Image verification really sucks

[falko]

Can you post how you did that? Might be interesting for users who run a phpbb forum.

[alexillsley]

Sure, nice to give something back here

Should i post it here or write it as a how to?

[falko]

Post it here.

[sjau]

I still think you should run your own captcha program... not one provided by vbulletin because the more people use the same system the more interesting it becomes to hack... however if you are the only one using a certain captcha who would bother to hack it?

[alexillsley]

This post will hopefully stop spammers from signing up on your phpbb forum. Just follow the steps below:

1. First open the file in the phpbb root, /includes/usercp_register.php

2. Find this part in the script:

PHP Code:

    else if ( $mode == 'register' )
    {
        if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
        {
            $error = TRUE;
            $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
        } 


3. Now add the following exactly below it:

PHP Code:

// ----  check not a dogy user ------
// By Alex Illsley 2006
// www.fireproductions.co.uk

function user_dogy_check($word) {
if(stristr(strtolower($_POST['occupation']), $word)) { return "TRUE"; }
if(stristr(strtolower($_POST['interests']), $word)){ return "TRUE"; }
if(stristr(strtolower($_POST['website']), $word)) { return "TRUE"; }

}

if (user_dogy_check("sex") 
OR user_dogy_check("anal") 
OR user_dogy_check("porn") 
OR user_dogy_check("tramadol")
OR user_dogy_check("pharm")
OR user_dogy_check("viagra") 
OR user_dogy_check("dating")
OR user_dogy_check("nude")) 
{ $error=TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . "Dogy User Profile, ACCESS DENIED!"; }

// CHECK END 


I also made my own PHP capatcha aswell for my phpbb forum, i get like no spam bots now.

I hope this helps someone,
Alex

[sjau]

another spambot wave hits the forums here... I'm still of the opinion that an own verification service/captcha service would be better because adaptation will be less likely...

Once you hack the default vb mechanisms you can spam on ever vb board that uses those ones.

Although it might very well be, that the registration of accs is done manually and once the acc is confirmed use the spambots.

[TheRudy]

The never ending war

I'm went over lots of CAPTCHAs including my own and none of them was so successfull as the one i'm using now. recaptcha.net, its free, its for a good cause and so far its not been beatable by a OCR.

You even have it set for this forum: http://www.vbulletin.org/forum/showthread.php?t=151824

Of course sometimes spammers do get over this protection by using real people to post spam.