[Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment!
Ideas Centre
Tizabet
Registered User
Posts: 1
Joined: Sat Mar 28, 2009 10:22 pm

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by Tizabet » Sat Mar 28, 2009 10:30 pm

Xor the image with itself shifted one pixel to the side. Then assume black for each pixel that's touching ANY black. (ie: in photoshop, filters>other>minimum with 1px)

Sorry.

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Mon Mar 30, 2009 1:42 am

Edited for admission...

You are right, I re-read, and you hit the nail on the head.

Now, I need to do some changing for sure.

Switching off registration as soon as I begin to see spam.

Working on a new process for this.

Zap. :?
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Mon Mar 30, 2009 5:35 am

I made a "tire patch" version of the non-GD CAPTCHA, that while harder on the eyes, requires more processing to get the plaintext out.

Will continue working on either an applet (Which I think now has some security flaws as keying the cipher would be hard to do in such a way the local user couldn't snag the key. Maybe something non-invertable, or tearsheet OTP based.), or perhaps an animated .gif version. Since in either case at no one time would the whole of the captcha be visible or capturable, I believe this is the route to go.

Zap. "Chrome Dome is Orbiting Henhouse for your protection."
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

sospammed
Registered User
Posts: 4
Joined: Thu Apr 16, 2009 11:58 am

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by sospammed » Thu Apr 16, 2009 3:00 pm

holy sh*t, this stuff makes my eyes and mind explode - so I guess, it should work! ;-)
But I wonder if it isn't too much of a burden for new users?

momentum
Registered User
Posts: 1505
Joined: Thu Sep 20, 2007 4:07 am
Location: Melbourne, Australia

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by momentum » Thu Apr 16, 2009 3:33 pm

I've made sure that new users can easily contact me should they have any problems with registration. So far I've had no complaints through any of the three boards I run, all of which use CASPER.

Craig.
QOTY: phpBB is free, good hosting is not. - robert (Lumpy Burgertushie)

DennyW
Registered User
Posts: 210
Joined: Sun Dec 28, 2008 4:05 pm

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by DennyW » Thu Apr 16, 2009 10:43 pm

I see good points, and bad points on this. I think new users may just pass by because of it. But, if they really want to join, the email method is good. How ever, if you just set the board to the admin has to approve registration, isn't this just as good ? I don't know, just throwing a few things to think about. :) Good work though...

momentum
Registered User
Posts: 1505
Joined: Thu Sep 20, 2007 4:07 am
Location: Melbourne, Australia

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by momentum » Thu Apr 16, 2009 11:47 pm

All of the boards I manage are running Admin activation. It didn't stop dozens of spamBOTs from registering, even if their accounts were never activated. In fact it got to the point where the activation emails became annoying.

Craig.
QOTY: phpBB is free, good hosting is not. - robert (Lumpy Burgertushie)

DennyW
Registered User
Posts: 210
Joined: Sun Dec 28, 2008 4:05 pm

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by DennyW » Thu Apr 16, 2009 11:57 pm

Craig, I did this for them pesky BOTS:
Go to users and groups, custom profile field, and create something that has to be done by a person, as in you must click, or choose something, with NO default settings to skip over. That seems to be working. Of course, I can't say on here how I set it up...hahaha. :) I watched as about 10 of them were trying, and I got no signups, so far...Knock on wood... :lol:

momentum
Registered User
Posts: 1505
Joined: Thu Sep 20, 2007 4:07 am
Location: Melbourne, Australia

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by momentum » Fri Apr 17, 2009 12:08 am

I've always used a custom profile field (location) but the BOTs managed to fill that. I then added another field (first name) and the BOTs still kept coming. Both fields are still in use on all three boards.

Craig.
QOTY: phpBB is free, good hosting is not. - robert (Lumpy Burgertushie)

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Fri Apr 17, 2009 6:31 am

BTW, the one you see in the demo now is the hardest of 3 to see, but also the hardest of the 3 versions to crack. All 3 versions are in the .7z now, and if you want to try the weakest, and easiest one, go ahead. It will still be good till they actually put a graphics pre-processor on the front end of an OCR bot.

The 3rd version you see when you hit the demo URL is super-nasty to both bots and people, and may not be processable into a OCRable image.

And craig, I bet you are still running the original, easy on eyes version with great sucess. If ya want, post your URL for it so people can see it's not so cruel as the one I have up.

Will also work on modding the page on the script with a static display of the 3 levels of the old script.

But someday, soon I hope, once ZB Block is running good, I will be able to devote time to the actual development of the first beta of C.A.S.P.E.R. .

Zap :)
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Fri Apr 17, 2009 11:07 pm

As promised, I have put demos of all 3 variants of backscatter for phpBB3 on the C.A.S.P.E.R. page, with a conceptual preview of CASPER itself.

Here it is... http://www.spambotsecurity.com/casper.php

Zap :)
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

DennyW
Registered User
Posts: 210
Joined: Sun Dec 28, 2008 4:05 pm

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by DennyW » Fri Apr 17, 2009 11:15 pm

Mine that I have added, seem to be holding them off so far. I watched while one tried for about 10 minutes, then finally left... :lol:

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Sat Apr 18, 2009 8:42 am

It's fun, in a evil sort of way, watching bots beat their head against this.

Just musing and realizing their CPUs are heating up, and power meters pulling the full ~125 watts a hungry cpu needs...

and knowing while they are frying themselves trying hundreds of different methods of OCR, for each presentation, during that time, they aren't attacking any other sites...

Just gives me a real cheap thrill. And the more people who use it, the bigger the thrill.

Zap :twisted:
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by onehundredandtwo » Sun Apr 19, 2009 5:18 am

Interesting website. :)

Have any spambots actually made it past your CAPTCHA yet or only human spammers?

It took me about 3 times to get there but I was able to register on your board - maybe something a little bit more readable? (BTW I am on a laptop.)

Interesting site though, something to deter spammers. :)

onehundredandtwo.
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above

User avatar
zaphodb777
Registered User
Posts: 25
Joined: Sat Jun 07, 2008 12:40 pm
Location: Casper, Wyoming, USA (Like No Place on Earth!)
Contact:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Post by zaphodb777 » Sun Apr 19, 2009 5:36 pm

0 Spambots. Human registrants seem to come through. No human spammers though. Craig's board seems to have quite a few humans go through it.

The nice thing about phpBB CAPTCHA for most folks is a one time thing, unless they flub their password 3 times on my board. My mod just makes the captcha TOUGH (I still want to produce CASPER though).

Someone will crack it again someday, and I hope the person that does privately notifies me of the vuln. unlike the last one did, with the first verion of the mod. But as far as I know, the easy to see variant 1 still hasn't had any bots get through it.

Zap

P.S. It has to be hard for humans, or it will be easy for spambots... CASPER however, might fix this, it uses temporal effects to keep any one screen grab from containing the whole of the code.
http://www.spambotsecurity.com
The home of ZB Block PHP Website/Forum/Blog protection software.
(GNU/GPL V.2 freeware)

Locked

Return to “[3.0.x] MODs in Development”