Mod - Verification image at registration

Akyhne · December 13, 2008, 01:33:01 PM

SMF 1.1.7 AND 2.0

Test site: http://captcha17.e-debatten.dk/ (SMF1.1.7)
Test site: http://captcha20.e-debatten.dk/ (SMF2.0)

I'm working on a new mod that works in this way:

When people enter the registration page, 10 avatar images are fetched from the avatar folder. Above these 10 images an image is shown to the registrant. Besides that, only the registration agreement is shown.

The idea is that to see the complete registration page, the registrant must verify the single image by clicking on one of the other ten images shown below.

If the registrant fails on clicking the right image, 10 new images are fetched from the avatar folder. The registrant can fail 2 times. After the third time, the user can no longer register.

The registration page as it is shown to the user the first time it is entered:

After a failed registration attempt, a warning is shown

3 times selected the wrong image, and the registrant is banned.

If there aren't enough avatars (less than 3), the mod defults to some simple images with a number within.

As admin part, the admin has the ability to choose which avatar subfolders he/she wants to use for registration. As standard - and not changeable - the admin cannot select/deselect the "Actors" and the "Musicians" folders.

~~I would like to add the registrant to the ban list, if he/she fails, but it seems it's only possible to ban a IP for a day.~~ Done

Features:
* Show 10 images at first registration. Maybe expanded to btw. 10 and 20 (randomly)
* Each image will be modified in random different ways, like adjusting the contrast of the image
* In admin center, admin can add a commaseparated list of additional folders to use for verification, besides the standard SMF avatar folders
* The registrant is banned 1 hour the first time he fails the test 3 times (can be edited in admin center).
* The registrant is banned 24 hour the second time and on further attempts if he fails the test 3 times (can be edited in admin center).
* Loop - you can set the number of images there should be verified to btw. 1 and 3
* Automatically defaults to simple images with a number within, if there are less than 3 avatars in the forum

Latest release: http://www.simplemachines.org/community/index.php?topic=280188.msg2288647#msg2288647

Akyhne · December 15, 2008, 05:25:08 PM

Another image, this time from the admin center:

The mod is soon ready as a beta. It works this way:

When people click the wrong image, they get yet another set of images to verify. If they fail 3 times, they are automatically banned from registering in one hour.

If they later try to register again, they are banned for 24 hours if they fail 3 times.

I also added a loop, so that people has to verify from 1 to 3 images.

Akyhne · December 15, 2008, 08:47:22 PM

More images. This time from a forum where I installed the package:

A ban has been added to the ban list. The registrant (me) chose the wrong image 3 times.

Edit of the ban: Note that it tells how many attempts there has been done. It also says that the ban will expire in 0 days, but it's really one hour as this was my first hacking attempt. If the registrant tries again after one hour and yet again fails, he will be banned for 24 hours.

.. and a ban trigger is also created:

lax.slash · December 15, 2008, 09:00:35 PM

I'll BETA test this one... looks interesting. I'll be amazed if a bot get's through this one.

Akyhne · December 15, 2008, 09:08:09 PM

I get a few errors in the forum error log, but besides that it seems to work. When I solve those issues, I'll upload a beta.

You can still get past this verification after you have been banned, but when you enter your information in the normal registration page and click "register", you will get the message that you are banned. Just like the normal way people are banned from registering.

Akyhne · December 15, 2008, 09:21:20 PM

lax.slash: I guess it's you who are banned now

And I can see in the DB you have been banned for 3600 seconds

lax.slash · December 15, 2008, 09:26:13 PM

Quote from: akyhne on December 15, 2008, 09:21:20 PM
lax.slash: I guess it's you who are banned now

And I can see in the DB you have been banned for 3600 seconds

Yup! lol. I tried it in FF and IE. Got through on FF, then repeated the test in IE, where I got banned. Looks like this is going to be a great SPAM prevention tool.

Akyhne · December 15, 2008, 09:40:24 PM

I think the flaw about other test like the "are you human" and other captcha tests, don't add people to the ban list. They can just close the browser, open it again and try again until they get through.
This mod prevents people from doing it by banning them. I you are really bothered by hackers, the first hacking attempt can be adjusted from 1-99 hours (or disabled), and further hacking attempts can be adjusted from 1-999 hours (24 as default).

lax.slash · December 16, 2008, 10:30:26 AM

I wonder if there's a mod or something that will ban users after x number of CAPTCHA fails.

Corelogik · December 16, 2008, 03:48:42 PM

I'd be interested in this as well as soon as you release it,.. Ill keep an eye on this thread and look for the release.

Akyhne · December 16, 2008, 04:05:18 PM

You can now test the mod here: http://captcha17.e-debatten.dk/

The server is very slow, so have patience. Just register an account if you like as the forum is just a test forum.

Akyhne · December 19, 2008, 02:09:14 PM

Not a lot of response on this one. Does noone bother trying it out? I even made a V2.0 version.

lax.slash · December 19, 2008, 02:14:23 PM

Where can we download it?

Akyhne · December 19, 2008, 02:17:13 PM

No where. I would like people to try it on the link I gave you so that I can test wether banning is working and to see if i get any errors.
But you can get an early beta if you like.

lax.slash · December 19, 2008, 02:26:37 PM

Oh..... okay! I misunderstood. But where do we test SMF 2?

EDIT: I should be banned on 1.1.x. Just tried it.

Akyhne · December 19, 2008, 02:40:32 PM

http://captcha20.e-debatten.dk

Akyhne · December 19, 2008, 02:41:27 PM

Quote from: lax.slash on December 19, 2008, 02:26:37 PM
Oh..... okay! I misunderstood. But where do we test SMF 2?

EDIT: I should be banned on 1.1.x. Just tried it.

Yeah, I can see you are banned 2 times on the 1.1.7 forum.

Akyhne · December 19, 2008, 02:43:30 PM

A beta 2 version of the mod. Works for both 1.1.7 and 2.0 beta 4

There's one thing I still have to work on: What happens if there are no images.

Akyhne · December 19, 2008, 03:13:28 PM

In SMF 1.1.7 the settings for the mod are in "Registration" -> "Settings"

In SMF 2.0 the settings for the mod are in "Security and Moderation" -> "Anti-spam"

Akyhne · December 20, 2008, 01:10:22 PM

Maybe people are to busy with christmas.. maybe my mod isn't working

No one has been banned in my two test forums http://captcha17.e-debatten.dk (1.1.7) and http://captcha20.e-debatten.dk (SMF 2.0 beta 4).

PLEASE take a moment and try it out: If you end up on the regular registration page because you clicked the right images, you will have to close your browser and then try again. When you are banned, you end up with this message on the screen:
"Unfortunately it seems you are not capable to verify the image verification. We have the feeling you are not a human, but a spambot trying to register in our forum. If this is not the case, we are sorry to bother you. You will have to come back later and try again."

If you do, you should be banned. Then please post here that you were banned and I will confirm it.

Please...

News:

Mod - Verification image at registration