[MODDB] Textual Confirmation

olpa · Post by **olpa** » Sun Oct 29, 2006 3:49 am

Textual Confirmation is accepted to the MODS-database. This thread is locked, please discuss Textual Confirmation here: http://www.phpbb.com/phpBB/viewtopic.php?t=472940

MOD Title: Textual Confirmation
MOD Description: Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.
MOD Version: 1.0.0.beta3, actually a release candidate

MOD Homepage: http://bbantispam.com/tc/
MOD Download: http://bbantispam.com/tc/TextualConfirmation.zip
Demo Board: http://bbantispam.com/forum/profile.php ... greed=true

Useful links and screenshots are on the homepage. Here are few comments.

I was irritated by Advanced Visual Confirmation, which gave more harm than benefit. Spammers decrypt its images much better than normal users

My users bothered me with it. When I tried to register an user, and tried 5 times to enter the code correctly, I became furious and decided to do something. This something is the MOD Textual Confirmation.

I'm aware about Anti Bot Question Hack, but I dislike it. For me, its "medium" installation level is too hard for me, and it's easier to write a new MOD with the installation level "easy" and with EasyMOD compatibility.

I've tested Textual Confirmation for the week on my 3 forums, with Visual Confirmation switched off. Results are:

* no new registrations on English forums,
* a bit more registrations on a Russian forum.

You are probably surprised by the second result. It's so because my SEO-optimized forum is in the tops, and therefore each and every spammer has it in index.

More, now its obvious to me that the best spam bots work in cooperation with humans. If a bot can't pass, a human assits him.

That's why I don't believe in Visual Confirmation (cracked once, spammer can post to each board) and believe in Textual Confirmation (spammer have to hire human labour to answer forum-specific questions).

In my opinion, the best Text Confirmation question is something like:

What's the forum pass code (see <a href="faq.php">FAQ</a>)?

Logical Nightmare · Post by **Logical Nightmare** » Sun Oct 29, 2006 3:55 am

This should be fairly easy to crack, simply scan the page about 500 times to get every available question, answer them all and put into a def list then create a registration bot.

With visual confirmation there are thousands and thousands of codes that the answer could be which makes it more secure, it is more logical to just replace the broken captcha with a stronger one.

olpa · Post by **olpa** » Sun Oct 29, 2006 4:06 am

In theory, I fully agree with you. In practice -- not.

just replace the broken captcha with a stronger one

Unfortunately, "stronger one" means "unreadable for a human". I'd better allow register 10 spammers than lose 1 forum member.

answer them all

It requires work. And spammers will have not only to buy a spam engine, but also to pay for the answers database. It's more profitable just to skip forums with questions.

Logical Nightmare · Post by **Logical Nightmare** » Sun Oct 29, 2006 6:45 am

olpa wrote: In theory, I fully agree with you. In practice -- not.

just replace the broken captcha with a stronger one

Unfortunately, "stronger one" means "unreadable for a human". I'd better allow register 10 spammers than lose 1 forum member.

answer them all

It requires work. And spammers will have not only to buy a spam engine, but also to pay for the answers database. It's more profitable just to skip forums with questions.

@Spam engine: What if it was just 1 person trying to improve their pagerank, which just coded their own. they are extremely simple to do.

@Captcha: Have you seen this modification, ive been using it since release and nobody has had a problem reading it and the spambots have compeltely stopped, I also coded my own captcha for an IPB forum which has had no complaints and no spam.

In a more logical sence, this mod would work best with the default captcha turned on, as it would break most independent bots and stop the existing ones that dont know how to handle it.

Elias · Post by **Elias** » Sun Oct 29, 2006 12:28 pm

Nice MOD.
Great Job.

olpa · Post by **olpa** » Tue Oct 31, 2006 5:33 am

@Captcha: Have you seen this modification

Yes, I found several CAPTCHA variants. Unfortunately, I'm not an expert and I can't understand what is good and what is bad.

To EY: thanks!

GreenEnvy · Post by **GreenEnvy** » Tue Nov 14, 2006 5:28 am

Thanks for the mod! I really appreciate it because I am so tired of manually deleting spam bots. I got through all of the installation just fine except for the SQL section.

Do I need to create a new database called phpbb_textual_confirmation or do I create a table on my forum's existing database? I am also not sure where I need to add the following:

id INTEGER NOT NULL AUTO_INCREMENT,
question TEXT NOT NULL,
answers TEXT NOT NULL,
PRIMARY KEY (id)
);
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui');
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo');

Can someone help me please? I will be forever grateful.

olpa · Post by **olpa** » Tue Nov 14, 2006 6:08 am

Do I need to create a new database called phpbb_textual_confirmation or do I create a table on my forum's existing database?

You need to create a table on your forum's existing database.

I am also not sure where I need to add the following

Check the control panel of your hosting. It should provide an interface to the database (most likely, phpMyAdmin). Connect to the forum's database and execute this SQL query (most likely, the link "SQL").

Try and report the results.

GreenEnvy · Post by **GreenEnvy** » Tue Nov 14, 2006 6:42 am

Thanks for helping me, I have phpMyAdmin. I selected my forum database, and at the bottom I see the "Create new table on database _____" and it also had a place to enter in the number of fields. Do I create the phpbb_textual_confirmation table there? If so, how many fields should I enter and what will I need to do on the following screen [Field, Type, Length/Values, Attributes, Null, Default**, Extra, etc]?

I selected my forum database and also saw the Query tab at the top. There's lots of fields such as Field, Sort, Show, Criteria, etc. Do I ignore that? I see further down it says 'Use Tables' with a list of the tables. I guess that's where I select phpbb_textual_confirmation from the list once I have been able to create the table? I also see SQL-query on database ____, is that where I enter in:

CREATE TABLE phpbb_textual_confirmation (
id INTEGER NOT NULL AUTO_INCREMENT,
question TEXT NOT NULL,
answers TEXT NOT NULL,
PRIMARY KEY (id)
);
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui');
INSERT INTO phpbb_textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo');

Still confused! Sorry to be a pain.

olpa · Post by **olpa** » Tue Nov 14, 2006 7:03 am

It's goos that phpMYAdmin is installed.

When you selected the database, you see (I hope) the menu:

# Structure
# SQL
# Search
# Query
# Export
# Import
# Operations

Click "SQL".

Enter the SQL to the text area "Run SQL query/queries on database"

By the way, I've just found:
http://www.phpbb.com/phpBB/viewtopic.php?t=74143
Maybe of some help.

Ramon Fincken · Post by **Ramon Fincken** » Tue Nov 14, 2006 7:32 am

But… I can switch on Visual Confirmation.
Visual Confirmation is a joke. Even simple spambots can pass it.

no... simple bots will be stopped, yet it is not the strongest VC available for phpbb2 ...

olpa · Post by **olpa** » Wed Nov 15, 2006 2:17 am

I said "simple", not "simplest"

If a bot can't pass the default VC, the programmer should be blamed.

RMcGirr83 · Post by **RMcGirr83** » Wed Nov 15, 2006 3:39 am

here is a db_update file for a mysql database. Copy, save as db_update.php upload to the root of your forum, sign in to your forum as admin and run it....then delete it once completed.

Code: Select all

<?php
/***************************************************************************
 *                               db_update.php
 *                            -------------------
 *
 *   copyright            : ©2003 Freakin' Booty ;-P & Antony Bailey
 *   project              : http://sourceforge.net/projects/dbgenerator
 *   Website              : http://freakingbooty.no-ip.com/ & http://www.rapiddr3am.net
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//


if( !$userdata['session_logged_in'] )
{
	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
	header($header_location . append_sid("login.$phpEx?redirect=db_update.$phpEx", true));
	exit;
}

if( $userdata['user_level'] != ADMIN )
{
	message_die(GENERAL_MESSAGE, 'You are not authorised to access this page');
}


$page_title = 'Updating the database';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

echo '<table width="100%" cellspacing="1" cellpadding="2" border="0" class="forumline">';
echo '<tr><th>Updating the database</th></tr><tr><td><span class="genmed"><ul type="circle">';


$sql = array();
$sql[] = "CREATE TABLE " . $table_prefix . "textual_confirmation ( 
id INTEGER NOT NULL AUTO_INCREMENT, 
question TEXT NOT NULL, 
answers TEXT NOT NULL, 
PRIMARY KEY (id) 
)";
$sql[] = "INSERT INTO " . $table_prefix . "textual_confirmation(question,answers) VALUES ('Are you human?', 'yes\nja\noui')";
$sql[] = "INSERT INTO " . $table_prefix . "textual_confirmation(question,answers) VALUES ('Say hello', 'hello\nhi\nhallo')";

for( $i = 0; $i < count($sql); $i++ )
{
	if( !$result = $db->sql_query ($sql[$i]) )
	{
		$error = $db->sql_error();

		echo '<li>' . $sql[$i] . '<br /> +++ <font color="#FF0000"><b>Error:</b></font> ' . $error['message'] . '</li><br />';
	}
	else
	{
		echo '<li>' . $sql[$i] . '<br /> +++ <font color="#00AA00"><b>Successfull</b></font></li><br />';
	}
}


echo '</ul></span></td></tr><tr><td class="catBottom" height="28">&nbsp;</td></tr>';

echo '<tr><th>End</th></tr><tr><td><span class="genmed">Installation is now finished. Please be sure to delete this file now.<br /></span></td></tr>';
echo '<tr><td class="catBottom" height="28" align="center"><span class="genmed"><a href="' . append_sid("index.$phpEx") . '">Have a nice day</a></span></td></table>';

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);

?>

Flexmän · Post by **Flexmän** » Wed Nov 15, 2006 10:56 pm

This seems to be great!

Only thing I'd change is that you can turn the notification off.

GreenEnvy · Post by **GreenEnvy** » Thu Nov 16, 2006 1:28 am

The db_update.php worked!!!!!! Thank you SO much olpa and RMcGirr83 for all your help.

phpBB • Free and Open Source Forum Software

Features

Demo

Showcase

Get Involved

3.3 New Features

The Team

Contact Us

Advertising

Latest Version

Update Packages

Language Packs

Extensions

Styles

Official Tools

Customisation Database

Extensions

Extensions DB

Styles

Styles DB

Documentation

Knowledge Base

Support Forums

Discord / IRC

International Support

Area51 phpBB Development

phpBB Bug Tracker

phpBB Ideas

Security Tracker

Development Wiki

GSoC

Support Forums

Extensions Forums

Styles Forums

phpBB Discussion

General Discussion

Area51

[MODDB] Textual Confirmation

[MODDB] Textual Confirmation

advertisements