Page 2 of 3

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Sat Mar 28, 2009 10:30 pm
by Tizabet
Xor the image with itself shifted one pixel to the side. Then assume black for each pixel that's touching ANY black. (ie: in photoshop, filters>other>minimum with 1px)

Sorry.

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Mon Mar 30, 2009 1:42 am
by zaphodb777
Edited for admission...

You are right, I re-read, and you hit the nail on the head.

Now, I need to do some changing for sure.

Switching off registration as soon as I begin to see spam.

Working on a new process for this.

Zap. :?

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Mon Mar 30, 2009 5:35 am
by zaphodb777
I made a "tire patch" version of the non-GD CAPTCHA, that while harder on the eyes, requires more processing to get the plaintext out.

Will continue working on either an applet (Which I think now has some security flaws as keying the cipher would be hard to do in such a way the local user couldn't snag the key. Maybe something non-invertable, or tearsheet OTP based.), or perhaps an animated .gif version. Since in either case at no one time would the whole of the captcha be visible or capturable, I believe this is the route to go.

Zap. "Chrome Dome is Orbiting Henhouse for your protection."

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Thu Apr 16, 2009 3:00 pm
by sospammed
holy sh*t, this stuff makes my eyes and mind explode - so I guess, it should work! ;-)
But I wonder if it isn't too much of a burden for new users?

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Thu Apr 16, 2009 3:33 pm
by momentum
I've made sure that new users can easily contact me should they have any problems with registration. So far I've had no complaints through any of the three boards I run, all of which use CASPER.

Craig.

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Thu Apr 16, 2009 10:43 pm
by DennyW
I see good points, and bad points on this. I think new users may just pass by because of it. But, if they really want to join, the email method is good. How ever, if you just set the board to the admin has to approve registration, isn't this just as good ? I don't know, just throwing a few things to think about. :) Good work though...

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Thu Apr 16, 2009 11:47 pm
by momentum
All of the boards I manage are running Admin activation. It didn't stop dozens of spamBOTs from registering, even if their accounts were never activated. In fact it got to the point where the activation emails became annoying.

Craig.

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Thu Apr 16, 2009 11:57 pm
by DennyW
Craig, I did this for them pesky BOTS:
Go to users and groups, custom profile field, and create something that has to be done by a person, as in you must click, or choose something, with NO default settings to skip over. That seems to be working. Of course, I can't say on here how I set it up...hahaha. :) I watched as about 10 of them were trying, and I got no signups, so far...Knock on wood... :lol:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Fri Apr 17, 2009 12:08 am
by momentum
I've always used a custom profile field (location) but the BOTs managed to fill that. I then added another field (first name) and the BOTs still kept coming. Both fields are still in use on all three boards.

Craig.

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Fri Apr 17, 2009 6:31 am
by zaphodb777
BTW, the one you see in the demo now is the hardest of 3 to see, but also the hardest of the 3 versions to crack. All 3 versions are in the .7z now, and if you want to try the weakest, and easiest one, go ahead. It will still be good till they actually put a graphics pre-processor on the front end of an OCR bot.

The 3rd version you see when you hit the demo URL is super-nasty to both bots and people, and may not be processable into a OCRable image.

And craig, I bet you are still running the original, easy on eyes version with great sucess. If ya want, post your URL for it so people can see it's not so cruel as the one I have up.

Will also work on modding the page on the script with a static display of the 3 levels of the old script.

But someday, soon I hope, once ZB Block is running good, I will be able to devote time to the actual development of the first beta of C.A.S.P.E.R. .

Zap :)

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Fri Apr 17, 2009 11:07 pm
by zaphodb777
As promised, I have put demos of all 3 variants of backscatter for phpBB3 on the C.A.S.P.E.R. page, with a conceptual preview of CASPER itself.

Here it is... http://www.spambotsecurity.com/casper.php

Zap :)

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Fri Apr 17, 2009 11:15 pm
by DennyW
Mine that I have added, seem to be holding them off so far. I watched while one tried for about 10 minutes, then finally left... :lol:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Sat Apr 18, 2009 8:42 am
by zaphodb777
It's fun, in a evil sort of way, watching bots beat their head against this.

Just musing and realizing their CPUs are heating up, and power meters pulling the full ~125 watts a hungry cpu needs...

and knowing while they are frying themselves trying hundreds of different methods of OCR, for each presentation, during that time, they aren't attacking any other sites...

Just gives me a real cheap thrill. And the more people who use it, the bigger the thrill.

Zap :twisted:

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Sun Apr 19, 2009 5:18 am
by onehundredandtwo
Interesting website. :)

Have any spambots actually made it past your CAPTCHA yet or only human spammers?

It took me about 3 times to get there but I was able to register on your board - maybe something a little bit more readable? (BTW I am on a laptop.)

Interesting site though, something to deter spammers. :)

onehundredandtwo.

Re: [Beta] CASPER - phpBB3 Drop-in CAPTCHA mod.

Posted: Sun Apr 19, 2009 5:36 pm
by zaphodb777
0 Spambots. Human registrants seem to come through. No human spammers though. Craig's board seems to have quite a few humans go through it.

The nice thing about phpBB CAPTCHA for most folks is a one time thing, unless they flub their password 3 times on my board. My mod just makes the captcha TOUGH (I still want to produce CASPER though).

Someone will crack it again someday, and I hope the person that does privately notifies me of the vuln. unlike the last one did, with the first verion of the mod. But as far as I know, the easy to see variant 1 still hasn't had any bots get through it.

Zap

P.S. It has to be hard for humans, or it will be easy for spambots... CASPER however, might fix this, it uses temporal effects to keep any one screen grab from containing the whole of the code.