Page Index Toggle Pages: 1 [2] 3 
Topic Tools
Very Hot Topic (More than 25 Replies) ggn's YaBB CAPTCHA hack (Read 15,236 times)
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: ggn's YaBB CAPTCHA hack
Reply #15 - Jan 4th, 2013 at 4:18am
Post Tools
This will be a standard feature in the next release - Admin editable:

http://testbed.dandello.net/cgi-bin/yabb254/YaBB.pl?num=1357163985/0#0

Thanks to ggn for the input - I hope he doesn't mind. Smiley
« Last Edit: Jan 4th, 2013 at 4:26am by Derek Barnstorm »  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Possible Important Update: Re: ggn's YaBB CAPTCHA
Reply #14 - Apr 6th, 2012 at 7:24am
Post Tools
This forum doesn't allow the modification of posts after 5 days even when information needs to be corrected or updated. As such, there will be misinformation throughout this forum, at least certainly in some of my posts, so take things with a grain of salt.

Common sense solution: Always be mindful of newer posts in case older ones contain errors.



Possible important update to ggn's anti-spam hack (verified for YaBB 2.4):

It came to my attention in this post that a possible error can be made with ggn's anti-spam hack if you aren't careful about typing text exactly as it should be typed. This should include spaces and characters in the coding that you see in the instructions below.

As such, please make note of the following instructions to implement this very effective anti-spam hack to stop spam-bots from registering in your forum.

Human bots, or "Hu-bots" can be effectively stopped by selecting Pre-registration with admin membership approval.


This anti-spam hack is a 2-step process that involves 5 files:

First file to edit: cgi-bin/yabb2/Sources/Decoder.pl

Find the line (near the end of the file) that reads:

Code
Select All
&captcha($captcha); 


Change the line above as follows to:

Code
Select All
&captcha("XX".$captcha."XX"); 


Note: You'll want to let people know that they have to omit those 4 letters (XX and XX), or any letters you choose, so the following 4 files should also be edited as instructed below in the code boxes:

cgi-bin/yabb2/Languages/English/LogInOut.lng

cgi-bin/yabb2/Languages/English/Post.lng

cgi-bin/yabb2/Languages/English/Register.lng

cgi-bin/yabb2/Languages/English/SendTopic.lng

- The following change should be made in each of the 4 files above -

In the line that reads:

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.', 


Change to:

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image,<br /><strong>without the first two and last two characters.</strong><br />The characters must be typed in the same order,<br />and they are case-sensitive.', 


To the left of your auto-generated Verification Code, this edit will produce the following result:

Your Verification Code is:
Please type exactly what text appears in the image,
without the first two and last two characters.
The characters must be typed in the same order,
and they are case-sensitive.


As always, it's recommended that you keep a copy of the original files you are changing in case a problem comes up, and you need to upload any one of them again.

Remember to upload all of these files in ASCII; not binary.

Another recommendation is to sign up for a test registration to see what the public sees. You can obviously delete that test membership after you've confirmed that everything is working properly.

Verification note (YaBB 2.4): As of a week or so ago in the forum that I operate, this anti-spam hack has stopped over 300,000 attempted registrations by spam-bots.
Not one single spam-bot has been able to register!  Smiley

Recommendation: Even though I can personally confirm that this anti-spam hack works as advertised, thanks to ggn authoring it, and I recommend it, it's probably better to install an anti-spam mod that's been written for YaBB if you know how to install mods.

I don't know how to install mods, which is why I implemented ggn's anti-spam hack.

Unfortunately, spammers will most likely come up with a new way to spam our forums. Meanwhile, we have this anti-spam tool, and others to stop spammers cold.

Good luck.
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #13 - Jan 19th, 2012 at 12:25am
Post Tools
ggn wrote on Jan 18th, 2012 at 7:37pm:
Wow, I didn't expect anyone to take notice of it! I'm glad it helped some people Smiley.

Your mod helped enormously! The difference between night and day, so again, thank you!

I still haven't had one single spam registration get through since I implemented your mod; just legitimate registrations that were processed without a hitch.

I was surprised that the spam registrations stopped entirely because I had wrongly believed that pretty much all attempted registrations were being done by human spammers trying to register.

Go figure!  Huh

And thanks to George again, too, because those other files needed to be changed as well, which was easily done.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
ggn
YaBB Newcomer
*
Offline



Posts: 25
Re: ggn's YaBB CAPTCHA hack
Reply #12 - Jan 18th, 2012 at 7:37pm
Post Tools
Wow, I didn't expect anyone to take notice of it! I'm glad it helped some people Smiley.

A couple of notes:

  1. I wasn't aware you can add CAPTCHA to logon/logoff/post/send topic, so I didn't know about the extra files needed to be modded. Thanks for pointing that out.
  2. You can insert as many letters as you like instead of "XX" in both left and right parts, just make sure you modify the instructions accordingly Smiley
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Corrections! - Re: ggn's YaBB CAPTCHA hack
Reply #11 - Jan 16th, 2012 at 10:16pm
Post Tools
Since this forum doesn't allow us to correct mistakes in our posts after they've been online for 2 days, I wanted to post corrected instructions to clarify them for anyone who wants to keep spammers from registering in your forum.

I've confirmed that ggn's initial instructions (here in this post) combined with George's additional instructions (here in this post) work as they're supposed to, as we haven't had a single spammer get through the registration process since we made these very simple edits.

Here they are in a 2-step process that involves 5 files:

Go to file cgi-bin/yabb2/Sources/Decoder.pl:

Find the line (near the end of the file) that reads:

&captcha($captcha);

Change the line above as follows to:

&captcha("XX".$captcha."XX");

Note: You'll want to let the users know that they have to omit those 4 letters, so the following 4 files should be changed (see the change below):

cgi-bin/yabb2/Languages/English/LogInOut.lng

cgi-bin/yabb2/Languages/English/Post.lng

cgi-bin/yabb2/Languages/English/Register.lng

cgi-bin/yabb2/Languages/English/SendTopic.lng

- Change to be made in each of the 4 files above -

In the line that reads:

'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',

Change to:

'casewarning' => 'Please type exactly what text appears in the image,<br />without the first two and last two characters.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',

That's it!

As always, it's recommended that you keep a copy of the original files you are changing in case a problem comes up, and you need to upload any one of them again.

Another recommendation is to sign up for a test registration to see what the public sees. You can obviously delete that test membership after you've confirmed that everything is working properly.

Edited:
Smiley

Again, since implementing these changes, our forum hasn't had one single spam-bot registration get through; only legitimate registrations have been processed.

Smiley

« Last Edit: Jan 17th, 2012 at 7:31pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #10 - Jan 16th, 2012 at 7:56pm
Post Tools
Corey Chapman wrote on Jan 16th, 2012 at 6:27pm:
I don't think it is a bug or a setting I have locked down as far as modifying posts goes.  Since this setting has existed, it has remained the same here.  The time limit here for modifying or deleting ones' own posts is 2 days.  After 30 mins from the post time stamp, it will display the message that it has been modified.

Moderators, assuming they can modify someone else's posts, can either modify indefinitely or perhaps only within that 2 days (although I thought it was indefinitely because I know that is how it works for Administrators).  There is no setting for this.

Yes, that's been my experience as well. Admins and moderators can modify posts without restrictions. I've always felt that members should be able to do the same, which is why I've continued to allow it. To do otherwise seems overly restrictive, and user-unfriendly.

But to each their own.  Wink

On a personal note about restricting the ability of members to modify their own posts, when a member is unable to correct a mistake, especially when it comes to giving advice to others, a lot of bad, and incorrect information stays online. That can't be good.

Of course, human nature being the way it is, corrections to bad information isn't likely to be updated, so I guess bad information will stay online no matter what.

Thankfully, at least we can point out previous mistakes with corrections in new posts even if older posts can't be corrected.  Smiley


  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,015
Location: Rock Hill, South Carolina

None
Re: ggn's YaBB CAPTCHA hack
Reply #9 - Jan 16th, 2012 at 6:27pm
Post Tools
I don't think it is a bug or a setting I have locked down as far as modifying posts goes.  Since this setting has existed, it has remained the same here.  The time limit here for modifying or deleting ones' own posts is 2 days.  After 30 mins from the post time stamp, it will display the message that it has been modified.

Moderators, assuming they can modify someone else's posts, can either modify indefinitely or perhaps only within that 2 days (although I thought it was indefinitely because I know that is how it works for Administrators).  There is no setting for this.
« Last Edit: Jan 16th, 2012 at 6:30pm by Corey Chapman »  

Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #8 - Jan 16th, 2012 at 12:38am
Post Tools
George Maschke wrote on Jan 15th, 2012 at 2:34pm:
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng

Thank you George!

Evidently, unless it's a bug, YaBB's moderators aren't allowing modifications in posts to make corrections after a certain amount of time has passed (or possibly Corey if he's the only one who can change the settings).
Edited:
Sorry I'm not able to correct mistakes I've made in my older posts, but here is the reason:
Corey Chapman wrote on Jan 16th, 2012 at 6:27pm:
... The time limit here for modifying or deleting ones' own posts is 2 days.  After 30 mins from the post time stamp, it will display the message that it has been modified.

« Last Edit: Jan 16th, 2012 at 8:03pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #7 - Jan 16th, 2012 at 12:34am
Post Tools
Important!: YaBB isn't allowing me to modify my own post, so please take note that additional instructions should be included in my previous post.

Sorry for this confusion, but evidently YaBB's moderators aren't allowing modifications to a post after a certain amount of time has passed.

In any case, please be sure to make a note of George's instructions to make additional edits as he outlined.
Bill Myers wrote on Jan 13th, 2012 at 9:03pm:
[quote author=000B0E0E0F1B071011620 link=1322705982/13#13 date=1326483440]...
Those edits definitely worked! Spammers are being stopped left and right now.

Incomplete:
See ggn's easy to edit modifications here. Smiley
Be sure to also edit the following files as George instructs below:


George Maschke wrote on Jan 15th, 2012 at 2:34pm:
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng


« Last Edit: Jan 16th, 2012 at 12:39am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: ggn's YaBB CAPTCHA hack
Reply #6 - Jan 15th, 2012 at 2:34pm
Post Tools
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng
  

Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #5 - Jan 13th, 2012 at 9:03pm
Post Tools
Bill Myers wrote on Jan 13th, 2012 at 7:37pm:
...
Thank you! So far at least, not a single spammer has been able to register since I made these edits ...


Oh yeah. A big confirmation on that! Those edits definitely worked! Spammers are being stopped left and right now.

See ggn's easy to edit modifications here. Smiley

« Last Edit: Jan 13th, 2012 at 9:15pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Reply #4 - Jan 13th, 2012 at 7:37pm
Post Tools
The partial quote below is from this post since the YaBB quote button isn't working for this topic; at least for me (actually; only with the post I quoted) ...

Quote:
And, as promised, here are my changes to Yabb 2.4:


Brilliant!

Thank you! So far at least, not a single spammer has been able to register since I made these edits, although it's somewhat early for me to confirm this entirely.
Edited:
Oh yeah. A big confirmation on that! Those edits definitely worked! Spammers are being stopped left and right now.

Smiley


I made the edits as instructed, tested its implementation, and it worked wonderfully.

On an unrelated note as I indicated above, the YaBB quote button isn't working for this topic; at least for me (actually; only with the post I quoted). I improvised. Wink


« Last Edit: Jan 13th, 2012 at 9:08pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
ggn
YaBB Newcomer
*
Offline



Posts: 25
Re: ggn's YaBB CAPTCHA hack
Reply #3 - Jan 13th, 2012 at 12:14pm
Post Tools
Oooooops, I totally forgot checking this thread. Apologies  Embarrassed. Anyway, happy new year to all people and all Smiley

And, as promised, here are my changes to Yabb 2.4:


File cgi-bin/yabb2/Sources/Decoder.pl:

Find the line (near the end of the file) that says:

Code
Select All
	&captcha($captcha);
 



and change it. Now, my idea was to add an extra 2 letters at the beginning and 2 letters at the end. So it became:

Code
Select All
	&captcha("XX".$captcha."XX");
 



And that's it! Yabb registration dialog will show 4 more letters in the CAPTCHA, but they'll never count as the actual string!

You can change this to your heart's delight, the "XX" and "XX" are an example. You can choose to add only characters at the beginning, or at the end, or both. (of course, if you know about string handling in perl you can do much more evil stuff, but I'm assuming you don't!)


But I wanted to let the users know that they have to omit those 4 letters, so I changed file:

cgi-bin/yabb2/Languages/English/Register.lng

in the line that goes:

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.', 



to

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image,<br><strong>without the first two and last two characters.</strong><br />The characters must be typed in the same order,<br />and they are case-sensitive.', 



Again, you should change the message to reflect the changes you made. This simple mod made all spambots unable to register and post, and if they ever get a whiff of it, I'll simply change it to something else now that I know how! I hope it helps people.
  
Back to top
 
IP Logged
 
db
YaBB Newcomer
*
Offline



Posts: 23
Re: ggn's YaBB CAPTCHA hack
Reply #2 - Dec 26th, 2011 at 4:28pm
Post Tools
That would be very nice of you!
  

I use YaBB on Institute of Business and Law (Russia) web site: http://www.ibl.ru (Институт бизнеса и права, Санкт-Петербург)
Back to top
WWW  
IP Logged
 
OTR
YaBB Newcomer
*
Offline



Posts: 19

YaBB 2.6.0
Re: ggn's YaBB CAPTCHA hack
Reply #1 - Dec 26th, 2011 at 4:55am
Post Tools
ggn wrote on Dec 25th, 2011 at 5:03pm:
Heh, I never thought of looking around for anti-spambot modules for yabb, so I went and hacked in my own Smiley.

So, at http://dbug.kicks-ass.net/dbugforums/cgi-bin/yabb2/YaBB.pl the CAPTCHA that needs to be entered isn't the whole string displayed. After this was deployed, 0 spambots got through Cheesy (we used to get about 1 per day the last few months).

I guess if anyone wants to implement such a method, I can dig out the changes I made and post them here...

Please do.
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 [2] 3 
Topic Tools
 
  « Board Index ‹ Board  ^Top