Activating reCAPTCHA v2 in 3.2.x

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Fri Apr 20, 2018 11:15 pm

Hi folks,

I would appreciate some guidance on this matter please. We're regularly getting spammers on our forum (http://ritepublishingforums.com which is on 3.2.1 currently), to the degree that I'm deleting folks every day. The spam countermeasures aren't working, so I would like to enable reCAPTCHA v2 as it seems to be the best option. (happy to take guidance on this if there is a better option that folks would recommend)

Registering for reCAPTCHA v2, it gives me instructions as follows:

1. Paste this snippet before the closing </head> tag on your HTML template: <and then details follow as to what to paste in>

2. Paste this snippet at the end of the <form> where you want the reCAPTCHA widget to appear: <and then details follow as to what to paste in>

That's fine, but I don't know where the 'HTML template' or the '<form>' live.

Can anyone tell me simply:
1. where does the template live (where I should be looking)?
2. where does the registration form live?
3. if I wanted to force people to re-validate for every post (this is a very infrequently used board), how could I accomplish this please?

Thanks in advance,

Bruce

User avatar
</Solidjeuh>
Registered User
Posts: 901
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Activating reCAPTCHA v2 in 3.2.x

Post by </Solidjeuh> » Fri Apr 20, 2018 11:28 pm

You don't need it. All you need is the API code.
Wij promoten UW muziek in ons forum & delen alles via Sociale media!
Muziek wordt ook toegevoegd in de playlist van
textradio.be!
Mail uw single + hoesje + info naar: info@muziekpromo.net of Solidjeuh@textradio.be
===============
Onze Website: https://www.muziekpromo.net

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Fri Apr 20, 2018 11:48 pm

Thanks Froddelaar for the speedy response, but I don't understand "All you need is the API code."

I've registered on Google for reCAPTCHA v2.
I've put the public and private key into the Spambot Countermeasures on the Administration Control Panel of the forum.
However, nothing happens.
If I try to register as a new user to test this, it defaults back to GD image, not to reCAPTCHA. In other words, it doesn't 'stick'.

Can you explain further please?

Cheers,

Bruce

User avatar
</Solidjeuh>
Registered User
Posts: 901
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Activating reCAPTCHA v2 in 3.2.x

Post by </Solidjeuh> » Fri Apr 20, 2018 11:50 pm

After you submitted the codes, you need to choose the recaptcha option again in acp. Then it will work.
Wij promoten UW muziek in ons forum & delen alles via Sociale media!
Muziek wordt ook toegevoegd in de playlist van
textradio.be!
Mail uw single + hoesje + info naar: info@muziekpromo.net of Solidjeuh@textradio.be
===============
Onze Website: https://www.muziekpromo.net

SlobberySam
Registered User
Posts: 20
Joined: Fri Mar 23, 2018 7:13 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by SlobberySam » Sat Apr 21, 2018 12:16 am

Additionally, using a unique question for user registration may be a worthy alternative as even humans can find capatchas pesky. This can be something relevant to your board that can't be immediately found on an engine such as Google, but should not be a simple mathematical operation.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49324
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Activating reCAPTCHA v2 in 3.2.x

Post by stevemaury » Sat Apr 21, 2018 12:29 am

What spam countermeasures are you using that you find ineffective? Because some of the provided ones, used properly, are better than Recaptcha.

The URL you give currently returns:
403: Forbidden

This error message is generated when the web server is trying to access a file that does not exist or has been configured incorrectly


Troubleshooting suggestions:

Ensure that you have a valid home page defined in your website directory (example: /htdocs/index.html, /htdocs/index.php). On Unix, this is case sensitive and must be all lower case.

In your Account Manager, under Hosting Tools, click to .Reset File Permissions..
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Sat Apr 21, 2018 8:24 am

Sorry stevemaury, I didn't provide the complete forum URL. My apologies. It is http://www.ritepublishingforums.com/forums/.

Even since my initial post, I've had a new user that I've had to prune because his very first post was spam. This is typically what happens. I think it's not just that people are manually registering, and then using them to post spam; it's also that people are using bots to register. Anyway, one problem at a time ....

I've done as Froddelaar suggested
Froddelaar wrote:
Fri Apr 20, 2018 11:50 pm
After you submitted the codes, you need to choose the recaptcha option again in acp. Then it will work.
I went into the ACP under Spambot Countermeasures --> Available Plugins and then under Installed Plugins, I selected reCaptcha and clicked on <Submit>

The result is as follows:

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 32 bytes) in /data/17/2/157/74/2157237/user/2367703/htdocs/forums/phpbb/db/driver/driver.php on line 688

So I still have a problem. I'll look into this shortly but if anyone has any suggestions, that would be most welcome.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19706
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mick » Sat Apr 21, 2018 8:44 am

I’ve not seen that error for a long time, you need to contact your host about getting the allowed memory value in your php.ini file increased unless you can do it yourself? 64M should work.

I believe reCAPTCHA 2 has been compromised for a while unless something has been done in the last few weeks to fix it? A properly set up Q&A captcha with a Q&A that can’t be Googled will stop 99% of spam attempts and setting a threshold of one (on moderation queue) in the newly registered user settings will stop the other 1%. There are some interesting anti-spam extensions if you have a look in the extensions forums. I realise this isn’t fixing your issue but at least you have good options.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Sat Apr 21, 2018 9:11 am

Mick wrote:
Sat Apr 21, 2018 8:44 am
I’ve not seen that error for a long time, you need to contact your host about getting the allowed memory value in your php.ini file increased unless you can do it yourself? 64M should work.
Ok, I'll give that a shot.
Mick wrote:
Sat Apr 21, 2018 8:44 am
A properly set up Q&A captcha with a Q&A that can’t be Googled will stop 99% of spam attempts and setting a threshold of one (on moderation queue) in the newly registered user settings will stop the other 1%.
I tried using the Q&A option, coupled with restricting the newly registered users to only one post, but then we end up with many new users, each with one spam post. Your comment about a threshold of one "on moderation queue" is interesting. I'd like to learn more about that. If it was possible to screen users' first posts (ie: check them prior to them being visible/contaminating the boards), that would also be a valuable step forward. Could you explain further on that please?

Will report back when I've made the memory value change.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19706
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mick » Sat Apr 21, 2018 9:19 am

Putting a count of one in the newly registered user settings sounds like what you had previously. All it means is that every new user is on mod queue for their first post and you have to approve or disapprove the first post. We do that here to good effect.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Sat Apr 21, 2018 10:00 am

Ok, I've fixed the memory problem by updating the config.php file as follows:

@ini_set('memory_limit', '64M');

I then purged the cache, just in case and went back into the Administrator Control Panel and activated Captcha (without it dumping).
Captcha is now set up on the forums: http://www.ritepublishingforums.com/forums

But, it doesn't work. When attempting to register a test user, I get the following errors:

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: no suitable wrapper could be found

Hence still investigating ....

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Sat Apr 21, 2018 10:08 am

Nuts, this error looks like I need the host to sort out.
viewtopic.php?f=556&t=2414321

That's going to slow me down. For now, no one new can register. I'm okay with that - at least that means less spam users for me to delete. (sad but true)

Will be back in touch when I have an answer. I am still interested in what can be done to route all new users' posts to the moderate for review before release, but I'll need to check with one of my co-moderators before I start making changes to the site.

Thanks for all of your help so far. It's very much appreciated.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49324
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Activating reCAPTCHA v2 in 3.2.x

Post by stevemaury » Sat Apr 21, 2018 2:18 pm

If your Q&A was being bypassed, then your question was one that could be Googled. Math, famous people, geography - all things like that are no good. Use a question that is unique to your board, like:

What is the fourth word in the slogan in this Board's Header?

A: wrong

By the way, all the spam is from bots; none is from humans.

A good Q&A like that, plus a New member post limit of 1 will stop essentially ALL your spam.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

Mister_Bruce
Registered User
Posts: 19
Joined: Tue Aug 15, 2017 12:27 pm

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Mister_Bruce » Sat Apr 21, 2018 9:37 pm

stevemaury wrote:
Sat Apr 21, 2018 2:18 pm
If your Q&A was being bypassed, then your question was one that could be Googled. Math, famous people, geography - all things like that are no good. Use a question that is unique to your board, like:

What is the fourth word in the slogan in this Board's Header?

A: wrong

By the way, all the spam is from bots; none is from humans.

A good Q&A like that, plus a New member post limit of 1 will stop essentially ALL your spam.
Thanks for that stevemaury. I introduced Q&A questions like the ones you described and a New member post limit of 1 but we still ended up with numerous new users, each with one spam post. Every day I would be deleting 2-3 new users with one spam post.
That's why I thought it was time to a) try something different and b) either force posters to answer questions when they are posting to prove that they are not a bot, or revalidate via reCAPTCHA.

However, looking back at the 13 Q&A questions that we have, I think 8 of them could be answered via a Google search, and the other 5 were questions that are unique to this site. Maybe this is just not good enough.

Are you suggesting that the better answer would be to forget reCAPTCHA, remove all Q&A questions that could be answered via a Google search and see how that goes? I think this is what you are recommending.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64665
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Activating reCAPTCHA v2 in 3.2.x

Post by Lumpy Burgertushie » Sat Apr 21, 2018 9:54 pm

that is what I would recommend. and only use one Q&A. if you use more than that then if the bots solve one of them you won't know which one it was.

remember, if you can put your question into google and find even a close answer in the first 100 returns then the register bots can find it in less than a second.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

Post Reply

Return to “[3.2.x] Support Forum”

Who is online

Users browsing this forum: Beakster, BroIgnatius, jefmcg, Mick, new.new, thunderchero and 32 guests