Author |
Message |
Chapter 24 Board Member
Joined: 29 Dec 2008
Posts: 48
|
Posted: Fri Mar 20, 2009 10:45 pm Post subject: Visual confirmation: use or disable? |
|
|
Do you think the stock phpBB2 Visual Confirmation Code used for new registrations does any good at all for stopping spambots?
I received an email today from a person who is visually impaired and couldn't see to fill in the code. I disabled the code so he could register, but now I'm wondering if I should just leave it disabled.
I have the anti-spam RAC MOD installed.
Do you think there is any reason at all to use the Visual Confirmation Code as well?
I always left it enabled because I figured it couldn't hurt, but if it's totally useless at this point, I'm thinking maybe it's better to get rid of it so other visually impaired people aren't inconvenienced. Do any of you guys still use it? |
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Sat Mar 21, 2009 3:00 am Post subject: Re: Visual confirmation: use or disable? |
|
|
I am convinced it is useless and I'm sure that with the RAC MOD you are using you have enough to stop all spambots from registering. _________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
Acaria Board Member
Joined: 20 Feb 2009
Posts: 238
|
Posted: Sat Mar 21, 2009 4:51 am Post subject: Re: Visual confirmation: use or disable? |
|
|
Nope, it's useless.
PhpBB2's visual confirmation code has never changed. In all that time bots have easily adapted to maneuver around it without any trouble.
I agree with Dogs and Things; that Mod should stop all your bot problems. :3 |
|
Back to top |
|
|
khofech Board Member
Joined: 26 Feb 2009
Posts: 44
|
Posted: Sat Mar 21, 2009 6:04 am Post subject: Re: Visual confirmation: use or disable? |
|
|
Can u explain how bots find a way around the phpbb2 vc?
Do they use an image recognization algorithm ? Or they can guess the code from the url or something like that?
For of i use anti robotics mod with the default vc . |
|
Back to top |
|
|
Acaria Board Member
Joined: 20 Feb 2009
Posts: 238
|
Posted: Sat Mar 21, 2009 6:34 pm Post subject: Re: Visual confirmation: use or disable? |
|
|
This may not be how they do it, but I know this is how a worm (like a computer infiltrating virus) would do it:
PhpBB2 is an open-source code, free to everyone. The visual confirmation has a special code that generates a special algorithm to generate the random image(s).
These bots can easily be coded with this exact same code so when they ping to your server, their algorithm will generate the exact same result as the site's algorithm.
All they have to do is program it so that when a certain image shows up a certain text is put in the field. |
|
Back to top |
|
|
Ptirhiik Board Member
Joined: 19 Nov 2008
Posts: 114
|
Posted: Sun Mar 22, 2009 6:37 am Post subject: Re: Visual confirmation: use or disable? |
|
|
They more often use basic OCR apis (Optical Character Recog). |
|
Back to top |
|
|
Chapter 24 Board Member
Joined: 29 Dec 2008
Posts: 48
|
Posted: Sun Mar 22, 2009 2:35 pm Post subject: Re: Visual confirmation: use or disable? |
|
|
Thanks for the input on this. I'm going to leave visual confirmation disabled. |
|
Back to top |
|
|
Dog Cow Board Member
Joined: 18 Nov 2008
Posts: 378
|
|
Back to top |
|
|
khofech Board Member
Joined: 26 Feb 2009
Posts: 44
|
Posted: Mon Mar 23, 2009 4:04 am Post subject: Re: Visual confirmation: use or disable? |
|
|
Dog Cow wrote: | khofech wrote: | Can u explain how bots find a way around the phpbb2 vc?
Do they use an image recognization algorithm ? |
See here: http://www.apathysketchpad.com/blog/2007/06/05/how-to-crack-captchas/ | ohhhhhh , i red it, and now i'm what they called terrifed, what about a +/- secure captcha ? I think that i'll add one of those humain question mod, or if u know tell me where to find a mod that ask u to select a image from 3. for acaria : what u told is totally incorrect I think, because whatever php is an opensource software but the captcha generation use a random key and u can't generate a duplicate random key just because u want to do so... |
|
Back to top |
|
|
Acaria Board Member
Joined: 20 Feb 2009
Posts: 238
|
Posted: Mon Mar 23, 2009 10:22 am Post subject: Re: Visual confirmation: use or disable? |
|
|
*sigh*
Nothing is truly random in the coding one. Duplicate the algorithm, duplicate the method of utilizing it, and you get the same answer.
I may be no Php master, but I've coded my fair share of Java and this is a method used quite frequently. Though this may not be the method most bots may choose, it is a way that would work all the same. |
|
Back to top |
|
|
khofech Board Member
Joined: 26 Feb 2009
Posts: 44
|
Posted: Mon Mar 23, 2009 12:47 pm Post subject: Re: Visual confirmation: use or disable? |
|
|
! no problem if u aren't php master , me 2 i'm not one, but be a programmer is the important thing, then php, delphi, vb, c, or java is the second, it's like a speech, u can say letters ? then just learn the words of a specific languages, !! got it ? if yes then take a look at this function Code: | function dss_rand() | u can find it in /includes/functions.php and it's called in the confirm code generation ....... keep talking |
|
Back to top |
|
|
Acaria Board Member
Joined: 20 Feb 2009
Posts: 238
|
Posted: Tue Mar 24, 2009 12:45 am Post subject: Re: Visual confirmation: use or disable? |
|
|
You sure are a stubborn one.
The "random" generation is called by Php coding, it all has a root. The "random" number is a product of an algorithm. You can deny this all you want, but it's a simple truth.
You could easily code it so that when a Bot goes to a site, it pings to the server and calls the same function. It would, obviously, generate the same number.
Same algorithm + exact same call = Same generation.
I even just went and looked this up on Google. Though there's nothing saying this is a common (or even implemented) method, simple coding laws back this up.
Now, really. You were the one asking how they can get around this and I provided you an answer that is correct. Accept the fact, hun. |
|
Back to top |
|
|
Ptirhiik Board Member
Joined: 19 Nov 2008
Posts: 114
|
Posted: Tue Mar 24, 2009 7:45 am Post subject: Re: Visual confirmation: use or disable? |
|
|
Woaw, keep cool boys . Actually, you are both right: being in the same conditions, you will indeed generate the same number, that's a fact. However, the whole point of the seeding through the database is precisely to lower the risk the conditions remains the same, as the data are changing accordling the database value stored, and two servers are involved in the process (db & apache) with their own latency, variable in the time. |
|
Back to top |
|
|
khofech Board Member
Joined: 26 Feb 2009
Posts: 44
|
Posted: Tue Mar 24, 2009 8:06 am Post subject: Re: Visual confirmation: use or disable? |
|
|
oh yeah , i'm a stubborn, my mom always told me that loooooooool, what I knew and study, is that the randomize use the processor always or the old math coprocessor when that stuff was used in old pc, ok, following your meaning , will conduct us saying that a guys opening the same phpbb registration page with the same server at the same time will have the same VC code ??? did I miss something ?! |
|
Back to top |
|
|
Ptirhiik Board Member
Joined: 19 Nov 2008
Posts: 114
|
Posted: Tue Mar 24, 2009 11:57 am Post subject: Re: Visual confirmation: use or disable? |
|
|
Yep: as the code is generated using the seed, and as the seed changes at each request, the both won't receive the same seed even if they ask at the exact same tick: one will access and update the database prior the second, making the code different. |
|
Back to top |
|
|
|