phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Visual confirmation: use or disable?

Goto page 1, 2  Next
 
Search this topic... | Search General Support... | Search Box
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Author Message
Chapter 24
Board Member



Joined: 29 Dec 2008

Posts: 48



PostPosted: Fri Mar 20, 2009 10:45 pm 
Post subject: Visual confirmation: use or disable?

Do you think the stock phpBB2 Visual Confirmation Code used for new registrations does any good at all for stopping spambots?

I received an email today from a person who is visually impaired and couldn't see to fill in the code. I disabled the code so he could register, but now I'm wondering if I should just leave it disabled.

I have the anti-spam RAC MOD installed.
Do you think there is any reason at all to use the Visual Confirmation Code as well?
I always left it enabled because I figured it couldn't hurt, but if it's totally useless at this point, I'm thinking maybe it's better to get rid of it so other visually impaired people aren't inconvenienced. Do any of you guys still use it?
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 628
Location: Spain


flag
PostPosted: Sat Mar 21, 2009 3:00 am 
Post subject: Re: Visual confirmation: use or disable?

I am convinced it is useless and I'm sure that with the RAC MOD you are using you have enough to stop all spambots from registering.
_________________
phpBB2 will never die, I hope!
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Sat Mar 21, 2009 4:51 am 
Post subject: Re: Visual confirmation: use or disable?

Nope, it's useless.

PhpBB2's visual confirmation code has never changed. In all that time bots have easily adapted to maneuver around it without any trouble.

I agree with Dogs and Things; that Mod should stop all your bot problems. :3
Back to top
khofech
Board Member



Joined: 26 Feb 2009

Posts: 44



PostPosted: Sat Mar 21, 2009 6:04 am 
Post subject: Re: Visual confirmation: use or disable?

Can u explain how bots find a way around the phpbb2 vc?
Do they use an image recognization algorithm ? Or they can guess the code from the url or something like that?

For of i use anti robotics mod with the default vc .
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Sat Mar 21, 2009 6:34 pm 
Post subject: Re: Visual confirmation: use or disable?

This may not be how they do it, but I know this is how a worm (like a computer infiltrating virus) would do it:

PhpBB2 is an open-source code, free to everyone. The visual confirmation has a special code that generates a special algorithm to generate the random image(s).

These bots can easily be coded with this exact same code so when they ping to your server, their algorithm will generate the exact same result as the site's algorithm.

All they have to do is program it so that when a certain image shows up a certain text is put in the field.
Back to top
Ptirhiik
Board Member



Joined: 19 Nov 2008

Posts: 114


flag
PostPosted: Sun Mar 22, 2009 6:37 am 
Post subject: Re: Visual confirmation: use or disable?

They more often use basic OCR apis (Optical Character Recog).
Back to top
Chapter 24
Board Member



Joined: 29 Dec 2008

Posts: 48



PostPosted: Sun Mar 22, 2009 2:35 pm 
Post subject: Re: Visual confirmation: use or disable?

Thanks for the input on this. I'm going to leave visual confirmation disabled.
Back to top
Dog Cow
Board Member



Joined: 18 Nov 2008

Posts: 378


flag
PostPosted: Sun Mar 22, 2009 6:42 pm 
Post subject: Re: Visual confirmation: use or disable?

khofech wrote:
Can u explain how bots find a way around the phpbb2 vc?
Do they use an image recognization algorithm ?

See here: http://www.apathysketchpad.com/blog/2007/06/05/how-to-crack-captchas/

_________________
Moof!
Lincoln's Tomb, Oak Ridge Cemetery, Springfield ILMac 512K BlogMac GUI
Back to top
khofech
Board Member



Joined: 26 Feb 2009

Posts: 44



PostPosted: Mon Mar 23, 2009 4:04 am 
Post subject: Re: Visual confirmation: use or disable?

Dog Cow wrote:
khofech wrote:
Can u explain how bots find a way around the phpbb2 vc?
Do they use an image recognization algorithm ?

See here: http://www.apathysketchpad.com/blog/2007/06/05/how-to-crack-captchas/
ohhhhhh , i red it, and now i'm what they called terrifed, what about a +/- secure captcha ? I think that i'll add one of those humain question mod, or if u know tell me where to find a mod that ask u to select a image from 3. for acaria : what u told is totally incorrect I think, because whatever php is an opensource software but the captcha generation use a random key and u can't generate a duplicate random key just because u want to do so...
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Mon Mar 23, 2009 10:22 am 
Post subject: Re: Visual confirmation: use or disable?

*sigh*

Nothing is truly random in the coding one. Duplicate the algorithm, duplicate the method of utilizing it, and you get the same answer.

I may be no Php master, but I've coded my fair share of Java and this is a method used quite frequently. Though this may not be the method most bots may choose, it is a way that would work all the same.
Back to top
khofech
Board Member



Joined: 26 Feb 2009

Posts: 44



PostPosted: Mon Mar 23, 2009 12:47 pm 
Post subject: Re: Visual confirmation: use or disable?

! no problem if u aren't php master , me 2 i'm not one, but be a programmer is the important thing, then php, delphi, vb, c, or java is the second, it's like a speech, u can say letters ? then just learn the words of a specific languages, !! got it ? if yes then take a look at this function
Code:
function dss_rand()
u can find it in /includes/functions.php and it's called in the confirm code generation ....... keep talking icon_wink.gif
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Tue Mar 24, 2009 12:45 am 
Post subject: Re: Visual confirmation: use or disable?

You sure are a stubborn one.

The "random" generation is called by Php coding, it all has a root. The "random" number is a product of an algorithm. You can deny this all you want, but it's a simple truth.

You could easily code it so that when a Bot goes to a site, it pings to the server and calls the same function. It would, obviously, generate the same number.

Same algorithm + exact same call = Same generation.

I even just went and looked this up on Google. Though there's nothing saying this is a common (or even implemented) method, simple coding laws back this up.


Now, really. You were the one asking how they can get around this and I provided you an answer that is correct. Accept the fact, hun.
Back to top
Ptirhiik
Board Member



Joined: 19 Nov 2008

Posts: 114


flag
PostPosted: Tue Mar 24, 2009 7:45 am 
Post subject: Re: Visual confirmation: use or disable?

Woaw, keep cool boys icon_smile.gif. Actually, you are both right: being in the same conditions, you will indeed generate the same number, that's a fact. However, the whole point of the seeding through the database is precisely to lower the risk the conditions remains the same, as the data are changing accordling the database value stored, and two servers are involved in the process (db & apache) with their own latency, variable in the time.
Back to top
khofech
Board Member



Joined: 26 Feb 2009

Posts: 44



PostPosted: Tue Mar 24, 2009 8:06 am 
Post subject: Re: Visual confirmation: use or disable?

oh yeah , i'm a stubborn, my mom always told me that loooooooool, what I knew and study, is that the randomize use the processor always or the old math coprocessor when that stuff was used in old pc, ok, following your meaning , will conduct us saying that a guys opening the same phpbb registration page with the same server at the same time will have the same VC code ??? did I miss something ?!
Back to top
Ptirhiik
Board Member



Joined: 19 Nov 2008

Posts: 114


flag
PostPosted: Tue Mar 24, 2009 11:57 am 
Post subject: Re: Visual confirmation: use or disable?

Yep: as the code is generated using the seed, and as the seed changes at each request, the both won't receive the same seed even if they ask at the exact same tick: one will access and update the database prior the second, making the code different.
Back to top
Display posts from previous:   
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Page 1 of 2 All times are GMT - 4 Hours
Goto page 1, 2  Next
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0505 seconds using 16 queries. (SQL 0.0095 Parse 0.0010 Other 0.0399)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo