Advertisement:

Author Topic: reCAPTCHA for SMF  (Read 433135 times)

Offline SugarD-x

  • Full Member
  • ***
  • Posts: 412
  • Gender: Male
  • SMF and PHPBB Fan
    • SugarDx on Facebook
    • SugarD-x on GitHub
    • sugardx on LinkedIn
    • @SugarDx on Twitter
    • Clan Xperience
Re: reCAPTCHA for SMF
« Reply #680 on: April 29, 2013, 05:25:11 AM »
i install this mod successfully in my forum 2.0.4 , and after that it brought out an error on the header of the forum.
pls see screenshot

what can i do
It looks like you either have another mod conflicting with it, or something went wrong in the install. Do you have any other mods installed?

i have only Anti Bot: Are You Human/Bot? installed
Hmm...not sure of any conflicts there. What SMF version is your theme running at?


smf 2.0.4
Odd. Not sure myself then. Someone else a bit more experienced may need to check into this. Sorry about that man.

Offline babalola olasehinde

  • Jr. Member
  • **
  • Posts: 233
Re: reCAPTCHA for SMF
« Reply #681 on: April 29, 2013, 10:11:55 AM »
i install this mod successfully in my forum 2.0.4 , and after that it brought out an error on the header of the forum.
pls see screenshot

what can i do
It looks like you either have another mod conflicting with it, or something went wrong in the install. Do you have any other mods installed?

i have only Anti Bot: Are You Human/Bot? installed
Hmm...not sure of any conflicts there. What SMF version is your theme running at?


smf 2.0.4
Odd. Not sure myself then. Someone else a bit more experienced may need to check into this. Sorry about that man.

i think you are right on this

i just tried installing facebook like mod and one other mod and thesame problem occured

now pls how do i repair this error

so sorry for your time

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,072
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: reCAPTCHA for SMF
« Reply #682 on: April 30, 2013, 03:05:32 PM »
babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline babalola olasehinde

  • Jr. Member
  • **
  • Posts: 233
Re: reCAPTCHA for SMF
« Reply #683 on: April 30, 2013, 06:00:08 PM »
babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.

this is the last line of the  Modifications.english.php

$txt['are_you_human_q_2'] = 'Random Question';?>


should i delete the whole line

TheListener

  • Guest
Re: reCAPTCHA for SMF
« Reply #684 on: April 30, 2013, 06:10:52 PM »
babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.

this is the last line of the  Modifications.english.php

$txt['are_you_human_q_2'] = 'Random Question';?>


should i delete the whole line

Quote
$txt['are_you_human_q_2'] = 'Random Question';?>

Should show as

Code: [Select]
[quote]$txt['are_you_human_q_2'] = 'Random Question';
?>

Make sure there are no lines after the?>

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 73,189
Re: reCAPTCHA for SMF
« Reply #685 on: April 30, 2013, 06:12:28 PM »
That also needs to be the last ?> in the file. Might be quicker if it were just uploaded here for examination.
No good deed goes unpunished
All helpful urges should be circumvented

Offline babalola olasehinde

  • Jr. Member
  • **
  • Posts: 233
Re: reCAPTCHA for SMF
« Reply #686 on: April 30, 2013, 06:20:02 PM »
That also needs to be the last ?> in the file. Might be quicker if it were just uploaded here for examination.

okay see attachment for the file

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 73,189
Re: reCAPTCHA for SMF
« Reply #687 on: April 30, 2013, 06:26:42 PM »
Yeah, there's only one ?> in the file and it should be as Old Fossil says.

Code: (find) [Select]
$txt['are_you_human_q_2'] = 'Random Question';?>
Code: (replace with) [Select]
$txt['are_you_human_q_2'] = 'Random Question';
?>
No good deed goes unpunished
All helpful urges should be circumvented

Offline 123sweat

  • Newbie
  • *
  • Posts: 2
Re: reCAPTCHA for SMF
« Reply #688 on: May 11, 2013, 09:01:36 AM »
Hi,

I am trying to get this mod installed on an old smf version 1.1.2.

I have done all the modification manual, but i don't see the "enable recaptcha" interface in
SMF 1.1:
Admin -> Registration -> Settings

1/ all the text phrases are empty? i did modify Modification.english.php



[EDIT] Ok i have the recaptcha working but the verificiation_image is also visible??
2/ also refreshing the page causes the image verification to act strange, it seems to have to do with session i think?
« Last Edit: May 11, 2013, 11:06:34 AM by 123sweat »

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,072
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: reCAPTCHA for SMF
« Reply #689 on: May 11, 2013, 11:47:21 AM »
First, you really should think about upgrading to the latest 1.1 release of SMF. That old version has known security issues.

If both the built-in verification image and reCAPTCHA are showing, you might have made a bad manual edit somewhere. The two should be mutually exclusive. Review your edits, and if you can't find the issue reply back and I'll let you know what files you can send for me to review.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline SugarD-x

  • Full Member
  • ***
  • Posts: 412
  • Gender: Male
  • SMF and PHPBB Fan
    • SugarDx on Facebook
    • SugarD-x on GitHub
    • sugardx on LinkedIn
    • @SugarDx on Twitter
    • Clan Xperience
Re: reCAPTCHA for SMF
« Reply #690 on: May 11, 2013, 12:36:20 PM »
First, you really should think about upgrading to the latest 1.1 release of SMF. That old version has known security issues.
I have to agree. You are very far behind in updates, and you are putting your forum at extreme risk by not upgrading, as well as causing yourself more issues with other mods you may be trying to also use.

Offline 123sweat

  • Newbie
  • *
  • Posts: 2
Re: reCAPTCHA for SMF
« Reply #691 on: May 11, 2013, 05:02:15 PM »
tx guys for taking the time and helping an old forum user.

yes you are absolute right about the upgrade.

I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

kind regards,

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 73,189
Re: reCAPTCHA for SMF
« Reply #692 on: May 11, 2013, 05:03:28 PM »
Quote
Only i am still getting some spam registered users.

reCAPTCHA has been broken for some time.

Quote
Do you know which security issues might be the cause of this?

The spammers are smarter than they used to be.

Add additional anti spam mods, e.g. Bad Behaviour, Misc Anti Spam.
No good deed goes unpunished
All helpful urges should be circumvented

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,072
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: reCAPTCHA for SMF
« Reply #693 on: May 11, 2013, 09:15:39 PM »
I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

What Arantor said. reCAPTCHA is more effective than the built-in SMF image verification, but it's still very weak thanks to human-backed services that spammers use. You will want to look at other anti-spam modifications to layer your defenses. I believe there's a version of SMF 2.0's registration questions available as a modification for the 1.1 releases. That's a fairly strong measure as long as you don't use general-knowledge questions.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 73,189
Re: reCAPTCHA for SMF
« Reply #694 on: May 11, 2013, 09:43:23 PM »
Huh, I didn't notice it was actually for 1.1.x... I don't know what of the anti-spam measures are actually maintained for 1.1.x any more (I know that if Bad Behaviour is, it's going to be out of date and Misc Anti Spam isn't - nor will it ever be - out for 1.1.x)
No good deed goes unpunished
All helpful urges should be circumvented

Offline dimspace

  • Jr. Member
  • **
  • Posts: 343
    • @dimspace on Twitter
    • Velorooms.com
Re: reCAPTCHA for SMF
« Reply #695 on: June 15, 2013, 08:46:58 AM »
I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

What Arantor said. reCAPTCHA is more effective than the built-in SMF image verification, but it's still very weak thanks to human-backed services that spammers use. You will want to look at other anti-spam modifications to layer your defenses. I believe there's a version of SMF 2.0's registration questions available as a modification for the 1.1 releases. That's a fairly strong measure as long as you don't use general-knowledge questions.

I dispute this.. after testing recaptcha for 5 days, the number of spammers making it past captcha (and getting stopped by stop forum spam), has risen from 0-3 a day, to over 30 today.

Im going to leave recaptcha running a few more days just to check it wasnt a one off spam attack, but at the moment, i would summise that the standard smf captcha is infinitely more effective.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,072
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: reCAPTCHA for SMF
« Reply #696 on: June 15, 2013, 01:37:30 PM »
Both the standard SMF image verification and the reCAPTCHA service are easily bypassed by more sophisticated spamming programs. It is important to have defense-in-depth.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline dimspace

  • Jr. Member
  • **
  • Posts: 343
    • @dimspace on Twitter
    • Velorooms.com
Re: reCAPTCHA for SMF
« Reply #697 on: June 15, 2013, 04:13:59 PM »
I have bad behaviour mod as first line, and Stop Spammerfor any that get through registration.

generally with smf captcha i get between 0-3 cases a day that get as far as  stop spammer and get put for manual checking.

Installed reCaptcha on Monday.

Tuesday 17 spammers made it through registration and got picked up by "stop spammer"
Wednesday 23
Thursday 19
Friday 26

This morning when i logged on, 34 different spammers had got through registration and been stopped by "Stop Spammer"

Over the course of today I had a further 17 that got past registration and got picked up by "stop spammer" for manual checking. Eventually it got silly and i reverted to standard smf captcha. Since then (1700h) ive had one got through (its now 2100)

Now it may be that Ive just been subjected to a week long co-incidental spam attack. And it may be the lack of spammers tonight is down to the eastern countries being in bed. My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

Will see what happens back on the smf default over the next few days and report back.

Was going to leave recaptcha enabled for longer but my staff were starting to get really narky.

None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,072
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: reCAPTCHA for SMF
« Reply #698 on: June 16, 2013, 03:30:14 AM »
My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

It is very possible that they are using a human-backed service that can use reCAPTCHA but need to fall back to stupid OCR on the built-in SMF feature.


None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

There have been several effective attacks on the service itself over the last several years. With the rise of human-backed solving services like CaptchaBot (among many others) that have an easy API, anyone with a few dollars can pay to have actual humans solve CAPTCHA and other image solutions easily. This is why things like strong question/answer blocks and defense-in-depth are needed.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline dimspace

  • Jr. Member
  • **
  • Posts: 343
    • @dimspace on Twitter
    • Velorooms.com
Re: reCAPTCHA for SMF
« Reply #699 on: June 16, 2013, 11:29:54 AM »
My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

It is very possible that they are using a human-backed service that can use reCAPTCHA but need to fall back to stupid OCR on the built-in SMF feature.


None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

There have been several effective attacks on the service itself over the last several years. With the rise of human-backed solving services like CaptchaBot (among many others) that have an easy API, anyone with a few dollars can pay to have actual humans solve CAPTCHA and other image solutions easily. This is why things like strong question/answer blocks and defense-in-depth are needed.

quite the opposite. you are missing the point.

With recaptcha multiple spammers get through, with smf captcha minimal spammers get through. This implies it is not human backed spam but automated spam that is able to defeat recaptcha.

Logged on this afternoon. No spammers got through overnight using smf captcha.

So...
Monday - 2
==== installed ReCaptcha =====
Tuesday 17 spammers made it through registration and got picked up by "stop spammer"
Wednesday 23
Thursday 19
Friday 26
Saturday 34
==== Reverted to smf captcha (on basic setting - no noise)  ====
Sunday 0

(only myself and one other have access to approving members put for manual checking by spam checker.

So my conclusion is they are not using "human backed" they are using automation which is able to get past ReCaptcha but not past SMF captcha