YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 3 
Topic Tools
 
ggn's YaBB CAPTCHA hack (Read 11,372 times)
 Dec 25th, 2011 at 5:03pm
There are no actions to perform.  

ggn 
YaBB Newbie
*
Offline
Posts: 18


None
ggn's YaBB CAPTCHA hack
Heh, I never thought of looking around for anti-spambot modules for yabb, so I went and hacked in my own Smiley.

So, at http://dbug.kicks-ass.net/dbugforums/cgi-bin/yabb2/YaBB.pl the CAPTCHA that needs to be entered isn't the whole string displayed. After this was deployed, 0 spambots got through Cheesy (we used to get about 1 per day the last few months).

I guess if anyone wants to implement such a method, I can dig out the changes I made and post them here...
 
 
IP Logged  
 Reply #1 - Dec 26th, 2011 at 4:55am
There are no actions to perform.  

OTR 
YaBB Newbie
*
Offline
Posts: 19


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
ggn wrote on Dec 25th, 2011 at 5:03pm:
Heh, I never thought of looking around for anti-spambot modules for yabb, so I went and hacked in my own Smiley.

So, at http://dbug.kicks-ass.net/dbugforums/cgi-bin/yabb2/YaBB.pl the CAPTCHA that needs to be entered isn't the whole string displayed. After this was deployed, 0 spambots got through Cheesy (we used to get about 1 per day the last few months).

I guess if anyone wants to implement such a method, I can dig out the changes I made and post them here...

Please do.
 
 
IP Logged  
 Reply #2 - Dec 26th, 2011 at 4:28pm
There are no actions to perform.  

db 
YaBB Newbie
*
Offline
Posts: 23


None
Re: ggn's YaBB CAPTCHA hack
That would be very nice of you!
 
I use YaBB on Institute of Business and Law (Russia) web site: http://www.ibl.ru ( , -)
WWW  
IP Logged  
 Reply #3 - Jan 13th, 2012 at 12:14pm
There are no actions to perform.  

ggn 
YaBB Newbie
*
Offline
Posts: 18


None
Re: ggn's YaBB CAPTCHA hack
Oooooops, I totally forgot checking this thread. Apologies  Embarrassed. Anyway, happy new year to all people and all Smiley

And, as promised, here are my changes to Yabb 2.4:


File cgi-bin/yabb2/Sources/Decoder.pl:

Find the line (near the end of the file) that says:

Code Select All
	&captcha($captcha);
 



and change it. Now, my idea was to add an extra 2 letters at the beginning and 2 letters at the end. So it became:

Code Select All
	&captcha("XX".$captcha."XX");
 



And that's it! Yabb registration dialog will show 4 more letters in the CAPTCHA, but they'll never count as the actual string!

You can change this to your heart's delight, the "XX" and "XX" are an example. You can choose to add only characters at the beginning, or at the end, or both. (of course, if you know about string handling in perl you can do much more evil stuff, but I'm assuming you don't!)


But I wanted to let the users know that they have to omit those 4 letters, so I changed file:

cgi-bin/yabb2/Languages/English/Register.lng

in the line that goes:

Code Select All
'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.', 



to

Code Select All
'casewarning' => 'Please type exactly what text appears in the image,<br><strong>without the first two and last two characters.</strong><br />The characters must be typed in the same order,<br />and they are case-sensitive.', 



Again, you should change the message to reflect the changes you made. This simple mod made all spambots unable to register and post, and if they ever get a whiff of it, I'll simply change it to something else now that I know how! I hope it helps people.
 
 
IP Logged  
 Reply #4 - Jan 13th, 2012 at 7:37pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
The partial quote below is from this post since the YaBB quote button isn't working for this topic; at least for me (actually;
only with the post I quoted
) ...

Quote:
And, as promised, here are my changes to Yabb 2.4:


Brilliant!


Thank you! So far at least, not a single spammer has been able to register since I made these edits, although it's somewhat early for me to confirm this entirely.
Edited:

Oh yeah. A big confirmation on that! Those edits definitely worked! Spammers are being stopped left and right now.

Smiley


I made the edits as instructed, tested its implementation, and it worked wonderfully.

On an unrelated note as I indicated above, the YaBB quote button isn't working for this topic; at least for me (actually;
only with the post I quoted
)
. I improvised. Wink


« Last Edit: Jan 13th, 2012 at 9:08pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #5 - Jan 13th, 2012 at 9:03pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Bill Myers wrote on Jan 13th, 2012 at 7:37pm:
...
Thank you! So far at least, not a single spammer has been able to register since I made these edits ...


Oh yeah. A big confirmation on that! Those edits definitely worked! Spammers are being stopped left and right now.

See ggn's easy to edit modifications here. Smiley

« Last Edit: Jan 13th, 2012 at 9:15pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #6 - Jan 15th, 2012 at 2:34pm
There are no actions to perform.  

George Maschke 
Full Member
***
Offline
Posts: 315


None
Re: ggn's YaBB CAPTCHA hack
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng
 
...
WWW George Maschke georgemaschke georgewmaschke GeorgeMaschke  
IP Logged  
 Reply #7 - Jan 16th, 2012 at 12:34am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Important!
:
YaBB isn't allowing me to modify my own post, so please take note that additional instructions should be included in my previous post.

Sorry for this confusion, but evidently YaBB's moderators aren't allowing modifications to a post after a certain amount of time has passed.

In any case, please be sure to make a note of George's instructions to make additional edits as he outlined.
Bill Myers wrote on Jan 13th, 2012 at 9:03pm:
[quote author=000B0E0E0F1B071011620 link=1322705982/13#13 date=1326483440]...
Those edits definitely worked! Spammers are being stopped left and right now.

Incomplete
:

See ggn's easy to edit modifications here. Smiley
Be sure to also edit the following files as George instructs below
:


George Maschke wrote on Jan 15th, 2012 at 2:34pm:
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng


« Last Edit: Jan 16th, 2012 at 12:39am by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #8 - Jan 16th, 2012 at 12:38am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
George Maschke wrote on Jan 15th, 2012 at 2:34pm:
I join Bill Myers in thanking ggn for the antispam hack for YaBB 2.4. I would just note that the language about the characters to be omitted when entering the captcha should be changed not only in Register.lng, but also in:

LogInOut.lng
SendTopic.lng
Post.lng

Thank you George!


Evidently, unless it's a bug, YaBB's moderators aren't allowing modifications in posts to make corrections after a certain amount of time has passed (or possibly Corey if he's the only one who can change the settings).
Edited:

Sorry I'm not able to correct mistakes I've made in my older posts, but here is the reason:
Corey Chapman wrote on Jan 16th, 2012 at 6:27pm:
... The time limit here for modifying or deleting ones' own posts is 2 days.  After 30 mins from the post time stamp, it will display the message that it has been modified.


« Last Edit: Jan 16th, 2012 at 8:03pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #9 - Jan 16th, 2012 at 6:27pm
There are no actions to perform.  

Corey Chapman 
YaBB Administrator
*****
Offline
Posts: 10,015
Rock Hill, South Carolina


YaBB 2.5
Re: ggn's YaBB CAPTCHA hack
I don't think it is a bug or a setting I have locked down as far as modifying posts goes. Since this setting has existed, it has remained the same here. The time limit here for modifying or deleting ones' own posts is 2 days. After 30 mins from the post time stamp, it will display the message that it has been modified.

Moderators, assuming they can modify someone else's posts, can either modify indefinitely or perhaps only within that 2 days (although I thought it was indefinitely because I know that is how it works for Administrators). There is no setting for this.
« Last Edit: Jan 16th, 2012 at 6:30pm by Corey Chapman »  
...
722568493  
IP Logged  
 Reply #10 - Jan 16th, 2012 at 7:56pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
Corey Chapman wrote on Jan 16th, 2012 at 6:27pm:
I don't think it is a bug or a setting I have locked down as far as modifying posts goes. Since this setting has existed, it has remained the same here. The time limit here for modifying or deleting ones' own posts is 2 days. After 30 mins from the post time stamp, it will display the message that it has been modified.

Moderators, assuming they can modify someone else's posts, can either modify indefinitely or perhaps only within that 2 days (although I thought it was indefinitely because I know that is how it works for Administrators). There is no setting for this.

Yes, that's been my experience as well. Admins and moderators can modify posts without restrictions. I've always felt that members should be able to do the same, which is why I've continued to allow it. To do otherwise seems overly restrictive, and user-unfriendly.

But to each their own.  Wink

On a personal note about restricting the ability of members to modify their own posts, when a member is unable to correct a mistake, especially when it comes to giving advice to others, a lot of bad, and incorrect information stays online. That can't be good.

Of course, human nature being the way it is, corrections to bad information isn't likely to be updated, so I guess bad information will stay online no matter what.

Thankfully, at least we can point out previous mistakes with corrections in new posts even if older posts can't be corrected.  Smiley


 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #11 - Jan 16th, 2012 at 10:16pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Corrections! - Re: ggn's YaBB CAPTCHA hack
Since this forum doesn't allow us to correct mistakes in our posts after they've been online for 2 days, I wanted to post corrected instructions to clarify them for anyone who wants to keep spammers from registering in your forum.

I've confirmed that ggn's initial instructions (here in this post) combined with George's additional instructions (here in this post) work as they're supposed to, as we haven't had a single spammer get through the registration process since we made these very simple edits.

Here they are in a 2-step process that involves 5 files:

Go to file cgi-bin/yabb2/Sources/Decoder.pl:

Find the line (near the end of the file) that reads:

&captcha($captcha);

Change the line above as follows to:

&captcha("XX".$captcha."XX");

Note
: You'll want to let the users know that they have to omit those 4 letters, so the following 4 files should be changed (
see the change below
):

cgi-bin/yabb2/Languages/English/LogInOut.lng

cgi-bin/yabb2/Languages/English/Post.lng

cgi-bin/yabb2/Languages/English/Register.lng

cgi-bin/yabb2/Languages/English/SendTopic.lng

-
Change to be made in each of the 4 files above
-

In the line that reads:

'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',

Change to:

'casewarning' => 'Please type exactly what text appears in the image,<br />without the first two and last two characters.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',

That's it!


As always, it's recommended that you keep a copy of the original files you are changing in case a problem comes up, and you need to upload any one of them again.

Another recommendation is to sign up for a test registration to see what the public sees. You can obviously delete that test membership after you've confirmed that everything is working properly.

Edited:
Smiley

Again, since implementing these changes, our forum hasn't had one single spam-bot registration get through; only legitimate registrations have been processed.

Smiley


« Last Edit: Jan 17th, 2012 at 7:31pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #12 - Jan 18th, 2012 at 7:37pm
There are no actions to perform.  

ggn 
YaBB Newbie
*
Offline
Posts: 18


None
Re: ggn's YaBB CAPTCHA hack
Wow, I didn't expect anyone to take notice of it! I'm glad it helped some people Smiley.

A couple of notes:

  1. I wasn't aware you can add CAPTCHA to logon/logoff/post/send topic, so I didn't know about the extra files needed to be modded. Thanks for pointing that out.
  2. You can insert as many letters as you like instead of "XX" in both left and right parts, just make sure you modify the instructions accordingly Smiley
 
 
IP Logged  
 Reply #13 - Jan 19th, 2012 at 12:25am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: ggn's YaBB CAPTCHA hack
ggn wrote on Jan 18th, 2012 at 7:37pm:
Wow, I didn't expect anyone to take notice of it! I'm glad it helped some people Smiley.

Your mod helped enormously! The difference between night and day, so again, thank you!

I still haven't had one single spam registration get through since I implemented your mod; just legitimate registrations that were processed without a hitch.

I was surprised that the spam registrations stopped entirely because I had wrongly believed that pretty much all attempted registrations were being done by human spammers trying to register.

Go figure!  Huh

And thanks to George again, too, because those other files needed to be changed as well, which was easily done.

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #14 - Apr 6th, 2012 at 7:24am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Possible Important Update: Re: ggn's YaBB CAPTCHA
This forum doesn't allow the modification of posts after 5 days even when information needs to be corrected or updated. As such, there will be misinformation throughout this forum, at least certainly in some of my posts, so take things with a grain of salt.

Common sense solution
: Always be mindful of newer posts in case older ones contain errors.



Possible important update to ggn's anti-spam hack
(verified for YaBB 2.4):

It came to my attention in this post that a possible error can be made with ggn's anti-spam hack if you aren't careful about typing text exactly as it should be typed. This should include spaces and characters in the coding that you see in the instructions below.

As such, please make note of the following instructions to implement this very effective anti-spam hack to stop spam-bots from registering in your forum.

Human bots, or "Hu-bots" can be effectively stopped by selecting Pre-registration with admin membership approval.


This anti-spam hack is a 2-step process that involves 5 files:

First file to edit
: cgi-bin/yabb2/Sources/Decoder.pl

Find the line (near the end of the file) that reads:

Code Select All
&captcha($captcha); 


Change the line above as follows to:

Code Select All
&captcha("XX".$captcha."XX"); 


Note
: You'll want to let people know that they have to omit those 4 letters (XX and XX), or any letters you choose, so the following 4 files should also be edited as instructed below in the code boxes:

cgi-bin/yabb2/Languages/English/LogInOut.lng

cgi-bin/yabb2/Languages/English/Post.lng

cgi-bin/yabb2/Languages/English/Register.lng

cgi-bin/yabb2/Languages/English/SendTopic.lng

-
The following change should be made in each of the 4 files above
-

In the line that reads:

Code Select All
'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.', 


Change to:

Code Select All
'casewarning' => 'Please type exactly what text appears in the image,<br /><strong>without the first two and last two characters.</strong><br />The characters must be typed in the same order,<br />and they are case-sensitive.', 


To the left of your auto-generated Verification Code,
this edit will produce the following result
:

Your Verification Code is:
Please type exactly what text appears in the image,
without the first two and last two characters.
The characters must be typed in the same order,
and they are case-sensitive.


As always, it's recommended that you keep a copy of the original files you are changing in case a problem comes up, and you need to upload any one of them again.

Remember to upload all of these files in ASCII;
not binary
.

Another recommendation is to sign up for a test registration to see what the public sees. You can obviously delete that test membership after you've confirmed that everything is working properly.

Verification note
(YaBB 2.4): As of a week or so ago in the forum that I operate, this anti-spam hack has stopped over 300,000 attempted registrations by spam-bots.
Not one single spam-bot has been able to register!  Smiley

Recommendation: Even though I can personally confirm that this anti-spam hack works as advertised, thanks to ggn authoring it, and I recommend it, it's probably better to install an anti-spam mod that's been written for YaBB if you know how to install mods.

I don't know how to install mods, which is why I implemented ggn's anti-spam hack.

Unfortunately, spammers will most likely come up with a new way to spam our forums. Meanwhile, we have this anti-spam tool, and others to stop spammers cold.

Good luck.
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
Pages: 1 2 3 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.