MyBB Community Forums

Full Version: standard captcha insufficient protection agains spam
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
In the course of the time that a forum is running, more and more spam registrations occurred, as well as unregistered spam posts.

I didn't want to activate reCaptcha, because it requires google-registration.
Some of the plugins that provide alternate methods do not cover all four captcha usages in the bb system. So I went on to make some small changes, and it works like a charm! Since a week there are no spam registrations and posts at all.

I entered a fixed string like "35+12=" into the graph (captcha.php, $imagestring). Correspondingly, I changed the validity test into validate_captcha() as follows:
$query = $db->simple_select("captcha", "*", "imagehash = '{$imagehash}' AND '47' = '{$imagestring}'");

And the accompaniment comments with each occurence of the captcha's is modified, so that the user knows that he has to enter the sum of the two numbers presented.
Thank you for this. I'm learning here and there since I know I will need all this knowledge in my forum if it does and hopefully gets a lot of activity.
You may want to take a look at one of the plugins requiring questions on sign up.

If you hard-code the two numbers, then it is easy to program a bot to go against your site.
And, as I already said: plugins may only support the captcha on registration level, but not on the guest posting level, e.g. .

Before the modifications, I finally got over 10 spam registrations a day, and some guest posts (mostly using a poster's name). The numbers increased gradually, despite blocking IP groups.
When the hard coding works well, I don't see a reason to change it. PHP-experts are encouraged to make it using random numbers. If you look at a german blog like , you'll find that they don't use a graphic captcha, but a simple math excercise. As long as I'm contributing here (approx. 2 years), they didn't alter the math excercise. It seems not necessary to do so...
(2014-04-15, 07:46 PM)rjmaris Wrote: [ -> ]Well, I'm also a "Laie" (unexperienced) in PHP matters

Laie doesn't refer to an expertise level. On Slashdot, one user has a signature that says that speaking Latin is a lot like juggling while riding a unicycle: it's quite impressive when done correctly. Laie is not an English word. As written, it means lawyer, but that's just because I didn't include the `okina and kahako because most browsers don't like these letters. As I have been programming professionally since 2000 (and as a hobby since 1985), I take some offense to you assuming my handle means 'unexperienced techie' (btw, the the word you were looking for is inexperienced).

I agree that the various CAPTCHA plugins should have settings for more actions than just registering. At a minimum, it should be possible to enable it for creating threads, replying to threads, or creating events based on user group.
- this post can be deleted by an admin, because it is off-topic -
Note: laie_techie could shorten/delete responses, too.
(2014-04-15, 09:22 PM)rjmaris Wrote: [ -> ]Laie? Sorry - was not thought as an offense. I suggested that you're german, because Laie is german for layperson. I see your profile now - USA.

I had no idea that there was a German word laie. Just another example of a false cognate, then. I also thought a tiki and lavalava in my avatar would conjure up images of Hawaii Nei.

Alas, I only speak Pidgin, American English, Spanish, and Brazilian Portuguese. There's too many languages out there to recognize them all.
(2014-04-13, 07:07 PM)rjmaris Wrote: [ -> ]I entered a fixed string like "35+12=" into the graph (captcha.php, $imagestring).

Excuse me in advance for being dense. I can't figure out how/where you added the "35+12=" text. Could you explain/show the code please.

(2014-04-13, 07:07 PM)rjmaris Wrote: [ -> ]And the accompaniment comments with each occurence of the captcha's is modified, so that the user knows that he has to enter the sum of the two numbers presented.

And I'm not sure that the above makes sense yet but maybe I don't have to worry about that?
	$imagestring = $regimage['imagestring'];   // former code
	$imagestring = '35+12=';
in captcha.php

The accompaniment text to the captcha instances is in newthread.lang.php, newreply.lang.php, showthread.lang.php and member.lang.php. Array element: 'verification_note'.