Forum Spam

contains all delphi packages mentioned below
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Forum Spam

Post by gnif »

Hi Madshi,

I noticed all the spam your wasting time deleting and thought I would let you know of a free mod for phpbb2 that I use to stop the spam from bots... have a look at the image for the registration on my forum here:

http://forum.canberrarcdrift.com

The mod is called CAPTCHA, you could either use that or you could implement somthing like what php.net use when posting... asks a simple question like "min(5, 4)?", or "4 - 5 + min(2, 4)".
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Forum Spam

Post by madshi »

Thanks!
gnif wrote:The mod is called CAPTCHA
Is that an alternative captcha thing? Is it good enough so that OCR bots fail?
gnif wrote:or you could implement somthing like what php.net use when posting... asks a simple question like "min(5, 4)?", or "4 - 5 + min(2, 4)".
Actually I was thinking about adding something like this... :) Do you have a link or documentation on how to add such a simple question? That would be great!
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

Is that an alternative captcha thing? Is it good enough so that OCR bots fail?
Yes, it replaces the original, I still get the odd bot registring, but it cut down the number by 80-90%.
o you have a link or documentation on how to add such a simple question?
Unfortunatly no, but It shouldnt be hard to write somthing to do this, I can have a look at this for you if you like... php is my 2nd programming language(To delphi).
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

Hold on, I just remembered, the php website is opensource, just go have a look at how they do it.

update: here it is

Code: Select all

<?php
// $Id: spam_challenge.php,v 1.1 2006/07/05 15:51:45 nlopess Exp $

// simple and stupid SPAM protection (using little challenges)

$nums = array('zero', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');

function plus($a, $b) {
   return $a + $b;
}

function gen_plus($a) {
   return rand(0, 9 - $a);
}

function minus($a, $b) {
   return $a - $b;
}

function gen_minus($a) {
   return rand(0, $a);
}

function print_infix($name, $a, $b) {
   return "$a $name $b";
}

function print_prefix($name, $a, $b) {
   return "$name($a, $b)";
}

$challenges = array(
   // name, print, generator
   array('max',  'print_prefix'),
   array('min',  'print_prefix'),
   array('minus', 'print_infix', 'gen_minus'),
   array('plus',  'print_infix', 'gen_plus'),
);


// generate a challenge
function gen_challenge() {
   global $challenges, $nums;
   $c = $challenges[rand(0, sizeof($challenges)-1)];

   $a  = rand(0, 9);
   $an = $nums[$a];
   $b  = isset($c[2]) ? $c[2]($a) : rand(0, 9);
   $bn = $nums[$b];

   return array($c[0], $an, $bn, $c[1]($c[0], $an, $bn));
}


// test an answer for validity
function test_answer($name, $an, $bn, $answer) {
   global $challenges, $nums;

   foreach ($challenges as $x) {
       if ($x[0] === $name) {
           $c = $x;
           break;
       }
   }

   $a = array_search($an, $nums);
   $b = array_search($bn, $nums);

   if (empty($c) || $a === false || $b === false) return false;

   return ($nums[$c[0]($a, $b)] === $answer);
}


?>
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Thanks - looks good. But where do I have to add this? I'm sorry, I'm really stupid with PHP... :sorry:
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

I will have a play over the next day or so and throw some code together for you. Will keep you posted :D
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Thank you - much appreciated!!

:redBalloon: :greenBalloon: :blueBalloon:
andy
Posts: 13
Joined: Tue Jun 20, 2006 7:58 am

Post by andy »

madshi you can add that into your profile.php im sure under mode=register if you send me a copy of the forum excluding the config file i will mod it for you and also add some other handy functions that would be usefull on here.
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

it isnt added to profile.php.. it is added to the include file used by profile.php... I am already building it... no point it having two people write the same code.
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

I have it working on my site here... have a look.
http://forum.canberrarcdrift.com/profil ... greed=true

To make it work... do the following:

in the "includes" directory, make the file "txt_verification.php" and put the below in it.

Code: Select all

<?php
// $Id: spam_challenge.php,v 1.1 2006/07/05 15:51:45 nlopess Exp $

// simple and stupid SPAM protection (using little challenges)

$nums = array('zero', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');

function plus($a, $b) {
   return $a + $b;
}

function gen_plus($a) {
   return rand(0, 9 - $a);
}

function minus($a, $b) {
   return $a - $b;
}

function gen_minus($a) {
   return rand(0, $a);
}

function print_infix($name, $a, $b) {
   return "$a $name $b";
}

function print_prefix($name, $a, $b) {
   return "$name($a, $b)";
}

$challenges = array(
   // name, print, generator
   array('max',  'print_prefix'),
   array('min',  'print_prefix'),
   array('minus', 'print_infix', 'gen_minus'),
   array('plus',  'print_infix', 'gen_plus'),
);


// generate a challenge
function gen_challenge() {
   global $challenges, $nums;
   $c = $challenges[rand(0, sizeof($challenges)-1)];

   $a  = rand(0, 9);
   $an = $nums[$a];
   $b  = isset($c[2]) ? $c[2]($a) : rand(0, 9);
   $bn = $nums[$b];

   return array($c[0], $an, $bn, $c[1]($c[0], $an, $bn));
}


// test an answer for validity
function test_answer($name, $an, $bn, $answer) {
   global $challenges, $nums;

   foreach ($challenges as $x) {
       if ($x[0] === $name) {
           $c = $x;
           break;
       }
   }

   $a = array_search($an, $nums);
   $b = array_search($bn, $nums);

   if (empty($c) || $a === false || $b === false) return false;

   return ($nums[$c[0]($a, $b)] === $answer);
}

// generate the answer
function gen_answer($challenge) {
        global $challenges, $nums;

        foreach ($challenges as $x) {
                if ($x[0] === $challenge[0]) {
                        $c = $x;
                        break;
                }
        }

        $a = array_search($challenge[1], $nums);
        $b = array_search($challenge[2], $nums);

        if (empty($c) || $a === false || $b === false) return 'INVALID CHALLENGE';
        return $nums[$c[0]($a, $b)];
}
?>
Then, edit the file "includes/usercp_register.php" and at line 42, just before the line "$unhtml_specialchars_match = ..." add the following

Code: Select all

require_once('txt_verification.php');
At around line 1000 just after the lines

Code: Select all

                $db->sql_freeresult($result);

                // Generate the required confirmation code
                // NB 0 (zero) could get confused with O (the letter) so we make change it
and add the following:

Code: Select all

$challenge = gen_challenge();
$code = gen_answer($challenge);
Either remove or comment out any other lines that set the $code variable. and change the line that sets the $confirm_image value to read:

Code: Select all

$confirm_image = $challenge[3];
I would give exact line numbers, but my site is already modified and they may be out. All thats left to do is edit the language template file and change the text displayed for the confimation field as it is no longer an image.

edit the file "language/lang_english/lang_main.php" and change the lines that starts with "$lang['Confirm_code_impaired']" and "$lang['Confirm_code_explain']" to read as you see fit.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Thanks very much gnif, I've now added this code. Let's see whether it helps getting rid of the spam... :)

Thanks also to andy for offering your help.

If we still have a spam problem with these changes, I'll come back here for further help... :wink:
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Ok, today morning I checked - and no spam was there. Looking good!! :D Let's hope it will stay this way...
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

good to hear... always happy to help :D
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Didn't have even a single spam post for a full week - the forum makes fun again. Thanks again!

:crazy:
jcullison
Posts: 19
Joined: Wed Nov 23, 2005 7:25 pm

Post by jcullison »

You could also try HumanAuth http://www.gigoit.org/humanauth/ or KittenAuth http://www.kittenauth.com/. They are not crackable by OCR in my opinion.

Regards,
Jim[/url]
Post Reply