reCAPTCHA for SMF

Started by 青山 素子, December 28, 2007, 12:16:40 PM

Previous topic - Next topic

SD-X

Quote from: babalola olasehinde on April 29, 2013, 05:02:28 AM
Quote from: SugarD-x on April 29, 2013, 04:58:54 AM
Quote from: babalola olasehinde on April 29, 2013, 03:03:17 AM
Quote from: SugarD-x on April 29, 2013, 02:51:03 AM
Quote from: babalola olasehinde on April 29, 2013, 02:43:05 AM
i install this mod successfully in my forum 2.0.4 , and after that it brought out an error on the header of the forum.
pls see screenshot

what can i do
It looks like you either have another mod conflicting with it, or something went wrong in the install. Do you have any other mods installed?

i have only Anti Bot: Are You Human/Bot? installed
Hmm...not sure of any conflicts there. What SMF version is your theme running at?


smf 2.0.4
Odd. Not sure myself then. Someone else a bit more experienced may need to check into this. Sorry about that man.

babalola olasehinde

Quote from: SugarD-x on April 29, 2013, 05:25:11 AM
Quote from: babalola olasehinde on April 29, 2013, 05:02:28 AM
Quote from: SugarD-x on April 29, 2013, 04:58:54 AM
Quote from: babalola olasehinde on April 29, 2013, 03:03:17 AM
Quote from: SugarD-x on April 29, 2013, 02:51:03 AM
Quote from: babalola olasehinde on April 29, 2013, 02:43:05 AM
i install this mod successfully in my forum 2.0.4 , and after that it brought out an error on the header of the forum.
pls see screenshot

what can i do
It looks like you either have another mod conflicting with it, or something went wrong in the install. Do you have any other mods installed?

i have only Anti Bot: Are You Human/Bot? installed
Hmm...not sure of any conflicts there. What SMF version is your theme running at?


smf 2.0.4
Odd. Not sure myself then. Someone else a bit more experienced may need to check into this. Sorry about that man.

i think you are right on this

i just tried installing facebook like mod and one other mod and thesame problem occured

now pls how do i repair this error

so sorry for your time

青山 素子

babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


babalola olasehinde

Quote from: 青山 素子 on April 30, 2013, 03:05:32 PM
babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.

this is the last line of the  Modifications.english.php

$txt['are_you_human_q_2'] = 'Random Question';?>


should i delete the whole line

TheListener

Quote from: babalola olasehinde on April 30, 2013, 06:00:08 PM
Quote from: 青山 素子 on April 30, 2013, 03:05:32 PM
babalola olasehinde,

Find the file Modifications.english.php in the default theme directory. Look near the end of the file for the line "?>". Delete that line or move it to the very end of the file, ensuring there are no blank lines after it.

this is the last line of the  Modifications.english.php

$txt['are_you_human_q_2'] = 'Random Question';?>


should i delete the whole line

Quote$txt['are_you_human_q_2'] = 'Random Question';?>

Should show as

[quote]$txt['are_you_human_q_2'] = 'Random Question';
?>


Make sure there are no lines after the?>

Arantor

That also needs to be the last ?> in the file. Might be quicker if it were just uploaded here for examination.

babalola olasehinde

Quote from: Arantor on April 30, 2013, 06:12:28 PM
That also needs to be the last ?> in the file. Might be quicker if it were just uploaded here for examination.

okay see attachment for the file

Arantor

Yeah, there's only one ?> in the file and it should be as Old Fossil says.

Code (find) Select
$txt['are_you_human_q_2'] = 'Random Question';?>

Code (replace with) Select
$txt['are_you_human_q_2'] = 'Random Question';
?>

123sweat

#688
Hi,

I am trying to get this mod installed on an old smf version 1.1.2.

I have done all the modification manual, but i don't see the "enable recaptcha" interface in
SMF 1.1:
Admin -> Registration -> Settings

1/ all the text phrases are empty? i did modify Modification.english.php



[EDIT] Ok i have the recaptcha working but the verificiation_image is also visible??
2/ also refreshing the page causes the image verification to act strange, it seems to have to do with session i think?

青山 素子

First, you really should think about upgrading to the latest 1.1 release of SMF. That old version has known security issues.

If both the built-in verification image and reCAPTCHA are showing, you might have made a bad manual edit somewhere. The two should be mutually exclusive. Review your edits, and if you can't find the issue reply back and I'll let you know what files you can send for me to review.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


SD-X

Quote from: 青山 素子 on May 11, 2013, 11:47:21 AM
First, you really should think about upgrading to the latest 1.1 release of SMF. That old version has known security issues.
I have to agree. You are very far behind in updates, and you are putting your forum at extreme risk by not upgrading, as well as causing yourself more issues with other mods you may be trying to also use.

123sweat

tx guys for taking the time and helping an old forum user.

yes you are absolute right about the upgrade.

I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

kind regards,

Arantor

QuoteOnly i am still getting some spam registered users.

reCAPTCHA has been broken for some time.

QuoteDo you know which security issues might be the cause of this?

The spammers are smarter than they used to be.

Add additional anti spam mods, e.g. Bad Behaviour, Misc Anti Spam.

青山 素子

Quote from: 123sweat on May 11, 2013, 05:02:15 PM
I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

What Arantor said. reCAPTCHA is more effective than the built-in SMF image verification, but it's still very weak thanks to human-backed services that spammers use. You will want to look at other anti-spam modifications to layer your defenses. I believe there's a version of SMF 2.0's registration questions available as a modification for the 1.1 releases. That's a fairly strong measure as long as you don't use general-knowledge questions.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Arantor

Huh, I didn't notice it was actually for 1.1.x... I don't know what of the anti-spam measures are actually maintained for 1.1.x any more (I know that if Bad Behaviour is, it's going to be out of date and Misc Anti Spam isn't - nor will it ever be - out for 1.1.x)

dimspace

Quote from: 青山 素子 on May 11, 2013, 09:15:39 PM
Quote from: 123sweat on May 11, 2013, 05:02:15 PM
I have solved my mistake and your recaptcha seems to work correctly now. Only i am still getting some spam registered users.

Do you know which security issues might be the cause of this? Is my forum register part hacked? And if so how can i check this?

What Arantor said. reCAPTCHA is more effective than the built-in SMF image verification, but it's still very weak thanks to human-backed services that spammers use. You will want to look at other anti-spam modifications to layer your defenses. I believe there's a version of SMF 2.0's registration questions available as a modification for the 1.1 releases. That's a fairly strong measure as long as you don't use general-knowledge questions.

I dispute this.. after testing recaptcha for 5 days, the number of spammers making it past captcha (and getting stopped by stop forum spam), has risen from 0-3 a day, to over 30 today.

Im going to leave recaptcha running a few more days just to check it wasnt a one off spam attack, but at the moment, i would summise that the standard smf captcha is infinitely more effective.

青山 素子

Both the standard SMF image verification and the reCAPTCHA service are easily bypassed by more sophisticated spamming programs. It is important to have defense-in-depth.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


dimspace

I have bad behaviour mod as first line, and Stop Spammerfor any that get through registration.

generally with smf captcha i get between 0-3 cases a day that get as far as  stop spammer and get put for manual checking.

Installed reCaptcha on Monday.

Tuesday 17 spammers made it through registration and got picked up by "stop spammer"
Wednesday 23
Thursday 19
Friday 26

This morning when i logged on, 34 different spammers had got through registration and been stopped by "Stop Spammer"

Over the course of today I had a further 17 that got past registration and got picked up by "stop spammer" for manual checking. Eventually it got silly and i reverted to standard smf captcha. Since then (1700h) ive had one got through (its now 2100)

Now it may be that Ive just been subjected to a week long co-incidental spam attack. And it may be the lack of spammers tonight is down to the eastern countries being in bed. My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

Will see what happens back on the smf default over the next few days and report back.

Was going to leave recaptcha enabled for longer but my staff were starting to get really narky.

None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

青山 素子

Quote from: dimspace on June 15, 2013, 04:13:59 PM
My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

It is very possible that they are using a human-backed service that can use reCAPTCHA but need to fall back to stupid OCR on the built-in SMF feature.


Quote from: dimspace on June 15, 2013, 04:13:59 PM
None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

There have been several effective attacks on the service itself over the last several years. With the rise of human-backed solving services like CaptchaBot (among many others) that have an easy API, anyone with a few dollars can pay to have actual humans solve CAPTCHA and other image solutions easily. This is why things like strong question/answer blocks and defense-in-depth are needed.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


dimspace

Quote from: 青山 素子 on June 16, 2013, 03:30:14 AM
Quote from: dimspace on June 15, 2013, 04:13:59 PM
My hunch is that they are automated and can bypass ReCaptcha easier than the smf captcha.

It is very possible that they are using a human-backed service that can use reCAPTCHA but need to fall back to stupid OCR on the built-in SMF feature.


Quote from: dimspace on June 15, 2013, 04:13:59 PM
None of this is your fault btw. The mod is great and works just as it should. I just have a feeling that ReCaptcha isnt very effective at all. :(

There have been several effective attacks on the service itself over the last several years. With the rise of human-backed solving services like CaptchaBot (among many others) that have an easy API, anyone with a few dollars can pay to have actual humans solve CAPTCHA and other image solutions easily. This is why things like strong question/answer blocks and defense-in-depth are needed.

quite the opposite. you are missing the point.

With recaptcha multiple spammers get through, with smf captcha minimal spammers get through. This implies it is not human backed spam but automated spam that is able to defeat recaptcha.

Logged on this afternoon. No spammers got through overnight using smf captcha.

So...
Monday - 2
==== installed ReCaptcha =====
Tuesday 17 spammers made it through registration and got picked up by "stop spammer"
Wednesday 23
Thursday 19
Friday 26
Saturday 34
==== Reverted to smf captcha (on basic setting - no noise)  ====
Sunday 0

(only myself and one other have access to approving members put for manual checking by spam checker.

So my conclusion is they are not using "human backed" they are using automation which is able to get past ReCaptcha but not past SMF captcha

Advertisement: