Registration AuthImage Captcha

Registration AuthImage Captcha

Postby Nomad on Sun Oct 24, 2010 5:18 am

AuthImage Captcha during the registration process is all but useless. The Chinese spammers have it annihilated and I've had to switch of registration due to teh idiots ..

i did read at one point that someone was working on either a hidden input and/or Recaptcha to stop them but seems it hasn't been done yet..

Anyway i can add in a simple hidden input to stop (or try stopping them) without it kicking up errors?

and how would I implement recaptcha at registration instead of authimage...

thanks
Blog Ireland - now with video posting
Normally most write something meaningful here so many to choose from yet most oft ignored.
Nomad
Lifetype Expert
 
Posts: 645
Joined: Sat Feb 05, 2005 8:40 pm
Location: Eire

Re: Registration AuthImage Captcha

Postby jondaley on Sun Oct 24, 2010 3:46 pm

I think most (all?) captchas have been completely broken for a long time now. Computers can do them better than humans.
And since spammers pay humans for registrations, there really isn't any way with captchas and hidden input type stuff to really solve the problem, you can only make it less harder.

This forum gets way more spammers registering than humans, so I've turned it into a manual process, and that has stopped all spam. If we had more than a handful of registrations a week, it would make it pretty unbearable, but currently, I spend a ton less time moderating spam (ie. 0% of my time) than adding users (I wrote a script to whitelist email addresses easily, so each request only takes a minute or less)
jondaley
Lifetype Expert
 
Posts: 6169
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Registration AuthImage Captcha

Postby Nomad on Mon Oct 25, 2010 12:46 pm

Yeah I know most have and even recaptcha has been broken recently but as far as I know the exploit for it has not yet gone into the wild so to speak and out of all of them is still the working to some extent.

I'd say the next step is to block em by net block via htaccess... personally I'm totally pissed with it and whilst manual setup is an answer it does sort of defeat the object somewhat....

:(
Blog Ireland - now with video posting
Normally most write something meaningful here so many to choose from yet most oft ignored.
Nomad
Lifetype Expert
 
Posts: 645
Joined: Sat Feb 05, 2005 8:40 pm
Location: Eire

Re: Registration AuthImage Captcha

Postby jondaley on Wed Oct 27, 2010 4:52 pm

I've never added recaptcha to a site, so I'm not sure how you go about doing it. The displaying of the recaptcha should presumably be easy to do, and then add the bit of code that checks their input against the correct input is probably only a little bit of php as well. It is php code, surely, and I don't think I really have time for it myself.
jondaley
Lifetype Expert
 
Posts: 6169
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Registration AuthImage Captcha

Postby Nomad on Tue Nov 16, 2010 6:14 pm

ok I'm close - just the smarty engine is throwing errors when I try to include the recaptchalib.php

to give ye a basic idea jon. ye add a small bit of code which really includes that file recaptchalib.php - it will then present a more complicated captcha. (Yes it can be beaten but it does take a bit doing - more than the easy authimage anyway and as it's new the toerags that we suffer from won't have programed for it so we'll get at least some peace for a while)

So the easiest page to add it to (Instead of hacking away at authimage) is in the basic agreement template..

I basically need to include that one file recaptchlib.php to get it to work
This
{include file="summary/recaptchalib.php}

isn't working - smarty doesn't like it

how can I include that but stop it from being read by smarty? just have it included ?/?

cheers...

btw this is the extra code that I'm adding to the registerstep 0 template (Just before the submit buttons)

Code: Select all
<div> <!-- recaptcha -->

                          <p>Sorry but we have to ask - Are you a human? Please fill in the following anti spam security below.</p>
            
            <?php

            include("recaptchalib.php"); *** NB** <-- thats the bit I need to get right

                           //     Put your public key in the speech marks below
            $publickey = "my individual key";

                               // Put your private key in the speech marks below
            $privatekey = "my individual key";
            
            //  the response from reCAPTCHA
            $resp = null;
            //  the error code from reCAPTCHA, if any
            $error = null;
            
            //  are we submitting the page?
            if ($_POST["submit"]) {
              $resp = recaptcha_check_answer ($privatekey,
            $_SERVER["REMOTE_ADDR"],
            $_POST["recaptcha_challenge_field"],
            $_POST["recaptcha_response_field"]);
            
              if ($resp->is_valid) {
               echo "You got it!";
              } else {
               $error = $resp->error;
              }
            }
            echo recaptcha_get_html($publickey, $error);
            ?>

</div>


where my individual key - is a unique key specific to your domain
Blog Ireland - now with video posting
Normally most write something meaningful here so many to choose from yet most oft ignored.
Nomad
Lifetype Expert
 
Posts: 645
Joined: Sat Feb 05, 2005 8:40 pm
Location: Eire

Re: Registration AuthImage Captcha

Postby raciloni on Wed Nov 17, 2010 6:36 am

I use a math captcha for registration and i have no spam until now, if you are interested in a math captcha you can download the modified files from http://www.marocprof.net/mod.zip.
raciloni
 
Posts: 7
Joined: Sun Dec 13, 2009 3:22 pm
LifeType Version: lifetype-1.2.11_r711

Re: Registration AuthImage Captcha

Postby Nomad on Wed Nov 17, 2010 10:31 am

raciloni wrote:I use a math captcha for registration and i have no spam until now, if you are interested in a math captcha you can download the modified files from http://www.marocprof.net/mod.zip.


excellent - will give it a try . those spam sign ups have driven me up the wall..

would still be nice to figure out how that other one would work though :)
Blog Ireland - now with video posting
Normally most write something meaningful here so many to choose from yet most oft ignored.
Nomad
Lifetype Expert
 
Posts: 645
Joined: Sat Feb 05, 2005 8:40 pm
Location: Eire

Re: Registration AuthImage Captcha

Postby kevinf on Mon Nov 22, 2010 5:22 pm

Yes this authimage is the biggest problem for me as well. I think any captcha can be beaten, that's why it would be great to make them easy to customize. That's why i once proposed to integrate the captcha from www.captcha.fr.
I'd like to create such plugin (compatible with authimage), when i'll have the time i'll try to figure out how to do that.
http://www.politicien.fr <- running lifetype 1.2.10!
kevinf
 
Posts: 24
Joined: Tue May 22, 2007 3:33 am
LifeType Version: 1.2.10

Re: Registration AuthImage Captcha

Postby Nomad on Wed Nov 24, 2010 6:45 am

Well this math one seems to be doing the trick for now.. it's gone from 5-6 sign ups a day to only 1 this week and I suspect that was a human signup. I also tweaked the math output from between 1 and 5 to 1 and 9 (Look in math.captcha and change the two 5 values to 9 - make sure you do both numbers or it won't work)...

It does need security tightening up on the registration process to stop these planktons with there rubbish. I just installed a new support section over at my own place using phpbb 3. They have multiple systems in place from image captcha to the recaptcha system and also hidden input.

Personally I think a mix of captchas would be best. One based on the hidden input plugin we currently have as that has random field settings which would make it more complicated for bots. A good one would be if they activate a hidden field that it acts like a submit button and sends them of to one of those bot graveyards where they get stuck filling in an endless form...

Anyway the math captcha seems to be working for now but more does need to be done to put a stop to it...
Blog Ireland - now with video posting
Normally most write something meaningful here so many to choose from yet most oft ignored.
Nomad
Lifetype Expert
 
Posts: 645
Joined: Sat Feb 05, 2005 8:40 pm
Location: Eire


Return to Other Problems

cron