New reCaptcha 2.0

Looking for a MOD? Have a MOD request? Post here for help. (Note: This forum is community supported; phpBB does not have official MOD authors)
Suggested Hosts
Lumen2
Registered User
Posts: 1
Joined: Sun Jun 14, 2015 6:38 am

Re: New reCaptcha 2.0

Post by Lumen2 »

I really need this
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie »

you may really want it, but you don't really need it.

the built in Q&A captcha system will work to stop 100% of the spam bots and there are rarely human spammers.

if you do get human spammers you can stop most of them with the first post or two needing approval.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
tha_specializt
Registered User
Posts: 7
Joined: Tue Mar 05, 2013 8:02 pm

Re: New reCaptcha 2.0

Post by tha_specializt »

Brf wrote:reCaptcha was broken by the spambots a couple years ago.
Sorry, thats an internet myth - it never was, is and probably never will be true since reCaptcha v1 wont be used for much longer. For example :

http://arstechnica.com/security/2012/05 ... its-knees/
About two hours before the hackers were scheduled to present the attack on Saturday at the Layer One security conference, Google engineers revamped reCAPTCHA. Suddenly, Stiltwalker, which the hackers had carefully kept under wraps, no longer worked.
So all of a sudden NINETY PERCENT accuracy drop down to zero - immediately before they need to show it to the world .... how convenient :lol:

There are a lot of claims about recaptcha being broken - like this one : http://www.alphr.com/blogs/2011/01/12/v ... z1AuRKe1mu ... but literally all of them show no proof whatsoever, even the few available scripts which claim to "crack" reCaptcha dont actually work, i've tried a few of them myself.

Typical internet forum bullshit. There have been weaknesses throughout the history of this marvelous system but literally all of them were fixed pretty swiftly - if you kept your recaptcha up to date (by using original, remote google scripts for instance) you were always acceptably protected, with only very few days of vulnerability in between. Sorry to burst your bubbles.
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 18316
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: New reCaptcha 2.0

Post by DavidIQ »

tha_specializt wrote:if you kept your recaptcha up to date (by using original, remote google scripts for instance) you were always acceptably protected, with only very few days of vulnerability in between. Sorry to burst your bubbles.
You were doing fine with your argument up to this point. You had said reCAPTCHA (v1 is what has been stated to be the reported broken one) is not broken and never was yet this statement completely contradicts that, sorry to burst YOUR bubble. ;)

Also if it was so infallible and still working then what was the point of Google coming out with version 2? Even by Google's own admission and research, they state that distorted text can be solved with 99.8% accuracy. So there is no supposed myth behind the original reCAPTCHA being broken. That is straight from the horse's mouth about it not working well anymore and part of the reason why v2 was needed.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.
potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron »

I also need a MOD for 3.0.x (not an extension as I have not migrated to 3.1.x).

There is an extension developed here for 3.1: viewtopic.php?t=2295956

Anyone to apply the change to a mode in 3.1 ? I assume it could be based on the current reCaptcha mod.

Thanks in advance. :)
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie »

there won't be any more validated MODs for 3.0

If you are using 3.0 then simply use the built in Q&A in the admin panel.

create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron »

Lumpy Burgertushie wrote:create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.
Unfortunately I cannot do that as I am using phpbb in multilingual mode. And it's not only a question of stopping spam, but on being mobile friendly. So reCaptacha is the best solution.
Surely someone can point to adapt reCaptacha MOD to reCaptcha2?
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie »

not sure why you think either one of those things keeps you from using the built in Q&A.


you have to make a question for each language that you use. can be the same question but you have to set it for each language.

this would have nothing to do with being mobile friendly/responsive.




robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New reCaptcha 2.0

Post by HiFiKabin »

Lumpy Burgertushie wrote:there won't be any more validated MODs for 3.0

If you are using 3.0 then simply use the built in Q&A in the admin panel.

create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.


robert
... or look at KeyCaptcha viewtopic.php?f=69&t=2120131&p=12948797&
User avatar
SiteSplat
Registered User
Posts: 87
Joined: Sun Sep 07, 2014 7:17 pm
Contact:

Re: New reCaptcha 2.0

Post by SiteSplat »

sector_1 wrote:Hello!

Has anyone tried to integrate new reCaptcha 2.0
How to do? Old reCaptcha was cracked and not preventing for SPAM registrations.

Thank you!

Its available here: viewtopic.php?t=2295956
- FLATBOOTS - phpBB 3.3 Flat Design - Bootstrap Framework
- Deploy an SSD cloud server in 55s. Sign up and get 2 months free.
- phpBB Community & Premium Themes & Premium Extensions
- Contact me Via PM or e-mail for Custom phpBB work and Web Development needs
🎨phpBB Professional Premium Themes🔥
User avatar
Raul [ThE KuKa]
Style Customisations
Style Customisations
Posts: 11073
Joined: Mon Dec 08, 2003 9:24 pm
Location: Spain
Name: Raul Arroyo
Contact:

Re: New reCaptcha 2.0

Post by Raul [ThE KuKa] »

For 3.0.x or 3.1.0 :?:

Dave (AKA SiteSplat) this link it is for phpBB 3.1.x ;)
All unsolicited PMs will be ignored.
:warning: Knowledge Base | Documentation | Board rules | phpBB Styles Rules & Policies | Styles Queue Stats :warning:


If you like my styles, translations, etc. and want to show some appreciation, then feel free to Donate.
:flag_es: phpBB Spain - Online Since 2003 :heart:


potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron »

Indeed, it does not seem to be any reCaptcha 2.0 mod developed for 3.0.x at the moment. :(
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie »

and since 3.0 is at end of life, there probably won't be one either.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Raul [ThE KuKa]
Style Customisations
Style Customisations
Posts: 11073
Joined: Mon Dec 08, 2003 9:24 pm
Location: Spain
Name: Raul Arroyo
Contact:

Re: New reCaptcha 2.0

Post by Raul [ThE KuKa] »

Lumpy Burgertushie wrote:and since 3.0 is at end of life, there probably won't be one either.

robert
It is true. ;)
All unsolicited PMs will be ignored.
:warning: Knowledge Base | Documentation | Board rules | phpBB Styles Rules & Policies | Styles Queue Stats :warning:


If you like my styles, translations, etc. and want to show some appreciation, then feel free to Donate.
:flag_es: phpBB Spain - Online Since 2003 :heart:


fujicoin.org
Registered User
Posts: 1
Joined: Sun Sep 06, 2015 2:32 am
Contact:

Re: New reCaptcha 2.0

Post by fujicoin.org »

I will describe how to install Google reCaptcha 2.0.

1. Get google codes from GitHub

https://github.com/google/recaptcha

2. Upload files

Upload files like this:

root@ :/var/www/phpBB3/includes/captcha/plugins# ls
autoload.php
・・・・
ReCaptcha

3. /var/www/phpBB3/styles/prosilver/template/captcha_recaptcha.html

Code: Select all

<!-- IF S_TYPE == 1 -->
<div class="panel">
	<div class="inner"><span class="corners-top"><span></span></span>

	<h3>{L_CONFIRMATION}</h3>
	<p>{L_CONFIRM_EXPLAIN}</p>

	<fieldset class="fields2">
<!-- ENDIF -->

<!-- IF S_RECAPTCHA_AVAILABLE -->
	<dl>
	<dt><label>{L_CONFIRM_CODE}</label>:<br /><span>{L_RECAPTCHA_EXPLAIN}</span></dt>
	<dd>
		<script type="text/javascript">
		// <![CDATA[
		var RecaptchaOptions = {
			lang : '{LA_RECAPTCHA_LANG}',
			theme : 'clean',
			tabindex : <!-- IF $CAPTCHA_TAB_INDEX -->{$CAPTCHA_TAB_INDEX}<!-- ELSE -->10<!-- ENDIF -->
		};
		// ]]>
		</script>
                
                <div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
                <script src='https://www.google.com/recaptcha/api.js'></script>
                
		<noscript>
		<div>
			
		</div>
		</noscript>

	</dd>
	</dl>
<!-- ELSE -->
{L_RECAPTCHA_NOT_AVAILABLE}
<!-- ENDIF -->

<!-- IF S_TYPE == 1 -->
	</fieldset>
	<span class="corners-bottom"><span></span></span></div>
</div>
<!-- ENDIF -->
4. /var/www/phpBB3/adm/style/captcha_recaptcha.html

Code: Select all

<!-- IF S_RECAPTCHA_AVAILABLE -->
	<dl>
	<dd>
		<script type="text/javascript">
		// <![CDATA[
		var RecaptchaOptions = {
			lang : '{LA_RECAPTCHA_LANG}',
			theme : 'clean'
		};
		// ]]>
		</script>
                
	        <div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
                <script src='https://www.google.com/recaptcha/api.js'></script>

	<noscript>
	<div>
	</div>
	</noscript>

	</dd>
	</dl>
<!-- ELSE -->
{L_RECAPTCHA_NOT_AVAILABLE}
<!-- ENDIF -->
5. /var/www/phpBB3/includes/captcha/plugins/phpbb_recaptcha_plugin.php

Code: Select all

@@ -22,6 +22,8 @@
 	include($phpbb_root_path . 'includes/captcha/plugins/captcha_abstract.' . $phpEx);
 }
 
+require_once 'autoload.php';
+
 /**
 * @package VC
 */
@@ -33,10 +35,11 @@
 	// We are opening a socket to port 80 of this host and send
 	// the POST request asking for verification to the path specified here.
 	var $recaptcha_verify_server = 'www.google.com';
-	var $recaptcha_verify_path = '/recaptcha/api/verify';
+        var $recaptcha_verify_path = '/recaptcha/api/siteverify';
 
 	var $challenge;
 	var $response;
+        var $g_recaptcha_response;
 
 	// PHP4 Constructor
 	function phpbb_recaptcha()
@@ -50,8 +53,7 @@
 
 		$user->add_lang('captcha_recaptcha');
 		parent::init($type);
-		$this->challenge = request_var('recaptcha_challenge_field', '');
-		$this->response = request_var('recaptcha_response_field', '');
+                $this->g_recaptcha_response = request_var('g-recaptcha-response', '');
 	}
 
 	function &get_instance()
@@ -213,80 +215,8 @@
 		}
 	}
 
-// Code from here on is based on recaptchalib.php
-/*
- * This is a PHP library that handles calling reCAPTCHA.
- *	- Documentation and latest version
- *		  http://recaptcha.net/plugins/php/
- *	- Get a reCAPTCHA API Key
- *		  http://recaptcha.net/api/getkey
- *	- Discussion group
- *		  http://groups.google.com/group/recaptcha
- *
- * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
- * AUTHORS:
- *   Mike Crawford
- *   Ben Maurer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
 
 	/**
-	* Submits an HTTP POST to a reCAPTCHA server
-	* @param string $host
-	* @param string $path
-	* @param array $data
-	* @param int port
-	* @return array response
-	*/
-	function _recaptcha_http_post($host, $path, $data, $port = 80)
-	{
-		$req = $this->_recaptcha_qsencode ($data);
-
-		$http_request  = "POST $path HTTP/1.0\r\n";
-		$http_request .= "Host: $host\r\n";
-		$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
-		$http_request .= "Content-Length: " . strlen($req) . "\r\n";
-		$http_request .= "User-Agent: reCAPTCHA/PHP/phpBB\r\n";
-		$http_request .= "\r\n";
-		$http_request .= $req;
-
-		$response = '';
-		if (false == ($fs = @fsockopen($host, $port, $errno, $errstr, 10)))
-		{
-			trigger_error('Could not open socket', E_USER_ERROR);
-		}
-
-		fwrite($fs, $http_request);
-
-		while (!feof($fs))
-		{
-			// One TCP-IP packet
-			$response .= fgets($fs, 1160);
-		}
-		fclose($fs);
-		$response = explode("\r\n\r\n", $response, 2);
-
-		return $response;
-	}
-
-	/**
 	* Calls an HTTP POST function to verify if the user's guess was correct
 	* @param array $extra_params an array of extra variables to post to the server
 	* @return ReCaptchaResponse
@@ -296,23 +226,17 @@
 		global $config, $user;
 
 		//discard spam submissions
-		if ($this->challenge == null || strlen($this->challenge) == 0 || $this->response == null || strlen($this->response) == 0)
+                if ($this->g_recaptcha_response == null || strlen($this->g_recaptcha_response) == 0 )
 		{
 			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 
-		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,
-			array(
-				'privatekey'	=> $config['recaptcha_privkey'],
-				'remoteip'		=> $user->ip,
-				'challenge'		=> $this->challenge,
-				'response'		=> $this->response
-			) + $extra_params
-		);
 
-		$answers = explode("\n", $response[1]);
 
-		if (trim($answers[0]) === 'true')
+        $recaptcha = new ReCaptcha\ReCaptcha($config['recaptcha_privkey']);
+        $resp = $recaptcha->verify($this->g_recaptcha_response, $user->ip);
+
+        if ($resp->isSuccess())
 		{
 			$this->solved = true;
 			return false;
@@ -323,23 +247,6 @@
 		}
 	}
 
-	/**
-	* Encodes the given data into a query string format
-	* @param $data - array of string elements to be encoded
-	* @return string - encoded request
-	*/
-	function _recaptcha_qsencode($data)
-	{
-		$req = '';
-		foreach ($data as $key => $value)
-		{
-			$req .= $key . '=' . urlencode(stripslashes($value)) . '&';
 		}
 
-		// Cut the last '&'
-		$req = substr($req, 0, strlen($req) - 1);
-		return $req;
-	}
-}
-
6. Clear cache

root@ # rm /var/www/phpBB3/cache/*

7. Select reCaptcha in ACP

Select reCaptcha in ACP.
In the config page, set your public and private key.

It's all, enjoy! ;)
 
Locked

Return to “[3.0.x] MOD Requests”