[MODDB]Better Captcha

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Sat May 27, 2006 3:16 pm

I don't think it is atm needed to add an changing background, because the background color is already changing.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

deny
Registered User
Posts: 565
Joined: Wed May 14, 2003 9:14 am
Location: Find-Ip-Address.org
Contact:

Post by deny » Sat May 27, 2006 3:21 pm

paul999 wrote: I don't think it is atm needed to add an changing background, because the background color is already changing.


I know but i think that with couple images as background is more difficult to defeace it.I think that using a couple images as background is more difficult than simple background changing without images.
Some example where something can be done to improve can be seen on

http://sam.zoy.org/pwntcha/

For example on link above as good Captcha are at bottom line:

ICQ
MVN Forum
Screenname
Yahoo!
Geolocation of any IP address including detection of hostname,
browser, country and country code with ip address range web tool.

IP Address Locator | Email Tracking | IP Address | Check Email

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Sat May 27, 2006 3:24 pm

I KNOW what a good captcha is, And I also now that site.
Atm I believe it´s not needed to add an changing background. Maybe later.
If you want it, write it by yourself, I will not add it atm.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

deny
Registered User
Posts: 565
Joined: Wed May 14, 2003 9:14 am
Location: Find-Ip-Address.org
Contact:

Post by deny » Sat May 27, 2006 3:28 pm

paul999 wrote: I KNOW what a good captcha is, And I also now that site.
Atm I believe it´s not needed to add an changing background. Maybe later.
If you want it, write it by yourself, I will not add it atm.


Do not take it personally.I tried to suggest and open some unknown doors(for some people) that could improve this mod.
Geolocation of any IP address including detection of hostname,
browser, country and country code with ip address range web tool.

IP Address Locator | Email Tracking | IP Address | Check Email

User avatar
Remix_88
Registered User
Posts: 46
Joined: Wed Apr 23, 2003 12:52 pm
Location: Hampshire, UK

Post by Remix_88 » Tue May 30, 2006 10:29 am

I also do not believe that either the original captcha from paul999 or my modified version have been defeated. If it had been you would not be seeing one or two failed registration attempts but hundreds.

It is possible that a script is being used to make remote registrations more efficient for the spammer, but that a real human is sat behind the script to interpret the captcha codes. Therefore the field hidding mod you are using is playing an important supporting role here.

I also do not think that adding additional backgrounds is required right now, and here is why. I have done some basic image grabbing, contrast shifting and edge detection on both paul999's original and my modified captcha. This process always makes at least one of the, usually more, randomly positioned background characters prominent therefore any automated process would subsequently be entering an invalid confirmation code.

It is true this may will not last, but for now I feel it is sufficient. As an information security analyst and researcher I am happy to protect my site registrations using the code I submitted earlier in this topic.

If I see confirmed reports that this captcha is defeated then I will be sure to modifiy the captcha at that time. If anyone does find PoC which can beat this captcha please let me know.
Regards, Remix_88.

deny
Registered User
Posts: 565
Joined: Wed May 14, 2003 9:14 am
Location: Find-Ip-Address.org
Contact:

Post by deny » Tue May 30, 2006 10:48 am

Remix_88 you try simple to ignore facts.
Website field is hidden by registration forms and this captcha has been used.
Even if you see only one banned member/ip it means that they can bypass this captcha with some kind of aut. tools/script or whatever and try to submit their site (furthermore i use some other addon as scanning proxy and that's reason that they are only few).
But because website field is not visible they have been caught and banned (it prove that they did not submitted their site manually but automatically).
It simple prove that they are tools/script that can bypass this captcha.
And it simple prove that this captcha is already defeated with their tools.

btw

One more this morning
General Error Message:

banned<br /><br /><b><u>DEBUG MODE</u></b><br /><br />Line : 139<br />File :
usercp_register.php


IP: 220.67.114.183
USER: Anonymous

FORM:
Array
(
[website] => http://www.sexcom-xxx.com
[mode] => register
[submit] => Submit
[yim] =>
[hideonline] => 0
[msn] =>
[email] => huykmigh@mail.ru
[icq] =>
[agreed] => true
[allowhtml] => 1
[confirm_code] => J11314
[password_confirm] => jeeonkegvs
[confirm_id] => 94a81d8cd281c25df13e71140ab16cdb
[notifypm] => 0
[dateformat] => D M d, Y H:i
[timezone] => -9
[language] => english
[allowbbcode] => 1
[interests] =>
[location] =>
[style] => 1
[popup_pm] => 0
[viewemail] => 0
[occupation] =>
[new_password] => jeeonkegvs
[aim] =>
[username] => qicwgqx
[coppa] => 0
[attachsig] => 1
[notifyreply] => 0
[signature] =>
[allowsmilies] => 1
)
Geolocation of any IP address including detection of hostname,
browser, country and country code with ip address range web tool.

IP Address Locator | Email Tracking | IP Address | Check Email

marvuk
Registered User
Posts: 15
Joined: Sat Jan 28, 2006 11:20 am
Contact:

Post by marvuk » Tue Jun 13, 2006 10:06 pm

Brilliant mod, thanks very much 8)

bullet-worm
Registered User
Posts: 11
Joined: Fri Sep 03, 2004 6:01 pm

Post by bullet-worm » Thu Jun 22, 2006 8:45 pm

I am having difficulties with this mod. Any assistance would be helpful.

I am running phpBB 2.0.17 and PHP 4.4.2 but all I am getting is a 'missing image' indicator where the image should be.

I have made the appropriate change to profile.php, and have uploaded the files as per the instructions. I have also verified (via the same code used in the catcha php file), that GD2 is indeed loaded (and it is not defaulting back to the original 'confirm' captcha scripting).

I also disabled GD2 and it indeed did start showing the original captchas without problems.

However, as soon as I re-enable GD2, all I get is the broken image placeholder.

Any suggestions or ideas what could be wrong?

Thanks

Danny

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Fri Jun 23, 2006 12:23 pm

What is the url of your forum?
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

bullet-worm
Registered User
Posts: 11
Joined: Fri Sep 03, 2004 6:01 pm

Post by bullet-worm » Fri Jun 23, 2006 5:01 pm

I am trying it on:

www.wormsworld.net/forums/

I have it set up right now. No one can register right now because of it, but that is okay since 75% of new registrants was spam.

Thanks!

Danny

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Fri Jun 23, 2006 5:10 pm

Ehm, do you has modify includes/usercp_captcha.php? Because I got some weird errors:

Code: Select all

ID found
Warning: Cannot modify header information - headers already sent by (output started at C:\www\worm\forums\includes\usercp_captcha.php:33) in C:\www\worm\forums\includes\usercp_captcha.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at C:\www\worm\forums\includes\usercp_captcha.php:33) in C:\www\worm\forums\includes\usercp_captcha.php on line 87
Fonts: 11
Fatal error: Call to undefined function:  dss_rand() in C:\www\worm\forums\includes\usercp_captcha.php on line 101
So I think you has modify him ;)


EDIT: I already know the problem. You aren't using phpbb 2.0.20 or higher, whats required by this mod ;)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

akreider
Registered User
Posts: 9
Joined: Tue May 09, 2006 11:47 pm

Post by akreider » Mon Jun 26, 2006 9:38 pm

Does this work with 2.0.21? I tried it and the confirmation image didn't show up.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Tue Jun 27, 2006 9:54 am

Yes, it works with >= 2.0.20
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

akreider
Registered User
Posts: 9
Joined: Tue May 09, 2006 11:47 pm

Post by akreider » Tue Jun 27, 2006 6:47 pm

The error I'm now getting is that my entire registration page is coming up blank (the one that asks if you are older than 13).

I'm using PHP 4.4.2

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25466
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul » Wed Jun 28, 2006 7:53 am

I think you has make a mistake in usercp_register.php. Try to mod him again :)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

Locked

Return to “[2.0.x] MODs in Development”