Captcha plus reCaptcha

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Scam Warning
Post Reply
weber2
Registered User
Posts: 1
Joined: Tue Jan 14, 2020 3:54 am

Captcha plus reCaptcha

Post by weber2 »

We know that the Q&A captcha, with a good question, works a treat for stopping spambot registrations. And when it stops working, we just find another question. But our hosting service requires us to use Google's reCaptcha, ever since (they claim) a spamming service hijacked our forum and used it to send out bulk spam (invisibly to us).

We have just upgraded to phpBB 3.3.0. We had great hopes for the invisible variant of Google's reCaptcha v2. But it is painfully obvious that invisible reCaptcha is not stopping spambots from registering, any more than was its visible predecessor. So we dearly want to go back to Q&A captcha, but our hosting service wants reCaptcha.

So in desperation, yesterday I learned just enough about php scripts and phpBB templates to be dangerous. :o I modified the following files to make invisible reCaptcha work in addition to whatever captcha we choose in the admin control panel, i.e. Q&A.
<forum>/includes/ucp/ucp_register.php
<forum>/styles/prosilver/template/ucp_register.html

I'll be happy to attach the modified files as soon as I have permission to do so. (This is my first post).

Of course we have to use the ACP to configure both Q&A and reCaptcha, but in the end we choose only Q&A while still getting both Q&A and invisible reCaptcha, as demonstrated by the reCaptcha badge in the bottom right corner of the window. You can see this working by clicking "Register" then "Accept" on my forum here.

I'm hoping someone here can make a proper job of it and turn it into an Extension. From what little I've learned, I think that will require a new EVENT to be added to the template ucp_register.html just after the conditional INCLUDE of the existing single captcha.

I had hoped that my modifications would allow any two captchas to be used together (with the second one hardwired in the script). But when I used Q&A followed by "simple image" captcha (nogd), instead of reCaptcha, I found that the image would not appear. So it seems the authors of the phpBB choice-of-captcha scheme, or the authors of specific captchas, may not have considered that two captchas might operate at the same time. However it seems to work with reCaptcha being the hard-wired one, possibly because it's invisible.

User avatar
John connor
Registered User
Posts: 2418
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Captcha plus reCaptcha

Post by John connor »

A board being hijacked has absolutely, unequivocally NOTHING to do with a simple captcha. A captcha can help with a board from getting spam posts from a spam bot, but if you're hijacked that's at the server level.

Also, Google's BS Recaptcha is an utter hell to solve sometimes especially if you use a non Chrome of Firefox browser. I personally use Pale Moon and no matter how many puzzles I solve it will never allow me to submit a form. But I use Firefox or Chrome and it's either one puzzle or none at all. This is called browser discrimination. To make matters worse, website's sniff the user agent and will give you hell based on your UA. That's why I forge mine to make it look like I use Win 10 and the latest FF. :lol: So in a nutshell, users should refrain from using the popular commonplace Google BS Recaptcha if you want to allow users who chose to use different browser to get in.

Check out the sortables captcha extension linked in my signuture. I have personally seen it work in my access logs. Also check out the contact administrator extension that will utilize the sortables captcha for possible spammers spamming your Contact us link.

As to the hijacking, your host doesn't know anything. To suggest a simple captcha is going to stop someone at the network layer is absurd. You should look into CloudFlare, look into Ninjafirewall and CIDRAM. I talk about those on my forum linked in my signature here.

Who's your host BTW?

edit


Your server IP has been scanning the Internet for some reason. https://viz.greynoise.io/ip/103.16.128.204

You may have been turned into a zombie or something to do with your host. I'd ask and show them that link. If your cPanel has a virus scanner option, scan the entire FTP directory. And/or download your FTP public_html folder, zip the files and upload it to Virus Total. Great thing about Virus total is that they get malware samples from the U.S Cyber Command.

Post Reply

Return to “Extension Requests”