[3.2][3.3][RC] Obscure Registration Code (SPAM stopper)

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

[3.2][3.3][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

Extension Name: Obscure Registration Code Image Image Image

Author: HiFiKabin

Extension Description: Adds a Java Script encoded code at the foot of any page that displays the CAPTCHA to allow you to have a totally SPAMbot free registration system. The fact that humans will find it easy to read does not mean that SPAMbots will. The JaveScript encoding and additional SPAMbot field in the ACP will make it harder for them. The code is not shown to logged on users as they have no use for it.

What this Extension is not: It is NOT a stand alone anti SPAM signup Extension, it NEEDS to be used in conjunction with the built in Q&A CAPTCHA with the code as the ONLY correct answer.

Notes: The user needs to have JavaScript enabled to read the registration code. Should a user have JS disabled there is a warning telling them that they need to switch it on to view the code. The user can copy/paste the code direct to the registration page.


Extension Setup:
  1. Enable the extension and using the Random Code Generator supplied on the Extensions Configuration page create a random string then add it in the "Registration Code" field.
  2. Again using the Random Code Generator change both "ChangeMe"s to something different to the above code, as well as different from each other.
  3. Then go to the Spambot Countermeasures part of the ACP and configure the Q&A CAPTCHA.
    Administration Control Panel (ACP) > Spambot countermeasures> Installed plugins > click the dropdown box and select Q&A (it will be greyed out)
  4. Click the configure button then click add
  5. Add the question "What is the Registration Code shown at the bottom of the Board?"
  6. Add the answer which is the code you used in step 1 above
  7. Repeat for each language you have installed on the board, with the answer EXACTLY the same as stage 4
  8. Set "Strict Check" to "yes" to ensure the code is entered EXACTLY as displayed
  9. Click submit
  10. Click "back to previous page" then click "back"
  11. Select Q&A from the dropdown box (again)
  12. Click submit at the bottom of the page.
  13. Done.
Language:
  • EN
  • Language Pack es, fr HERE
Extension Version: 1.0.0-RC10 (if you are updating from RC1 or earlier, please disable and delete data before installing this version)

Supported Styles:
  • prosilver
Screenshots:

Image

Image Image Image



Live Demo : https://time.hifikabin.me.uk/

Installation:
  • Download the latest release and unzip it.
  • Upload the folder hifikabin to root/ext/ and enable it in the ACP
Download: https://phpbb.hifikabin.me.uk/viewtopic.php?f=3&t=153

Support:

The contact us link at the bottom of this Forum or This Topic
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

FAQ

I can see the code, why can't bots?
  • The JavaScript Encoding and additional SPAMbot Security Field make it harder for them.
It's not working
  • Ensure the code in this extension and the Q&A CAPTCHA are the same and that the Q&A CAPTCHA is active
I can't see the link
  • View your forum as a guest. Logged in users have no use for the code, so can not see it. If you have switched the Background Colour off, you may need to change the font colour from the default.
Do I have to use a Password Generator to create a password?
  • Of course not, but that is my recommendation. Should you really want a word based answer, please avoid common nouns, colours, numbers etc. These are the defaults that SPAMbots are already programmed with. A phrase like "Elephants eat Custard" is an example of good word based answer (obviously do not use this example)
Do I have to change "ChangeMe"?
  • No, but I highly recommend that you do. The more variations there are out there, the more problems BOT programmers will have. To avoid conflicts with existing code in the phpBB core, please use a random password generator such as this Secure Password Generator making sure you select LETTERS only in this instance.
I have several languages on my forum, how do I configure it?
  • Set a question for each language saying the same as the suggested text (translated of course) and the answer will be the code you have set for the default language.
Will this stop Human Spammers?
  • No. This code is for humans to read, so human SPAMmers can alse read it
Will this be the solution for SPAMbots forever?
  • I doubt it, but keep your fingers crossed. The most likely reason that SPAMbots will be able to join your forum with this extension enabled is either a week Registration Code or your code has been programmed into the latest SPAMbots. Just change your code (In both places remember) and that should solve the problem. SPAMbot programmers are getting more clever every day, but I have several ideas should this happen.
How do I know it will work?
  • It is based on my Obscure Contact Us script and I have had no automatically generated SPAM emails for years and years.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

1.0.0-RC3 now available Image

Slight code changes, new language string in ACP. The preview shows in a grey box should the Background Colour be disabled.

To Update from previous version:
  • Download the latest release and unzip it.
  • Disable Obscure Registration Code in the ACP
  • Delete obscureregistrationcode folder from the server
  • Upload the folder hifikabin to root/ext/
  • Enable it in the ACP
NOTE: If you are updating from RC1 or earlier, please disable and delete data before installing this version
User avatar
remoss
Registered User
Posts: 97
Joined: Wed Jul 08, 2015 2:12 pm
Location: The Netherlands
Name: René

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by remoss »

Great extension, works like a charm :)
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

Great to hear that.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by martti »

How is this any secure? A bot can simply copy the code to the input-field.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26832
Joined: Fri Aug 29, 2008 9:49 am

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by Mick »

If you want to see it as a bot sees it check it with one of the bot selections in a user switcher, most browsers have them.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

martti wrote: Sun Apr 15, 2018 11:55 am How is this any secure? A bot can simply copy the code to the input-field.
As I have said in the FAQ, this is based on my Obscure Contact Us ext and I have had zero automated spam emails in years and years.

From the screenshot you can see the orc div is in the visible code but the code it self is not.

Image
You do not have the required permissions to view the files attached to this post.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by martti »

HiFiKabin wrote: Sun Apr 15, 2018 1:06 pm As I have said in the FAQ, this is based on my Obscure Contact Us ext and I have had zero automated spam emails in years and years.
That doesn't mean it's safe. It was just unique to your forum or not widespread used. Nobody with bad intention took interest. If you release an extension like this it could become more interesting for meanies to add a simple copying code to an existing bot. That wouldn't take long.
wrote: Sun Apr 15, 2018 1:06 pm From the screenshot you can see the orc div is in the visible code but the code it self is not.
The code is in fact more obscure to users than a robot. Enter orc in the Javascript console of the browser at the registration page in your demo-board and you get the code: gwFEK8n3ALt4BvQFFf

Try in the console on the register page:

Code: Select all

if (typeof orc !== 'undefined'){ document.getElementById('answer').value = orc; }
And the answer is set.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

I am not saying its bot proof, no more than the original RAC from phpBB2 days was. NOTHING is 100% bot proof but it will stop them for now. Its just an alternative solution for people to use.

Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by martti »

HiFiKabin wrote: Sun Apr 15, 2018 4:00 pm I am not saying its bot proof, no more than the original RAC from phpBB2 days was.
What is RAC?
HiFiKabin wrote: Sun Apr 15, 2018 4:00 pm Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.
I had a look at "Obscure Contact Us" and I'm sorry to say this far worse than the Contact Form. Specifically, bots are scanning for mail adresses online and here it is given away for free, in plain text, nothing obscure, even complete with a mailto: link. With the standard Contact Form the mailing address is not given away. In a Contact Form bots might send you spam, but they don't have your mailing address (and sell it on the black market), so they can only spam you through the contact form (wich can be potentially improved with a challenge).
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by HiFiKabin »

martti wrote: Sun Apr 15, 2018 4:41 pm
HiFiKabin wrote: Sun Apr 15, 2018 4:00 pm I am not saying its bot proof, no more than the original RAC from phpBB2 days was.
What is RAC?
The forerunner of the Q&A CAPTCHA
martti wrote: Sun Apr 15, 2018 4:41 pm
HiFiKabin wrote: Sun Apr 15, 2018 4:00 pm Obscure Contact Us is not unique to my forums but has has over 2000 downloads, and not one report of BOT generated SPAM.
I had a look at "Obscure Contact Us" and I'm sorry to say this far worse than the Contact Form. Specifically, bots are scanning for mail adresses online and here it is given away for free, in plain text, nothing obscure, even complete with a mailto: link. With the standard Contact Form the mailing address is not given away. In a Contact Form bots might send you spam, but they don't have your mailing address (and sell it on the black market), so they can only spam you through the contact form (wich can be potentially improved with a challenge).
... which is why I get SPAM from the inbuilt "contact us" form and ZERO SPAM from Obscure Contact Us?
brunoais
Registered User
Posts: 447
Joined: Wed Jun 18, 2008 10:50 am

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by brunoais »

For what I could notice, this is very easy to break through for a bot. For what I understood, the code is written on the <script> tag that is in the hidden div.
User avatar
JimA
Former Team Member
Posts: 7833
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by JimA »

I think the key here is that bots are not programmed for these types of codes yet. Anything a human can reasonably solve will eventually be figured out by bots as well. No CAPTCHA or anti-spam solution is forever. If it was, it would get to the point of it being too difficult for humans.

For now, this way of "hiding" the div for bots seems effective for some that tested it. Obviously, if you have a different experience, that would be good to hear as some changes to the extension or different extensions would need to be made. I guess that is the reason as well for posting it in here, so that people can test and share their experiences using it. :)
Jim Mossing Holsteyn - Former Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.1][3.2][RC] Obscure Registration Code (SPAM stopper)

Post by martti »

HiFiKabin wrote: Sun Apr 15, 2018 4:52 pm ... which is why I get SPAM from the inbuilt "contact us" form and ZERO SPAM from Obscure Contact Us?
When you disable the Contact Form, you don't get spam from it anymore. That's true. You've blocked this type of robots. But other robots will find your mail address and sell it to spammers who'll keep it forever. Of course, basic email spam protection got a lot better since a few years thanks to DKIM. Nevertheless, if you put your address on the net in the open, expect spam. If you experience spam from the "Contact Us" form it's better to add a challenge to filter out the machines from the humans. (Captcha, Q&A)

Return to “Extensions in Development”