New reCaptcha 2.0

Looking for a MOD? Have a MOD request? Post here for help. (Note: This forum is community supported; phpBB does not have official MOD authors)
Suggested Hosts
Lumen2
Registered User
Posts: 1
Joined: Sun Jun 14, 2015 6:38 am

Re: New reCaptcha 2.0

Post by Lumen2 » Sun Jun 14, 2015 6:45 am

I really need this

User avatar
Lumpy Burgertushie
Registered User
Posts: 63196
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie » Sun Jun 14, 2015 5:25 pm

you may really want it, but you don't really need it.

the built in Q&A captcha system will work to stop 100% of the spam bots and there are rarely human spammers.

if you do get human spammers you can stop most of them with the first post or two needing approval.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

New phpbb 3.0 support site

tha_specializt
Registered User
Posts: 7
Joined: Tue Mar 05, 2013 8:02 pm

Re: New reCaptcha 2.0

Post by tha_specializt » Thu Jul 02, 2015 9:46 am

Brf wrote:reCaptcha was broken by the spambots a couple years ago.
Sorry, thats an internet myth - it never was, is and probably never will be true since reCaptcha v1 wont be used for much longer. For example :

http://arstechnica.com/security/2012/05 ... its-knees/
About two hours before the hackers were scheduled to present the attack on Saturday at the Layer One security conference, Google engineers revamped reCAPTCHA. Suddenly, Stiltwalker, which the hackers had carefully kept under wraps, no longer worked.
So all of a sudden NINETY PERCENT accuracy drop down to zero - immediately before they need to show it to the world .... how convenient :lol:

There are a lot of claims about recaptcha being broken - like this one : http://www.alphr.com/blogs/2011/01/12/v ... z1AuRKe1mu ... but literally all of them show no proof whatsoever, even the few available scripts which claim to "crack" reCaptcha dont actually work, i've tried a few of them myself.

Typical internet forum bullshit. There have been weaknesses throughout the history of this marvelous system but literally all of them were fixed pretty swiftly - if you kept your recaptcha up to date (by using original, remote google scripts for instance) you were always acceptably protected, with only very few days of vulnerability in between. Sorry to burst your bubbles.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 16543
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: New reCaptcha 2.0

Post by DavidIQ » Sun Jul 05, 2015 1:56 pm

tha_specializt wrote:if you kept your recaptcha up to date (by using original, remote google scripts for instance) you were always acceptably protected, with only very few days of vulnerability in between. Sorry to burst your bubbles.
You were doing fine with your argument up to this point. You had said reCAPTCHA (v1 is what has been stated to be the reported broken one) is not broken and never was yet this statement completely contradicts that, sorry to burst YOUR bubble. ;)

Also if it was so infallible and still working then what was the point of Google coming out with version 2? Even by Google's own admission and research, they state that distorted text can be solved with 99.8% accuracy. So there is no supposed myth behind the original reCAPTCHA being broken. That is straight from the horse's mouth about it not working well anymore and part of the reason why v2 was needed.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.

potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron » Tue Jul 07, 2015 10:38 am

I also need a MOD for 3.0.x (not an extension as I have not migrated to 3.1.x).

There is an extension developed here for 3.1: viewtopic.php?t=2295956

Anyone to apply the change to a mode in 3.1 ? I assume it could be based on the current reCaptcha mod.

Thanks in advance. :)

User avatar
Lumpy Burgertushie
Registered User
Posts: 63196
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie » Tue Jul 07, 2015 9:46 pm

there won't be any more validated MODs for 3.0

If you are using 3.0 then simply use the built in Q&A in the admin panel.

create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

New phpbb 3.0 support site

potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron » Wed Jul 08, 2015 7:27 am

Lumpy Burgertushie wrote:create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.
Unfortunately I cannot do that as I am using phpbb in multilingual mode. And it's not only a question of stopping spam, but on being mobile friendly. So reCaptacha is the best solution.
Surely someone can point to adapt reCaptacha MOD to reCaptcha2?

User avatar
Lumpy Burgertushie
Registered User
Posts: 63196
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie » Wed Jul 08, 2015 1:52 pm

not sure why you think either one of those things keeps you from using the built in Q&A.


you have to make a question for each language that you use. can be the same question but you have to set it for each language.

this would have nothing to do with being mobile friendly/responsive.




robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

New phpbb 3.0 support site

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 2303
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New reCaptcha 2.0

Post by HiFiKabin » Wed Jul 08, 2015 3:59 pm

Lumpy Burgertushie wrote:there won't be any more validated MODs for 3.0

If you are using 3.0 then simply use the built in Q&A in the admin panel.

create one good question that the answer can not be guessed or found in google and you will stop 99.9% of the spam problems.
no multiple choice questions, no yes/no questions, no what color is" questions etc.


robert
... or look at KeyCaptcha viewtopic.php?f=69&t=2120131&p=12948797&

User avatar
SiteSplat
Registered User
Posts: 72
Joined: Sun Sep 07, 2014 7:17 pm
Contact:

Re: New reCaptcha 2.0

Post by SiteSplat » Thu Aug 20, 2015 2:49 pm

sector_1 wrote:Hello!

Has anyone tried to integrate new reCaptcha 2.0
How to do? Old reCaptcha was cracked and not preventing for SPAM registrations.

Thank you!

Its available here: viewtopic.php?t=2295956

User avatar
Raul [ThE KuKa]
Jr. Extension Validator
Posts: 3757
Joined: Mon Dec 08, 2003 9:24 pm
Location: Spain
Name: Raul Arroyo
Contact:

Re: New reCaptcha 2.0

Post by Raul [ThE KuKa] » Thu Aug 20, 2015 3:28 pm

For 3.0.x or 3.1.0 :?:

Dave (AKA SiteSplat) this link it is for phpBB 3.1.x ;)
If you like my styles, translations, etc. and want to show some appreciation, then feel free to Donate with Image
phpBB International Support Team (Spanish - Español) :flag_es: Online Since 2003
🎨phpBB Professional Premium Themes🔥
Author Translations (Spanish - Spain) :two_hearts:

:warning: I don't support those without the copyright Spanish translation. :warning:

potiron
Registered User
Posts: 61
Joined: Wed Dec 01, 2004 9:55 am

Re: New reCaptcha 2.0

Post by potiron » Fri Aug 21, 2015 10:08 am

Indeed, it does not seem to be any reCaptcha 2.0 mod developed for 3.0.x at the moment. :(

User avatar
Lumpy Burgertushie
Registered User
Posts: 63196
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New reCaptcha 2.0

Post by Lumpy Burgertushie » Fri Aug 21, 2015 2:27 pm

and since 3.0 is at end of life, there probably won't be one either.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

New phpbb 3.0 support site

User avatar
Raul [ThE KuKa]
Jr. Extension Validator
Posts: 3757
Joined: Mon Dec 08, 2003 9:24 pm
Location: Spain
Name: Raul Arroyo
Contact:

Re: New reCaptcha 2.0

Post by Raul [ThE KuKa] » Fri Aug 21, 2015 2:54 pm

Lumpy Burgertushie wrote:and since 3.0 is at end of life, there probably won't be one either.

robert
It is true. ;)
If you like my styles, translations, etc. and want to show some appreciation, then feel free to Donate with Image
phpBB International Support Team (Spanish - Español) :flag_es: Online Since 2003
🎨phpBB Professional Premium Themes🔥
Author Translations (Spanish - Spain) :two_hearts:

:warning: I don't support those without the copyright Spanish translation. :warning:

fujicoin.org
Registered User
Posts: 1
Joined: Sun Sep 06, 2015 2:32 am
Contact:

Re: New reCaptcha 2.0

Post by fujicoin.org » Wed Sep 23, 2015 6:34 am

I will describe how to install Google reCaptcha 2.0.

1. Get google codes from GitHub

https://github.com/google/recaptcha

2. Upload files

Upload files like this:

root@ :/var/www/phpBB3/includes/captcha/plugins# ls
autoload.php
・・・・
ReCaptcha

3. /var/www/phpBB3/styles/prosilver/template/captcha_recaptcha.html

Code: Select all

<!-- IF S_TYPE == 1 -->
<div class="panel">
	<div class="inner"><span class="corners-top"><span></span></span>

	<h3>{L_CONFIRMATION}</h3>
	<p>{L_CONFIRM_EXPLAIN}</p>

	<fieldset class="fields2">
<!-- ENDIF -->

<!-- IF S_RECAPTCHA_AVAILABLE -->
	<dl>
	<dt><label>{L_CONFIRM_CODE}</label>:<br /><span>{L_RECAPTCHA_EXPLAIN}</span></dt>
	<dd>
		<script type="text/javascript">
		// <![CDATA[
		var RecaptchaOptions = {
			lang : '{LA_RECAPTCHA_LANG}',
			theme : 'clean',
			tabindex : <!-- IF $CAPTCHA_TAB_INDEX -->{$CAPTCHA_TAB_INDEX}<!-- ELSE -->10<!-- ENDIF -->
		};
		// ]]>
		</script>
                
                <div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
                <script src='https://www.google.com/recaptcha/api.js'></script>
                
		<noscript>
		<div>
			
		</div>
		</noscript>

	</dd>
	</dl>
<!-- ELSE -->
{L_RECAPTCHA_NOT_AVAILABLE}
<!-- ENDIF -->

<!-- IF S_TYPE == 1 -->
	</fieldset>
	<span class="corners-bottom"><span></span></span></div>
</div>
<!-- ENDIF -->
4. /var/www/phpBB3/adm/style/captcha_recaptcha.html

Code: Select all

<!-- IF S_RECAPTCHA_AVAILABLE -->
	<dl>
	<dd>
		<script type="text/javascript">
		// <![CDATA[
		var RecaptchaOptions = {
			lang : '{LA_RECAPTCHA_LANG}',
			theme : 'clean'
		};
		// ]]>
		</script>
                
	        <div class="g-recaptcha" data-sitekey="{RECAPTCHA_PUBKEY}"></div>
                <script src='https://www.google.com/recaptcha/api.js'></script>

	<noscript>
	<div>
	</div>
	</noscript>

	</dd>
	</dl>
<!-- ELSE -->
{L_RECAPTCHA_NOT_AVAILABLE}
<!-- ENDIF -->
5. /var/www/phpBB3/includes/captcha/plugins/phpbb_recaptcha_plugin.php

Code: Select all

@@ -22,6 +22,8 @@
 	include($phpbb_root_path . 'includes/captcha/plugins/captcha_abstract.' . $phpEx);
 }
 
+require_once 'autoload.php';
+
 /**
 * @package VC
 */
@@ -33,10 +35,11 @@
 	// We are opening a socket to port 80 of this host and send
 	// the POST request asking for verification to the path specified here.
 	var $recaptcha_verify_server = 'www.google.com';
-	var $recaptcha_verify_path = '/recaptcha/api/verify';
+        var $recaptcha_verify_path = '/recaptcha/api/siteverify';
 
 	var $challenge;
 	var $response;
+        var $g_recaptcha_response;
 
 	// PHP4 Constructor
 	function phpbb_recaptcha()
@@ -50,8 +53,7 @@
 
 		$user->add_lang('captcha_recaptcha');
 		parent::init($type);
-		$this->challenge = request_var('recaptcha_challenge_field', '');
-		$this->response = request_var('recaptcha_response_field', '');
+                $this->g_recaptcha_response = request_var('g-recaptcha-response', '');
 	}
 
 	function &get_instance()
@@ -213,80 +215,8 @@
 		}
 	}
 
-// Code from here on is based on recaptchalib.php
-/*
- * This is a PHP library that handles calling reCAPTCHA.
- *	- Documentation and latest version
- *		  http://recaptcha.net/plugins/php/
- *	- Get a reCAPTCHA API Key
- *		  http://recaptcha.net/api/getkey
- *	- Discussion group
- *		  http://groups.google.com/group/recaptcha
- *
- * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
- * AUTHORS:
- *   Mike Crawford
- *   Ben Maurer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
 
 	/**
-	* Submits an HTTP POST to a reCAPTCHA server
-	* @param string $host
-	* @param string $path
-	* @param array $data
-	* @param int port
-	* @return array response
-	*/
-	function _recaptcha_http_post($host, $path, $data, $port = 80)
-	{
-		$req = $this->_recaptcha_qsencode ($data);
-
-		$http_request  = "POST $path HTTP/1.0\r\n";
-		$http_request .= "Host: $host\r\n";
-		$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
-		$http_request .= "Content-Length: " . strlen($req) . "\r\n";
-		$http_request .= "User-Agent: reCAPTCHA/PHP/phpBB\r\n";
-		$http_request .= "\r\n";
-		$http_request .= $req;
-
-		$response = '';
-		if (false == ($fs = @fsockopen($host, $port, $errno, $errstr, 10)))
-		{
-			trigger_error('Could not open socket', E_USER_ERROR);
-		}
-
-		fwrite($fs, $http_request);
-
-		while (!feof($fs))
-		{
-			// One TCP-IP packet
-			$response .= fgets($fs, 1160);
-		}
-		fclose($fs);
-		$response = explode("\r\n\r\n", $response, 2);
-
-		return $response;
-	}
-
-	/**
 	* Calls an HTTP POST function to verify if the user's guess was correct
 	* @param array $extra_params an array of extra variables to post to the server
 	* @return ReCaptchaResponse
@@ -296,23 +226,17 @@
 		global $config, $user;
 
 		//discard spam submissions
-		if ($this->challenge == null || strlen($this->challenge) == 0 || $this->response == null || strlen($this->response) == 0)
+                if ($this->g_recaptcha_response == null || strlen($this->g_recaptcha_response) == 0 )
 		{
 			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 
-		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,
-			array(
-				'privatekey'	=> $config['recaptcha_privkey'],
-				'remoteip'		=> $user->ip,
-				'challenge'		=> $this->challenge,
-				'response'		=> $this->response
-			) + $extra_params
-		);
 
-		$answers = explode("\n", $response[1]);
 
-		if (trim($answers[0]) === 'true')
+        $recaptcha = new ReCaptcha\ReCaptcha($config['recaptcha_privkey']);
+        $resp = $recaptcha->verify($this->g_recaptcha_response, $user->ip);
+
+        if ($resp->isSuccess())
 		{
 			$this->solved = true;
 			return false;
@@ -323,23 +247,6 @@
 		}
 	}
 
-	/**
-	* Encodes the given data into a query string format
-	* @param $data - array of string elements to be encoded
-	* @return string - encoded request
-	*/
-	function _recaptcha_qsencode($data)
-	{
-		$req = '';
-		foreach ($data as $key => $value)
-		{
-			$req .= $key . '=' . urlencode(stripslashes($value)) . '&';
 		}
 
-		// Cut the last '&'
-		$req = substr($req, 0, strlen($req) - 1);
-		return $req;
-	}
-}
-
6. Clear cache

root@ # rm /var/www/phpBB3/cache/*

7. Select reCaptcha in ACP

Select reCaptcha in ACP.
In the config page, set your public and private key.

It's all, enjoy! ;)
 

Locked

Return to “[3.0.x] MOD Requests”

Who is online

Users browsing this forum: Google [Bot] and 7 guests

cron