Page 1 of 3

[3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sat Apr 14, 2018 10:08 am
by HiFiKabin
Extension Name: Obscure Registration Code Image
Author: HiFiKabin

Extension Description: Adds a Java Script encoded code at the foot of your forum to allow you to have a totally SPAMbot free registration system. The fact that humans will find it easy to read does not mean that SPAMbots will. The JaveScript encoding and additional SPAMbot field in the ACP will make it harder for them. The code is not shown to logged on users as they have no use for it.

What this Extension is not: It is NOT a stand alone anti SPAM signup Extension, it NEEDS to be used in conjunction with the built in Q&A CAPTCHA with the code as the ONLY correct answer.

Notes: The user needs to have JavaScript enabled to read the registration code. Should a user have JS disabled there is a warning telling them that they need to switch it on to view the code. The user can copy/paste the code direct to the registration page.


Extension Setup:
  1. Enable the extension and using the Random Code Generator supplied on the Extensions Configuration page create a random string then add it in the "Registration Code" field.
  2. Again using the Random Code Generator change both "ChangeMe"s to something different to the above code, as well as different from each other.
  3. Then go to the Spambot Countermeasures part of the ACP and configure the Q&A CAPTCHA.
  4. Administration Control Panel (ACP) > Spambot countermeasures> Installed plugins > click the dropdown box and select Q&A (it will be greyed out)
  5. Click the configure button then click add
  6. Add the question "What is the Registration Code shown at the bottom of the forum?"
  7. Add the answer which is the code you used in step 1 above
  8. Repeat for each language you have installed on the board, with the answer EXACTLY the same as stage 4
  9. Set "Strict Check" to "yes" to ensure the code is entered EXACTLY as displayed
  10. Click submit
  11. Click "back to previous page" then click "back"
  12. Select Q&A from the dropdown box (again)
  13. Click submit at the bottom of the page.
  14. Done.
Language:
  • EN
Extension Version: 1.0.0-RC6 (if you are updating from RC1 or earlier, please disable and delete data before installing this version)

Supported Styles:
  • prosilver
Screenshots:

Image

Image Image

Image Image



Live Demo : https://time.hifikabin.me.uk/

Installation:
  • Download the latest release and unzip it.
  • Upload the folder hifikabin to root/ext/ and enable it in the ACP
Download: https://phpbb.hifikabin.me.uk/viewtopic.php?f=3&t=153

Support:

The contact us link at the bottom of this Forum or This Topic

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sat Apr 14, 2018 10:09 am
by HiFiKabin
FAQ

I can see the code, why can't bots?
  • The JavaScript Encoding and additional SPAMbot Security Field make it harder for them.
It's not working
  • Ensure the code in this extension and the Q&A CAPTCHA are the same and that the Q&A CAPTCHA is active
I can't see the link
  • View your forum as a guest. Logged in users have no use for the code, so can not see it. If you have switched the Background Colour off, you may need to change the font colour from the default.
Do I have to use a Password Generator to create a password?
  • Of course not, but that is my recommendation. Should you really want a word based answer, please avoid common nouns, colours, numbers etc. These are the defaults that SPAMbots are already programmed with. A phrase like "Elephants eat Custard" is an example of good word based answer (obviously do not use this example)
Do I have to change "ChangeMe"?
  • No, but I highly recommend that you do. The more variations there are out there, the more problems BOT programmers will have. To avoid conflicts with existing code in the phpBB core, please use a random password generator such as this Secure Password Generator making sure you select LETTERS only in this instance.
I have several languages on my forum, how do I configure it?
  • Set a question for each language saying the same as the suggested text (translated of course) and the answer will be the code you have set for the default language.
Will this stop Human Spammers?
  • No. This code is for humans to read, so human SPAMmers can alse read it
Will this be the solution for SPAMbots forever?
  • I doubt it, but keep your fingers crossed. The most likely reason that SPAMbots will be able to join your forum with this extension enabled is either a week Registration Code or your code has been programmed into the latest SPAMbots. Just change your code (In both places remember) and that should solve the problem. SPAMbot programmers are getting more clever every day, but I have several ideas should this happen.
How do I know it will work?
  • It is based on my Obscure Contact Us script and I have had no automatically generated SPAM emails for years and years.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 10:03 am
by HiFiKabin
1.0.0-RC3 now available Image

Slight code changes, new language string in ACP. The preview shows in a grey box should the Background Colour be disabled.

To Update from previous version:
  • Download the latest release and unzip it.
  • Disable Obscure Registration Code in the ACP
  • Delete obscureregistrationcode folder from the server
  • Upload the folder hifikabin to root/ext/
  • Enable it in the ACP
NOTE: If you are updating from RC1 or earlier, please disable and delete data before installing this version

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 10:50 am
by remoss
Great extension, works like a charm :)

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 11:06 am
by HiFiKabin
Great to hear that.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 11:55 am
by martti
How is this any secure? A bot can simply copy the code to the input-field.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 12:28 pm
by Mick
If you want to see it as a bot sees it check it with one of the bot selections in a user switcher, most browsers have them.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 1:06 pm
by HiFiKabin
martti wrote:
Sun Apr 15, 2018 11:55 am
How is this any secure? A bot can simply copy the code to the input-field.
As I have said in the FAQ, this is based on my Obscure Contact Us ext and I have had zero automated spam emails in years and years.

From the screenshot you can see the orc div is in the visible code but the code it self is not.

Image

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 1:35 pm
by martti
HiFiKabin wrote:
Sun Apr 15, 2018 1:06 pm
As I have said in the FAQ, this is based on my Obscure Contact Us ext and I have had zero automated spam emails in years and years.
That doesn't mean it's safe. It was just unique to your forum or not widespread used. Nobody with bad intention took interest. If you release an extension like this it could become more interesting for meanies to add a simple copying code to an existing bot. That wouldn't take long.
wrote:
Sun Apr 15, 2018 1:06 pm
From the screenshot you can see the orc div is in the visible code but the code it self is not.
The code is in fact more obscure to users than a robot. Enter orc in the Javascript console of the browser at the registration page in your demo-board and you get the code: gwFEK8n3ALt4BvQFFf

Try in the console on the register page:

Code: Select all

if (typeof orc !== 'undefined'){ document.getElementById('answer').value = orc; }
And the answer is set.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 4:00 pm
by HiFiKabin
I am not saying its bot proof, no more than the original RAC from phpBB2 days was. NOTHING is 100% bot proof but it will stop them for now. Its just an alternative solution for people to use.

Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 4:41 pm
by martti
HiFiKabin wrote:
Sun Apr 15, 2018 4:00 pm
I am not saying its bot proof, no more than the original RAC from phpBB2 days was.
What is RAC?
HiFiKabin wrote:
Sun Apr 15, 2018 4:00 pm
Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.
I had a look at "Obscure Contact Us" and I'm sorry to say this far worse than the Contact Form. Specifically, bots are scanning for mail adresses online and here it is given away for free, in plain text, nothing obscure, even complete with a mailto: link. With the standard Contact Form the mailing address is not given away. In a Contact Form bots might send you spam, but they don't have your mailing address (and sell it on the black market), so they can only spam you through the contact form (wich can be potentially improved with a challenge).

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 4:52 pm
by HiFiKabin
martti wrote:
Sun Apr 15, 2018 4:41 pm
HiFiKabin wrote:
Sun Apr 15, 2018 4:00 pm
I am not saying its bot proof, no more than the original RAC from phpBB2 days was.
What is RAC?
The forerunner of the Q&A CAPTCHA
martti wrote:
Sun Apr 15, 2018 4:41 pm
HiFiKabin wrote:
Sun Apr 15, 2018 4:00 pm
Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.
I had a look at "Obscure Contact Us" and I'm sorry to say this far worse than the Contact Form. Specifically, bots are scanning for mail adresses online and here it is given away for free, in plain text, nothing obscure, even complete with a mailto: link. With the standard Contact Form the mailing address is not given away. In a Contact Form bots might send you spam, but they don't have your mailing address (and sell it on the black market), so they can only spam you through the contact form (wich can be potentially improved with a challenge).
... which is why I get SPAM from the inbuilt "contact us" form and ZERO SPAM from Obscure Contact Us?

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 5:15 pm
by brunoais
For what I could notice, this is very easy to break through for a bot. For what I understood, the code is written on the <script> tag that is in the hidden div.

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 5:19 pm
by JimA
I think the key here is that bots are not programmed for these types of codes yet. Anything a human can reasonably solve will eventually be figured out by bots as well. No CAPTCHA or anti-spam solution is forever. If it was, it would get to the point of it being too difficult for humans.

For now, this way of "hiding" the div for bots seems effective for some that tested it. Obviously, if you have a different experience, that would be good to hear as some changes to the extension or different extensions would need to be made. I guess that is the reason as well for posting it in here, so that people can test and share their experiences using it. :)

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Posted: Sun Apr 15, 2018 6:06 pm
by martti
HiFiKabin wrote:
Sun Apr 15, 2018 4:52 pm
... which is why I get SPAM from the inbuilt "contact us" form and ZERO SPAM from Obscure Contact Us?
When you disable the Contact Form, you don't get spam from it anymore. That's true. You've blocked this type of robots. But other robots will find your mail address and sell it to spammers who'll keep it forever. Of course, basic email spam protection got a lot better since a few years thanks to DKIM. Nevertheless, if you put your address on the net in the open, expect spam. If you experience spam from the "Contact Us" form it's better to add a challenge to filter out the machines from the humans. (Captcha, Q&A)