[MODDB] Textual Confirmation

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

[MODDB] Textual Confirmation

Post by olpa » Sun Oct 29, 2006 3:49 am

Textual Confirmation is accepted to the MODS-database. This thread is locked, please discuss Textual Confirmation here: http://www.phpbb.com/phpBB/viewtopic.php?t=472940

MOD Title: Textual Confirmation
MOD Description: Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.
MOD Version: 1.0.0.beta3, actually a release candidate

MOD Homepage: http://bbantispam.com/tc/
MOD Download: http://bbantispam.com/tc/TextualConfirmation.zip
Demo Board: http://bbantispam.com/forum/profile.php ... greed=true

Useful links and screenshots are on the homepage. Here are few comments.

I was irritated by Advanced Visual Confirmation, which gave more harm than benefit. Spammers decrypt its images much better than normal users :-( My users bothered me with it. When I tried to register an user, and tried 5 times to enter the code correctly, I became furious and decided to do something. This something is the MOD Textual Confirmation.

I'm aware about Anti Bot Question Hack, but I dislike it. For me, its "medium" installation level is too hard for me, and it's easier to write a new MOD with the installation level "easy" and with EasyMOD compatibility.

I've tested Textual Confirmation for the week on my 3 forums, with Visual Confirmation switched off. Results are:

* no new registrations on English forums,
* a bit more registrations on a Russian forum.

You are probably surprised by the second result. It's so because my SEO-optimized forum is in the tops, and therefore each and every spammer has it in index.

More, now its obvious to me that the best spam bots work in cooperation with humans. If a bot can't pass, a human assits him.

That's why I don't believe in Visual Confirmation (cracked once, spammer can post to each board) and believe in Textual Confirmation (spammer have to hire human labour to answer forum-specific questions).

In my opinion, the best Text Confirmation question is something like:
What's the forum pass code (see <a href="faq.php">FAQ</a>)?
Last edited by olpa on Fri Dec 15, 2006 7:43 am, edited 1 time in total.

Logical Nightmare
Registered User
Posts: 22
Joined: Sun Sep 24, 2006 12:00 am

Post by Logical Nightmare » Sun Oct 29, 2006 3:55 am

This should be fairly easy to crack, simply scan the page about 500 times to get every available question, answer them all and put into a def list then create a registration bot.

With visual confirmation there are thousands and thousands of codes that the answer could be which makes it more secure, it is more logical to just replace the broken captcha with a stronger one.
I like pie!

User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa » Sun Oct 29, 2006 4:06 am

In theory, I fully agree with you. In practice -- not.
just replace the broken captcha with a stronger one

Unfortunately, "stronger one" means "unreadable for a human". I'd better allow register 10 spammers than lose 1 forum member.
answer them all

It requires work. And spammers will have not only to buy a spam engine, but also to pay for the answers database. It's more profitable just to skip forums with questions.

Logical Nightmare
Registered User
Posts: 22
Joined: Sun Sep 24, 2006 12:00 am

Post by Logical Nightmare » Sun Oct 29, 2006 6:45 am

olpa wrote: In theory, I fully agree with you. In practice -- not.
just replace the broken captcha with a stronger one

Unfortunately, "stronger one" means "unreadable for a human". I'd better allow register 10 spammers than lose 1 forum member.
answer them all

It requires work. And spammers will have not only to buy a spam engine, but also to pay for the answers database. It's more profitable just to skip forums with questions.


@Spam engine: What if it was just 1 person trying to improve their pagerank, which just coded their own. they are extremely simple to do.

@Captcha: Have you seen this modification, ive been using it since release and nobody has had a problem reading it and the spambots have compeltely stopped, I also coded my own captcha for an IPB forum which has had no complaints and no spam.

In a more logical sence, this mod would work best with the default captcha turned on, as it would break most independent bots and stop the existing ones that dont know how to handle it.
I like pie!

User avatar
Elias
Registered User
Posts: 4401
Joined: Sat Feb 25, 2006 4:31 pm
Location: In the Water!
Name: Elias
Contact:

Post by Elias » Sun Oct 29, 2006 12:28 pm

Nice MOD.
Great Job.
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|

User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa » Tue Oct 31, 2006 5:33 am

@Captcha: Have you seen this modification

Yes, I found several CAPTCHA variants. Unfortunately, I'm not an expert and I can't understand what is good and what is bad.

To EY: thanks!

User avatar
GreenEnvy
Registered User
Posts: 3
Joined: Tue Nov 14, 2006 5:20 am
Location: Oregon USA
Contact:

Post by GreenEnvy » Tue Nov 14, 2006 5:28 am

Thanks for the mod! I really appreciate it because I am so tired of manually deleting spam bots. I got through all of the installation just fine except for the SQL section.

Do I need to create a new database called phpbb_textual_confirmation or do I create a table on my forum's existing database? I am also not sure where I need to add the following:
id INTEGER NOT NULL AUTO_INCREMENT,
question TEXT NOT NULL,
answers TEXT NOT NULL,
PRIMARY KEY (id)
);
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui');
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo');


Can someone help me please? I will be forever grateful. :(

User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa » Tue Nov 14, 2006 6:08 am

Do I need to create a new database called phpbb_textual_confirmation or do I create a table on my forum's existing database?

You need to create a table on your forum's existing database.
I am also not sure where I need to add the following

Check the control panel of your hosting. It should provide an interface to the database (most likely, phpMyAdmin). Connect to the forum's database and execute this SQL query (most likely, the link "SQL").

Try and report the results.

User avatar
GreenEnvy
Registered User
Posts: 3
Joined: Tue Nov 14, 2006 5:20 am
Location: Oregon USA
Contact:

Post by GreenEnvy » Tue Nov 14, 2006 6:42 am

Thanks for helping me, I have phpMyAdmin. I selected my forum database, and at the bottom I see the "Create new table on database _____" and it also had a place to enter in the number of fields. Do I create the phpbb_textual_confirmation table there? If so, how many fields should I enter and what will I need to do on the following screen [Field, Type, Length/Values, Attributes, Null, Default**, Extra, etc]?

I selected my forum database and also saw the Query tab at the top. There's lots of fields such as Field, Sort, Show, Criteria, etc. Do I ignore that? I see further down it says 'Use Tables' with a list of the tables. I guess that's where I select phpbb_textual_confirmation from the list once I have been able to create the table? I also see SQL-query on database ____, is that where I enter in:
CREATE TABLE phpbb_textual_confirmation (
id INTEGER NOT NULL AUTO_INCREMENT,
question TEXT NOT NULL,
answers TEXT NOT NULL,
PRIMARY KEY (id)
);
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui');
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo');


Still confused! Sorry to be a pain. :oops:

User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa » Tue Nov 14, 2006 7:03 am

It's goos that phpMYAdmin is installed.

When you selected the database, you see (I hope) the menu:

# Structure
# SQL
# Search
# Query
# Export
# Import
# Operations

Click "SQL".

Enter the SQL to the text area "Run SQL query/queries on database"

By the way, I've just found:
http://www.phpbb.com/phpBB/viewtopic.php?t=74143
Maybe of some help.

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken » Tue Nov 14, 2006 7:32 am

But… I can switch on Visual Confirmation.
Visual Confirmation is a joke. Even simple spambots can pass it.


no... simple bots will be stopped, yet it is not the strongest VC available for phpbb2 ...
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

User avatar
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa » Wed Nov 15, 2006 2:17 am

I said "simple", not "simplest" :-) If a bot can't pass the default VC, the programmer should be blamed.

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 19768
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Post by RMcGirr83 » Wed Nov 15, 2006 3:39 am

here is a db_update file for a mysql database. Copy, save as db_update.php upload to the root of your forum, sign in to your forum as admin and run it....then delete it once completed.

Code: Select all

<?php
/***************************************************************************
 *                               db_update.php
 *                            -------------------
 *
 *   copyright            : ©2003 Freakin' Booty ;-P & Antony Bailey
 *   project              : http://sourceforge.net/projects/dbgenerator
 *   Website              : http://freakingbooty.no-ip.com/ & http://www.rapiddr3am.net
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//


if( !$userdata['session_logged_in'] )
{
	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
	header($header_location . append_sid("login.$phpEx?redirect=db_update.$phpEx", true));
	exit;
}

if( $userdata['user_level'] != ADMIN )
{
	message_die(GENERAL_MESSAGE, 'You are not authorised to access this page');
}


$page_title = 'Updating the database';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

echo '<table width="100%" cellspacing="1" cellpadding="2" border="0" class="forumline">';
echo '<tr><th>Updating the database</th></tr><tr><td><span class="genmed"><ul type="circle">';


$sql = array();
$sql[] = "CREATE TABLE " . $table_prefix . "textual_confirmation ( 
id INTEGER NOT NULL AUTO_INCREMENT, 
question TEXT NOT NULL, 
answers TEXT NOT NULL, 
PRIMARY KEY (id) 
)";
$sql[] = "INSERT INTO " . $table_prefix . "textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui')";
$sql[] = "INSERT INTO " . $table_prefix . "textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo')";

for( $i = 0; $i < count($sql); $i++ )
{
	if( !$result = $db->sql_query ($sql[$i]) )
	{
		$error = $db->sql_error();

		echo '<li>' . $sql[$i] . '<br /> +++ <font color="#FF0000"><b>Error:</b></font> ' . $error['message'] . '</li><br />';
	}
	else
	{
		echo '<li>' . $sql[$i] . '<br /> +++ <font color="#00AA00"><b>Successfull</b></font></li><br />';
	}
}


echo '</ul></span></td></tr><tr><td class="catBottom" height="28">&nbsp;</td></tr>';

echo '<tr><th>End</th></tr><tr><td><span class="genmed">Installation is now finished. Please be sure to delete this file now.<br /></span></td></tr>';
echo '<tr><td class="catBottom" height="28" align="center"><span class="genmed"><a href="' . append_sid("index.$phpEx") . '">Have a nice day</a></span></td></table>';

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);

?>

Flexmän
Registered User
Posts: 6
Joined: Wed Nov 15, 2006 10:00 pm

Post by Flexmän » Wed Nov 15, 2006 10:56 pm

This seems to be great!

Only thing I'd change is that you can turn the notification off.

User avatar
GreenEnvy
Registered User
Posts: 3
Joined: Tue Nov 14, 2006 5:20 am
Location: Oregon USA
Contact:

Post by GreenEnvy » Thu Nov 16, 2006 1:28 am

The db_update.php worked!!!!!! Thank you SO much olpa and RMcGirr83 for all your help. :D

Locked

Return to “[2.0.x] MODs in Development”

Who is online

Users browsing this forum: No registered users and 7 guests