[rc2] eXtreme Antispambot registration mod.

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

[rc2] eXtreme Antispambot registration mod.

Post by rancidmoose » Fri Jun 09, 2006 2:12 am

this is not your typical "edit the variable names" script.

Instead Im adding a fully customizable visual confirmation that actually requires a human to register.

It displays an image out of a database and the registree must identify it out of several options. However to prevent spambots from smartening up and learning which options correspond to which pictures, this comes with an administrative interface that allows you to add and remove your own pictures making it fully customizable.

I have completed the administrative interface and am finishing up the changes to the registration page.
Last edited by rancidmoose on Sun Jul 16, 2006 1:35 am, edited 5 times in total.

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Fri Jun 09, 2006 6:00 am

sorry about the double post.

anyway, I finished coding the MOD, but its getting late so Im just going to post a few screenies of it and go make the beta template file in the morning.

Image

Image

slater101
Registered User
Posts: 33
Joined: Mon Jun 05, 2006 10:01 am
Location: Florida, USA
Contact:

Post by slater101 » Fri Jun 09, 2006 8:53 am

GREAT MOD

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Fri Jun 09, 2006 12:15 pm

Thanks.

I just realised one problem with this mod that will let spam bots register with a 1/3 accuracy.

Im currently assigning each option a number, and then checking which number they send. This means a spam bot will never see the different options and can just guess with a 1/3 accuracy which option to use.

Instead, Im going to have it actually send the text of the option and check that instead.

[edit]

fixed.

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Fri Jun 09, 2006 1:57 pm

[edit]

see below
Last edited by rancidmoose on Sun Jun 11, 2006 6:59 am, edited 1 time in total.

User avatar
Ptirhiik
Registered User
Posts: 7411
Joined: Mon Jan 06, 2003 10:36 pm
Contact:

Post by Ptirhiik » Fri Jun 09, 2006 3:01 pm

There is one big problem here, although it is an interesting approach : how do you deal with multi-lingual board ? :).

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Fri Jun 09, 2006 3:19 pm

hmm....I will have to think about that.

markus_petrux
Former Team Member
Posts: 1887
Joined: Wed Apr 23, 2003 7:11 am
Location: Girona, Catalunya (Spain)
Contact:

Post by markus_petrux » Fri Jun 09, 2006 4:00 pm

You might want to look at KittenAuth ;)
EasyMOD Standards | MOD Template Actions | MODs in Development Rules
Useful information for MOD Authors | MOD Queue Stats | Search MODs
Write SQL/DDL portable to all SQL servers supported by phpBB!
Get EasyMOD 0.3.0! | Suport al phpBB en Català!
8)

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Fri Jun 09, 2006 5:04 pm

markus_petrux wrote: You might want to look at KittenAuth ;)


thinking of these things yourself is much more fun than reading an article and implementing it. And I dont think anybody has made that a mod for phpBB yet anyway.

markus_petrux
Former Team Member
Posts: 1887
Joined: Wed Apr 23, 2003 7:11 am
Location: Girona, Catalunya (Spain)
Contact:

Post by markus_petrux » Fri Jun 09, 2006 5:31 pm

I agree. My post was related to the multi-lingual issue commented by Ptirhiik above. KittenAuth is based on images, so I'm just pointing out an idea. ;)
EasyMOD Standards | MOD Template Actions | MODs in Development Rules
Useful information for MOD Authors | MOD Queue Stats | Search MODs
Write SQL/DDL portable to all SQL servers supported by phpBB!
Get EasyMOD 0.3.0! | Suport al phpBB en Català!
8)

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Sat Jun 10, 2006 12:41 am

here are the 2 issues I want to fix before I make an official release

1) add support for multilinguicity.

2) find a way to prevent the bots from getting the answer through random guessing. I have some ideas to make it harder for them to parse the page, but nothing definite yet.

[edit]

:D got #2 covered. Now to implement it :D. shouldn't be real hard.

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Sun Jun 11, 2006 1:33 am

here's the added security features (few more things to iron out coding wise....about a 15 minutes job):


1) no reference to any of the test related variables inside the registration window. Instead a button launches a small test window.

2) a database entry using session_id to keep track of who's doing what registration wise. If you try to register without having your session_id associated to a set of pictures in the database (aka you haven't visited the register page yet) you are instantly banned.

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Sun Jun 11, 2006 6:58 am

Its now ready for usage on single language boards afaik

http://rancidmoose.unitedti.org/members ... v1.0.0.zip

Code: Select all

############################################################## 
## MOD Title: eXtreme Antispam
## MOD Author: rancidmoose < elfprince13@gmail.com > (Thomas Dickerson) http://rancidmoose.unitedti.org 
## MOD Description: Prevents spambots from registering on your site 
## MOD Version: 1.0.0 
## 
## Installation Level: (Intermediate) 
## Installation Time: 10 Minutes 
## Files To Edit: templates/subSilver/profile_add_body.tpl, 
##      includes/usercp_register.php 
## Included Files: (antispam.php, includes/antispam_img.php, includes/antispam_test.php, admin/admin_antispam.php, templates/subSilver/antispam_select.tpl, templates/subSilver/admin/admin_main_antispam.tpl, templates/subSilver/admin/admin_edit_antispam.tpl, images/antispam/) 
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2 
############################################################## 
## For security purposes, please check: http://www.phpbb.com/mods/ 
## for the latest version of this MOD. Although MODs are checked 
## before being allowed in the MODs Database there is no guarantee 
## that there are no security problems within the MOD. No support 
## will be given for MODs not found within the MODs Database which 
## can be found at http://www.phpbb.com/mods/ 
############################################################## 
## Author Notes: 
## 
##all images should be uploaded to the images/antispam/ directory
##
##
############################################################## 
## MOD History: 
##
##   2006-06-09 - Version 1.0.0 
##      - fixed templating in includes/antispam_test.php.
##   2006-06-09 - Version 0.9.0 
##      - caught bug with pic1 and num1 getting confused while generating test.
##   2006-06-09 - Version 0.8.0 
##      - added script to prevent database from getting clogged.
##   2006-11-09 - Version 0.7.0 
##      - removed several possible exploits on the registration page.
##   2006-9-09 - Version 0.6.0 
##      - added javascript based test
##   2006-06-09 - Version 0.5.0 
##      - improved validation of registration form input
##   2006-05-09 - Version 0.4.0 
##      - templated admin interface
##   2006-05-09 - Version 0.3.0 
##      - integrated into registration script
##   2006-05-09 - Version 0.2.0 
##      - added functionality to admin interface
##   2006-05-09 - Version 0.1.0 
##      - created admin interface 
## 
############################################################## 
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
############################################################## 

# 
#-----[ SQL ]------------------------------------------ 
# 
CREATE TABLE `phpbb_antispam` (
  `Filename` varchar(32) NOT NULL default '',
  `Option1` varchar(32) NOT NULL default '',
  `Option2` varchar(32) NOT NULL default '',
  `Option3` varchar(32) NOT NULL default '',
  `Alt-Text` varchar(32) NOT NULL default '',
  `CorrectOption` int(2) NOT NULL default '0'
) TYPE=MyISAM;

CREATE TABLE phpbb_antispam_auth (
  session_id varchar(32) NOT NULL default '',
  pic1 int(11) NOT NULL default '0',
  pic2 int(11) NOT NULL default '0',
  pic3 int(11) NOT NULL default '0',
  last_active int(11) NOT NULL default '0'
) TYPE=MyISAM;

# 
#-----[ COPY ]------------------------------------------ 
# 
copy includes/antispam_img.php to includes/antispam_img.php
copy includes/antispam_test.php to includes/antispam_test.php
copy antispam.php to antispam.php
copy admin/admin_antispam.php to admin/admin_antispam.php
copy antispam_select.tpl to antispam_select.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy templates/subSilver/admin/admin_edit_antispam.tpl to templates/subSilver/admin/admin_edit_antispam.tpl
copy images/antispam/ to images/antispam/
# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_add_body.tpl
# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr> 
	  <td class="catSides" colspan="2" height="28">&nbsp;</td>
	</tr>
	<tr> 
	  <th class="thSides" colspan="2" height="25" valign="middle">{L_PROFILE_INFO}</th>
	</tr>
	<tr> 
	  <td class="row2" colspan="2"><span class="gensmall">{L_PROFILE_INFO_NOTICE}</span></td>
	</tr>
# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 
	<!-- BEGIN switch_extreme_antispam -->
	<tr> 
	  <td class="row1"><span class="gen">Antispam image: *</span><br /><span class="gensmall"><br /> Do not edit this textbox. Instead, click the button next to it and allow that to format your input.<br />Please select the menu item represented by this picture</span></td>
	 	

	  <td class="row2"><span class="gen_med">{AS_ERROR}</span><br /><table cellspacing="1" cellpadding="4" border="0" align="center" class="forumline">
		<tr>
			<td class="row1" align="center"><input type="text" class="post" name="antispam_test" size="20" /><input type="submit" name="{GET_IDS}" value="{GET_IDS}" class="liteoption" onClick="window.open('{ID_URL}', '_antispamtest', 'HEIGHT=400,resizable=yes,WIDTH=600,scrollbars=yes');return false;" /></td>
		</tr>
		</table></td>
	</tr>
	<!-- END switch_extreme_antispam -->
# 
#-----[ OPEN ]------------------------------------------ 
# 
includes/usercp_register.php
#
#-----[ FIND ]------------------------------------------ 
#
	$passwd_sql = '';
	if ( $mode == 'editprofile' )
	{
		if ( $user_id != $userdata['user_id'] )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
		}
	}
	else if ( $mode == 'register' )
	{
		if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
		}
	}
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
	if($mode = 'register')
	{

$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
		if ( !($result = $db->sql_query($sql)) ) {
			message_die(GENERAL_ERROR, 'Error retrieving antispam data', '', __LINE__, __FILE__, $sql);
		}
		if ( $db->sql_numrows($result) == 0){
			$banned_ip=encode_ip(getenv('REMOTE_ADDR'));

   			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $banned_ip . "')";
   			if ( !$db->sql_query($sql) )
   			{
    			message_die(GENERAL_ERROR, "Couldn't insert ban info into database", "", __LINE__, __FILE__, $sql);
   			}
   			$sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_ip = '" . $banned_ip . "'";
   			if ( !$db->sql_query($sql) )
 			{
    			message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
			}
			message_die(GENERAL_MESSAGE, "You have been banned for attempting to bypass registration.", '', __LINE__, __FILE__);

		} 
		
		$row = $db->sql_fetchrow($result);
		$nums = array($db->sql_fetchfield('pic1'),$db->sql_fetchfield('pic2'),$db->sql_fetchfield('pic3'));
		$sql = "SELECT * FROM " . $table_prefix . "antispam";
		if (!($result = $db->sql_query($sql)))
		{
			message_die(GENERAL_ERROR, 'Could not obtain antispam data', __LINE__, __FILE__, $sql);
		}
		
		$ans = array();
		for ($counter = 0; $counter<3; $counter++ ) {
			$db->sql_rowseek($nums[$counter],$result);
			$db->sql_fetchrow($result);
			$crct_option = $db->sql_fetchfield('CorrectOption') % 3 + 1;
			$option1 = $db->sql_fetchfield('Option1');
			$option2 = $db->sql_fetchfield('Option2');
			$option3 = $db->sql_fetchfield('Option3');
			$ans[$counter] = ($crct_option == 3) ? $option3 : (($crct_option == 2) ? $option2 : $option1);
		}
		
		$fans = $ans[0] . ',' . $ans[1] . ',' .$ans[2];
		if($_POST['antispam_test'] != $fans ){
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . 'You incorrectly identified one or more of the antispam images.';
		}

	}
# 
#-----[ FIND ]------------------------------------------ 
# 
		$html_status =  ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
		$bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode']  ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
		$smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies']  ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
	
		if ( $error )
		{
			$template->set_filenames(array(
				'reg_header' => 'error_body.tpl')
			);
			$template->assign_vars(array(
				'ERROR_MESSAGE' => $error_msg)
			);
			$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
		}
	
		$template->set_filenames(array(
			'body' => 'profile_add_body.tpl')
		);
	
		if ( $mode == 'editprofile' )
		{
			$template->assign_block_vars('switch_edit_profile', array());
		}
	
		if ( ($mode == 'register') || ($board_config['allow_namechange']) )
		{
			$template->assign_block_vars('switch_namechange_allowed', array());
		}
		else
		{
			$template->assign_block_vars('switch_namechange_disallowed', array());
		}
# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
	
	//eXtreme Visual Confirmation
	if ( $mode == 'register' )
	{
		$sql = 'SELECT * FROM ' . $table_prefix . 'antispam';
		if (!($result = $db->sql_query($sql)))
		{
			message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
		}
		$num_antispam_entries = $db->sql_numrows($result);
		if($num_antispam_entries != 0)
		{
			$max = ($num_antispam_entries - 1);
			mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
			$num1 = mt_rand(0, $max);
			$num2 = mt_rand(0, $max);
			$num3 = mt_rand(0, $max);
			
			$sql = "SELECT * FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "';";
			if (!($result = $db->sql_query($sql)))
			{
				message_die(GENERAL_ERROR, 'Could not select antispam data', '', __LINE__, __FILE__, $sql);
			}
			if($db->sql_numrows($result) == 0){
				$sql = "INSERT INTO " . $table_prefix . "antispam_auth(session_id,pic1,pic2,pic3,last_active) VALUES ('" . $userdata['session_id'] . "'," . $num1 . "," . $num2 . "," . $num3 . "," . $userdata['session_time'] . ");";
			} else{
				$sql = "UPDATE " . $table_prefix . "antispam_auth SET pic1=" . $num1 . ",pic1=" . $num1 . ",pic2=" . $num2 . ",pic3=" . $num3 . ",last_active=" . $userdata['session_time'] . " WHERE session_id='" . $userdata['session_id'] . "';";
			}
			if (!($result = $db->sql_query($sql)))
			{
				message_die(GENERAL_ERROR, 'Could not set antispam data', '', __LINE__, __FILE__, $sql);
			}	
		}
		else
		{
			$as_error = 'ERROR!!! The administration has not yet added any images. Please let them know about this by emailing <a href="mailto:"' . $board_config['board_email'] . '">' . $board_config['board_email'] . '</a>';
		}
		$template->assign_block_vars('switch_extreme_antispam', array());

	}
	
# 
#-----[ FIND ]------------------------------------------ 
#
		'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
		'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
		'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
		'S_HIDDEN_FIELDS' => $s_hidden_fields,
		'S_FORM_ENCTYPE' => $form_enctype,
		'S_PROFILE_ACTION' => append_sid("profile.$phpEx")
# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 

		'IMG1' => $num1,
		'IMG2' => $num2,
		'IMG3' => $num3,
		'ID_URL' => append_sid($phpbb_root_path . "antispam.$phpEx"),
		'GET_IDS' => 'Take Antispam Test!',
		
#
#-----[ FIND ]------------------------------------------
#
if ( $coppa )
			{
				$message = $lang['COPPA'];
				$email_template = 'coppa_welcome_inactive';
			}
			else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
			{
				$message = $lang['Account_inactive'];
				$email_template = 'user_welcome_inactive';
			}
			else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
			{
				$message = $lang['Account_inactive_admin'];
				$email_template = 'admin_welcome_inactive';
			}
			else
			{
				$message = $lang['Account_added'];
				$email_template = 'user_welcome';
			}

# 
#-----[ BEFORE, ADD ]------------------------------------------ 
# 
			$sql = "DELETE FROM " . $table_prefix . "antispam_auth WHERE session_id='" . $userdata['session_id'] . "' OR " . $userdata['session_time'] . " - last_active >" . $board_config['session_length'] . ";";
			if( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not delete old session data from the antispam table.', '', __LINE__, __FILE__, $sql);
			}

# 
#-----[ DIY INSTRUCTIONS ]------------------------------------------ 
# 
make sure to upload at least three images (preferably more) and enter it into the antispam database from the ACP
		
# 
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ 
# 
# EoM

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Mon Jun 12, 2006 1:51 am

made a quick fix to the SQL. and also noticed another issue with how the autobanning works that should be resolved before you install this on a live board.

rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Tue Jun 13, 2006 1:08 am

so...umm...yeah...

any feedback or changes you guys think I should make before releasing it?

Post Reply

Return to “[2.0.x] MODs in Development”