Jump to content

Bots / Scripts Can Register on 2.3.5


Guest Katsuma

Recommended Posts

  • Replies 161
  • Created
  • Last Reply

We are continuing to develop methods of reducing the amount of spam received. In addition to our recent spam prevention improvements ( http://forums.invisionpower.com/index.php?showtopic=277539 ), we are working on an update to IP.Board 2.3.6. This will include better spam protection provided by reCAPTCHA ( http://recaptcha.net/ ). The update should be released later today. Please keep an eye out for a newsletter and a bulletin in your Admin CP for when it is released.
You can also subscribe to this forum:
http://forums.invisionpower.com/index.php?showforum=1


What we will need for you...

We will need you to visit the reCAPTCHA site linked above. From there, sign up for a free account by clicking "Get reCAPTCHA". Once signed up, you will be presented with a Private and Public Key. Please keep these keys handy, as once you upgrade to IP.Board 2.3.6, you will need to enter them in your Admin CP in order to make use of reCAPTCHA.


Thank you for your understanding with this matter.

Link to comment
Share on other sites

We will need you to visit the reCAPTCHA site linked above. From there, sign up for a free account by clicking "Get reCAPTCHA". Once signed up, you will be presented with a Private and Public Key. Please keep these keys handy, as once you upgrade to IP.Board 2.3.6, you will need to enter them in your Admin CP in order to make use of reCAPTCHA.




Thank you for your understanding with this matter.


This is great, as I'm already using reCAPTCHA on several other non-forum related pages on my site, so this will fit in nicely..

http://www.atariage.com/contact.php

..Al
Link to comment
Share on other sites

Exactly! The register.php code already used the new method of generating the numbers in the image but xmlout.php didn't. This meant all spammers had to do was load the page and then re-load the image to get the easier-to-crack image.



Spammers simulate mouse click?? How he call JS -> init_gd_image()?
Link to comment
Share on other sites

I'm add simple code to xmlout.php and create table ibf_xmlout_log..

		  extract($_SERVER);

		  $text = "->".$REQUEST_METHOD." ".$REQUEST_URI." ".$HTTP_REFERER." ".$HTTP_USER_AGENT."<-";

		  $this->ipsclass->DB->do_insert( 'xmlout_log', array( 'ip' => $REMOTE_ADDR, 'data' => $text));



forum under attack...

Link to comment
Share on other sites

Some of the new backgrounds and font colors I feel blend in to much and may detour new users in registering.


Is there anyway to maybe change it up a bit, color blind users will have a hell of a time registering.



You can upload your own images and fonts to style_captcha/captcha_backgrounds and captcha_fonts
Link to comment
Share on other sites

I'm add simple code to xmlout.php and create table ibf_xmlout_log..



		  extract($_SERVER);

		  $text = "->".$REQUEST_METHOD." ".$REQUEST_URI." ".$HTTP_REFERER." ".$HTTP_USER_AGENT."<-";

		  $this->ipsclass->DB->do_insert( 'xmlout_log', array( 'ip' => $REMOTE_ADDR, 'data' => $text));



forum under attack...



useful, could this be integrated to ACP so we could check on all those logs generated upon registration ?
Link to comment
Share on other sites

You can upload your own images and fonts to style_captcha/captcha_backgrounds and captcha_fonts




Has anyone done this? i have updated the fonts/images but on trying to read them im having a hard time, never mind some of the simpletons we get on the forum trying to read them :lol:

would be ever grateful if someone got some custom ones they would be willing to share, drop me a PM or maybe for ease of everyone link it here
Link to comment
Share on other sites

All Of You That Are Complaining Your Custom Profile Fields Are Having No Effect On Bots

Are not listening to what your being told. I have looked at each and every one that has complained so far (that linked there website) and none of your custom fields require and "EXACT" input. You just check to see if its a number or letters or don't check it at all (most of them). That defeats the purpose of an Anti Bot Field.

You need to follow the suggestion exactly to the letter.
This article in the Resource site spells it out just like it's been spelled out here in these forums several times already.
http://resources.invisionpower.com/index.p...mp;article=6104

If you look for exact input and not "nnn" or "aaaa" or some combination then the script bots can not get past the registration page. I have not had any script bot registrations since putting an anti bot profile field on the registration page over a year ago.

I get scanned by bots daily. And none have ever made it past.

This method will not stop human spammers. Only admin validation will make a dent in those and even then if they use unique names you'll have a hard time catching them till they spam.

Link to comment
Share on other sites

Mail validation - Remove direct link to validate.

Bot use only direct link to validation page and can't compile it from text.

Edit cache/lang_cache/en/lang_mail_content.php
(in $lang['reg_validate'])

search

To activate your account, simply click on the following link:


<#THE_LINK#>


(AOL Email users may need to copy and paste the link into your web

browser).


------------------------------------------------

Not working?

------------------------------------------------


If you could not validate your registration by clicking on the link, please

visit this page:

replace to

To activate your account, please visit this page:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...