reCAPTCHA for SMF

Started by 青山 素子, December 28, 2007, 12:16:40 PM

Previous topic - Next topic

SD-X

The only reason why SMF's captcha would outperform ReCaptcha's is because it's older, less-widely used, and most modern bots aren't programmed to handle it anymore since everyone has generally switched to something else. If there is a large movement where people begin going backwards on this again, (which I've seen a bit of lately), then you're only going to see a comeback of spammers essentially "raping" your forum with registrations.

青山 素子

Quote from: dimspace on June 16, 2013, 11:29:54 AM
So my conclusion is they are not using "human backed" they are using automation which is able to get past ReCaptcha but not past SMF captcha

It should be quite the opposite conclusion. reCAPTCHA is widely used, so it makes sense for there to be many human-backed services that offer ways to "solve" the puzzle. Nearly all the "human-backed" services offer a programable API for it. The built-in SMF one isn't used so much anymore and so detection for it may fall back to plain OCR. This would make success rates for bypassing the built-in solution much lower.

When I say human-backed, I'm not talking about actual people browsing and signing up for an account. There are services available that hire real people to sit in front of a computer and solve image puzzles. These services offer an API that spam software makers can use to send the puzzles only to this service in an automated fashion. Often the cost is a few dollars per 1000 solutions, so it's really cheap. If you're interested in this, I refer you to an old, but still quite good, article by security researcher Dancho Danchev titled Inside India's CAPTCHA Solving Economy.

Honestly, using registration (and post!) questions is a great and effective choice right now, as long as you ask decent enough domain-specific questions and can rely on your visitors all having some experience with a single language. (The multi-language thing is why this community doesn't use this technique.)
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Burke ♞ Knight

#702
Why does reCaptcha disable the Verification Questions ?

Never mind. I see the issue.
The number of questions section reverted to 0 somehow.

damowhite666

Hello!

This plugin is awesome!

Though... I need help with a little something, on the registration page the recaptcha block is on the far left on the page rather than in the middle, how do I fix this?

Thanks! :D

damowhite666


tcrider84

Workaround for verification questions not showing up:

Problem:
reCAPTCHA is set to work as either by itself with no other verification OR replace SMF'S built-in captcha. Unfortunately SMF's built in captcha is tied to its verification questions, so if you select "None" for Visual verification image to display - it hides BOTH the built in SMF captcha AND your questions.

Solution:
Select "Very simple - plain text on image" instead from the Visual Verification drop down. Then type x in "Number of verification questions user must answer", x being how many questions you have. reCAPTCHA will then replace SMF's default captcha, and your questions will show up.

tested with SMF 2.0.8 :D

_sebas_

mystery or problem?

in Firefox and IExplorer recaptcha shows: street numbers

but in Chrome shows: two distorted words

Why?


( runs ok in this 3 browsers,  but,  why the difference ? )

I have forum v 1.1.19

Arantor

That one's purely up to Google, not the mod. Google's the one that creates the images you see.

青山 素子

Quote from: _sebas_ on July 11, 2014, 11:17:06 PM
mystery or problem?

in Firefox and IExplorer recaptcha shows: street numbers

but in Chrome shows: two distorted words

Why?

Google has adjusted reCAPTCHA to display puzzles based on streetview images for users that it feels are less likely to be bots. There's more info from Google over at Google Online Security Blog: Street View and reCAPTCHA technology just got smarter.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


_sebas_

thanks for your quick response

I still do not understand, is that I do the tests from the same machine and the same IP connection ... just changing the browser, and it gives different results.
(In "Chrome", 2 words appear -----    differently from other browsers so I find street numbers)


so I do not see the relation with the level of security, it would be the same
not??
Google seems to do what he wants, changing to their own devices, his criteria


(damn spammers keep coming)

_sebas_



I begin to understand,
two recaptcha words, I now appear in Internet Explorer, having deleted all cookies and browser history

青山 素子

Quote from: _sebas_ on July 12, 2014, 06:47:46 AM
I still do not understand, is that I do the tests from the same machine and the same IP connection ... just changing the browser, and it gives different results.
(In "Chrome", 2 words appear -----    differently from other browsers so I find street numbers)


so I do not see the relation with the level of security, it would be the same
not??
Google seems to do what he wants, changing to their own devices, his criteria

If they told what they looked for, that would give too much away. I believe at the least, being logged into a verified Google Account (one with a valid phone number and other details) helps. Even that may not quite be it, though.


Quote from: _sebas_ on July 12, 2014, 06:47:46 AM
(damn spammers keep coming)

If you want to stop spam, I recommend using multiple systems. While it's good against simple systems, reCAPTCHA is no longer effective against much of the popular sophisticated spamming software out there. I recommend using verification questions if at all possible. They are built into 2.0 and a backport of the feature is available as a modification for SMF 1.1.x. I also recommend using httpBL if you can.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


cieplutki

mod does not work displayed information: Could not open socket




.

青山 素子

As reCAPTCHA is a third-party service, your server must be able to contact the reCAPTCHA server directly. It looks like either you or your hosting company has blocked the function, fsockopen, that is used for this.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Falcyn

#714
Do you have any plans to update this to the No CAPTCHA reCAPTCHA API? First impressions have suggested that it's much more effective.

青山 素子

As soon as I get the time I'll look into it. I just started a new job and am dealing with a sick family member and a sick pet right now.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


portex1

#716
Just installed this mod and now I'm getting "Templat Parse Error!" on registration page only.
I don't know what's wrong. This happens only when I tick "Require verification". Without it - no problem, but no recaptcha too.

_monotiz_

Quote from: mariusfv on April 15, 2011, 05:43:56 AM
1. First bug: If you use recaptcha for new members to be required at first 5 posts and member type wrong a letter will receive the msg: "The letters you typed don't match the letters that were shown in the picture" and give you: Back button link...till here is ok but after you type the back button and type correctly the new recaptcha code(i try with refresh code too) will receive always this error:
You already submitted this post! You might have accidentally double clicked or tried to refresh the page.
I dunno if there is a solution in this topic, anyway, I fixed the Subs-Editor.php file. Must be replace the code:
if(!empty($modSettings['recaptcha_enabled']) && ($modSettings['recaptcha_enabled'] == 1 && !empty($modSettings['recaptcha_public_key']) && !empty($modSettings['recaptcha_private_key'])))
{
if(!empty($_POST["recaptcha_response_field"]) && !empty($_POST["recaptcha_challenge_field"])) //Check the input if this exists, if it doesn't, then the user didn't fill it out.
{
require_once("$sourcedir/recaptchalib.php");

$resp = recaptcha_check_answer($modSettings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], $_REQUEST['recaptcha_challenge_field'], $_REQUEST['recaptcha_response_field']);

if (!$resp->is_valid)
fatal_lang_error('error_wrong_verification_code', false);
}
else
fatal_lang_error('error_wrong_verification_code', false);
}


with:

if(!empty($modSettings['recaptcha_enabled']) && ($modSettings['recaptcha_enabled'] == 1 && !empty($modSettings['recaptcha_public_key']) && !empty($modSettings['recaptcha_private_key'])))
{
if(!empty($_POST["recaptcha_response_field"]) && !empty($_POST["recaptcha_challenge_field"])) //Check the input if this exists, if it doesn't, then the user didn't fill it out.
{
require_once("$sourcedir/recaptchalib.php");

$resp = recaptcha_check_answer($modSettings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], $_REQUEST['recaptcha_challenge_field'], $_REQUEST['recaptcha_response_field']);

if (!$resp->is_valid)
$verification_errors[] = 'wrong_verification_code'; // MonoTiz // fatal_lang_error('error_wrong_verification_code', false);
}
else
$verification_errors[] = 'wrong_verification_code'; // MonoTiz // fatal_lang_error('error_wrong_verification_code', false);
}

tranhiep_116

I have just installed. very helpfull  ;D

Owdy

Former Lead Support Specialist

Tarvitsetko apua SMF foorumisi kanssa? Otan työtehtäviä vastaan, lue:http://www.simplemachines.org/community/index.php?topic=375918.0

Advertisement: