__, __FILE__, $sql);
		}
		
		$ans = array();
		for ($counter = 0; $counter<3; $counter++ ) {
			$db->sql_rowseek($nums[$counter],$result);
			$db->sql_fetchrow($result);
			$crct_option = $db->sql_fetchfield('CorrectOption') % 3 + 1;
			$option1 = $db->sql_fetchfield('Option1');
			$option2 = $db->sql_fetchfield('Option2');
			$option3 = $db->sql_fetchfield('Option3');
			$ans[$counter] = ($crct_option == 3) ? $option3 : (($crct_option == 2) ? $option2 : $option1);
		}
		
		$fans = $ans[0] . ',' . $ans[1] . ',' .$ans[2];
		if($_POST['antispam_test'] != $fans ){
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . 'You incorrectly identified one or more of the antispam images.';
		}

	}
# 
#-----[ FIND ]------------------------------------------ 
# 
		$html_status =  ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
		$bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode']  ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
		$smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies']  ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
	
		if ( $error )
		{
			$template->set_filenames(array(
				'reg_header' => 'error_body.tpl')
			);
			$template->assign_vars(array(
				'ERROR_MESSAGE' => $error_msg)
			);
			$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
		}
	
		$template->set_filenames(array(
			'body' => 'profile_add_body.tpl')
		);
	
		if ( $mode == 'editprofile' )
		{
			$template->assign_block_vars('switch_edit_profile', array());
		}
	
		if ( ($mode == 'register') || ($board_config['allow_namechange']) )
		{
			$template->assign_block_vars('switch_namechange_allowed', array());
		}
		else
		{
			$template->assign_block_vars('switch_namechange_disallowed', array());
		}
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
	
	//eXtreme Visual Confirmation
	if ( $mode == 'register' )
	{
		$sql = 'SELECT * FROM ' . $table_prefix . 'antispam';
		if (!($result = $db->sql_query($sql)))
		{
			message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
		}
		$num_antispam_entries = $db->sql_numrows($result);
		if($num_antispam_entries != 0)
		{
			$max = ($num_antispam_entries - 1);
			mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
			$num1 = mt_rand(0, $max);
			$num2 = mt_rand(0, $max);
			$num3 = mt_rand(0, $max);
			
			$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
			if (!($result = $db->sql_query($sql)))
			{
				message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
			}
			if($db->sql_numrows($result) == 0){
				$sql = "INSERT INTO " . $table_prefix . "antispam_auth(session_id,pic1,pic2,pic3,last_active) VALUES ('" . $userdata['session_id'] . "'," . $num1 . "," . $num2 . "," . $num3 . "," . $userdata['session_time'] . ");";
			} else{
				$sql = "UPDATE " . $table_prefix . "antispam_auth SET pic1=" . $num1 . ",pic1=" . $num1 . ",pic2=" . $num2 . ",pic3=" . $num3 . ",last_active=" . $userdata['session_time'] . " WHERE session_id='" . $userdata['session_id'] . "';";
			}
			if (!($result = $db->sql_query($sql)))
			{
				message_die(GENERAL_ERROR, 'Could not set antispam data', '', __LINE__, __FILE__, $sql);
			}	
		}
		else
		{
			$as_error = 'ERROR!!! The administration has not yet added any images. Please let them know about this by emailing <a href="mailto:"' . $board_config['board_email'] . '">' . $board_config['board_email'] . '</a>';
		}
		$template->assign_block_vars('switch_extreme_antispam', array());

	}
	
# 
#-----[ FIND ]------------------------------------------ 
#
		'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
		'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
		'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
		'S_HIDDEN_FIELDS' => $s_hidden_fields,
		'S_FORM_ENCTYPE' => $form_enctype,
		'S_PROFILE_ACTION' => append_sid("profile.$phpEx")
# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 

		'IMG1' => $num1,
		'IMG2' => $num2,
		'IMG3' => $num3,
		'ID_URL' => append_sid($phpbb_root_path . "antispam.$phpEx"),
		'GET_IDS' => 'Take Antispam Test!',
		
#
#-----[ FIND ]------------------------------------------
#
if ( $coppa )
			{
				$message = $lang['COPPA'];
				$email_template = 'coppa_welcome_inactive';
			}
			else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
			{
				$message = $lang['Account_inactive'];
				$email_template = 'user_welcome_inactive';
			}
			else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
			{
				$message = $lang['Account_inactive_admin'];
				$email_template = 'admin_welcome_inactive';
			}
			else
			{
				$message = $lang['Account_added'];
				$email_template = 'user_welcome';
			}

# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 
			$sql = "DELETE FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "' OR " . $userdata['session_time'] . " - last_active >" . $board_config['session_length'] . ";";
			if( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not delete old session data from the antispam table.', '', __LINE__, __FILE__, $sql);
			}

# 
#-----[ DIY INSTRUCTIONS ]------------------------------------------ 
# 
make sure to upload at least three images (preferably more) and enter it into the antispam database from the ACP
		
# 
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ 
# 
# EoM

anykey · Post by **anykey** » Sun 11 Jun, 2006 11:37 pm

I don't know about the rest of you guys, but I'm too lazy to read all of that source code...

elfprince13 · Post by **elfprince13** » Mon 12 Jun, 2006 12:35 am

lol, thats just the mod template. <_< (EasyMod is nice...)

Post by **tr1p1ea** » Mon 12 Jun, 2006 6:39 am

Anti-bot protection is always nice, so good stuff elfprince13.

Have you recieved any response from the phpbb forums?

Post by **Patori** » Mon 12 Jun, 2006 2:12 pm

It's a good idea, but I believe that it's not enough to stop spambots....

Plus, as others have said, letter images have far more options.... meaning they would take much longer to crack....

elfprince13 · Post by **elfprince13** » Mon 12 Jun, 2006 4:52 pm

thanks tr1p. The phpbb forum response seemed to be postive on my first release, but they haven't said anything about the newest one yet.

@patori: the OCR algorithm used to crack the phpBB algorithm works with 98% accuracy. For this they first have to write the code to handle my new mod and specifically target it instead of standard phpBB. then they have 1/27 chance of getting all three correct. I'll takes 3.7% accuracy over 98% accuracy in blocking spam bots any day.