1 (edited by sirena 2007-05-27 16:37)

Topic: Simple Antispambot-code Mod v0.8

This should work - let us know if it does or not, or if I have missed something important.

It is based on the timezone anti-spam mod of Iota, only slightly tweaked, and the 'VIP code' idea used in some mods for other forum packages.

It is very simple mainly because I don't know enough about PHP or punBB to make it complex smile

##
##
##        Mod title:  Simple Antispambot-code Mod  
##
##      Mod version:  0.8 
##   Works on PunBB:  1.2.15 
##     Release date:  28 May 2007 
##           Author:  sirena (on http://punbb.org/forums)
##
##      Description:  This is a *very* simple mod to help prevent forum 
##                    spambots from registering on a punBB forum. 
##
##       Affects DB:  No 
##
##   Affected files:  register.php 
##
##            Notes:  This mod simply adds an extra free-text form field into 
##                    the registration page for punBB (register.php) that 
##                    prospective users need to complete, and which the forum 
##                    administrator can easily customize. 
##                    
##                    Forum administrators can specify any sort of question 
##                    and the required (numeric or text) response.  
##                    
##                    Administrators are encouraged to: 
##                    (a) customize the question posed by this mod to suit their needs, and 
##                    (b) change their question periodically. 
##                    
##                    The more variation there is in the deployment of this mod, the more 
##                    effective it will be, particularly against automated spambots. 
##                    
##                    Questions can be simple - like "What year did Columbus discover America?"
##                     - or perhaps more complicated - like "What is the sum of 1000+100". 
##                    
##                    Questions may even be very specific if you are confident that the 
##                    people who you want to join your forum should know the answer. 
##                    
##                    For example if you have a forum about the Beatles the question may be 
##                    "What year did the Beatles break up?"  
##                    
##                    Or if you have a forum about Beverly Hills Calif., a good question may be 
##                    "What is the postcode of Beverly Hills?"  Etc. 
##                    
##                    Specific questions such as these will help prevent automated registrations 
##                    and may even cause difficulties for some human spammers too, 
##                    if local or esoteric knowledge is required.
##                    
##                    Questions may also be framed to require some exploration of the site. 
##                    Eg "Please enter the 4 digit VIP code visible at the top of the Support page". 
##                    
##                    This sort of question will block automated bots and slow down 
##                    and perhaps even deter human spammers too. 
##                    
##
##     Generated By:  Auto Read-Me(by Caleb Champlin) - http://www.rscheatnet.com/Auto_Readme.zip
##
##       DISCLAIMER:  Please note that 'mods' are not officially supported by
##                    PunBB. Installation of this modification is done at your
##                    own risk. Backup your forum database and any and all
##                    applicable files before proceeding.
##
#
#---------[ 1. OPEN ]---------------------------------------------------
#

/YOURPUNBBFORUM/register.php

#
#---------[ 2. FIND (line:186) ]---------------------------------------------------
#
    $timezone = round($_POST['timezone'], 1);
#
#---------[ 3. BEFORE, ADD ]---------------------------------------------------
#
 // anti-spam code variable checked here. Customize to suit your needs.
 if ($_POST['spamcode'] <> "1492") 
  message('Please enter the correct 4 digit code for the year Columbus discovered America.');

#
#---------[ 4. FIND (lines: 305-309) ]---------------------------------------------------
#
<div class="inform">
<fieldset>
<legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend>

#
#---------[ 5. BEFORE, ADD ]---------------------------------------------------
#

<div class="inform">
<fieldset>
<legend>Spambot prevention</legend>
<div class="infldset">
<p>Please enter the year in which Columbus discovered America in the box below.</p>
<p><b>Hint:</b> <i>In XXXX, Columbus sailed the ocean blue...</i></p>
<div class="rbox">
<input type="text" name="spamcode" size="4" maxlength="4" /><br />
</div>
</div>
</fieldset>
</div>

#
#---------[ 6. SAVE/UPLOAD ]---------------------------------------------------
#

/YOURPUNBBFORUM/register.php

On punres at:
http://www.punres.org/viewtopic.php?id=3439

Re: Simple Antispambot-code Mod v0.8

Just installed, works nicely.

Re: Simple Antispambot-code Mod v0.8

Good to hear it works.

Pls consider changing the default 'Columbus' test though if you go live with it.

If an antibot mod is on punbb or punres, the bot/script authors will find out about it pretty quickly, and the default test then won't be much good for long.

Re: Simple Antispambot-code Mod v0.8

The whole idea is to change the default question. I am pretty sure it mentions this in the readme.

5

Re: Simple Antispambot-code Mod v0.8

I was thinking about how to make this mod so that there would be a few random questions.

This method would allow the person to enter any of the correct answers possible, but the user doesn't need to know that is possible tongue

I have not tested this. Just an idea.

-------------------------------
$answer = $_POST['spamcode'];

switch ($answer){
    case "1492":
        $spamcodecorrect = 1;
        break;    
    case "PunBB":
        $spamcodecorrect = 1;
        break;    
    case "Google":
        $spamcodecorrect = 1;
        break;    
    default:
        $spamcodecorrect = 0;
        break;         
}

 if ($spamcodecorrect <> "1") 
  message('Please enter the correct answer.');

------------------------------


<div class="inform">
<fieldset>
<legend>Spambot prevention</legend>
<div class="infldset">
<p>

<?php

$random = (rand()%3);
$random = $random + 1;

$question1 = <<<QUESTION1
Please enter the year in which Columbus discovered America in the box below.</p>
<p><b>Hint:</b> <i>In XXXX, Columbus sailed the ocean blue...</i></p>
QUESTION1;

$question2 = <<<QUESTION2
Please enter the name of a great forum script.</p>
<p><b>Hint:</b> <i>You are using it...</i></p>
QUESTION2;

$question3 = <<<QUESTION3
Please enter the name of a great search engine.</p>
<p><b>Hint:</b> <i>It may be your homepage...</i></p>
QUESTION3;


switch ($random){
    case "1":
        echo $question1;
        break;

    case "2":
        echo $question1;
        break;

    case "3":
        echo $question1;
        break;
}

?>

<div class="rbox">
<input type="text" name="spamcode" size="4" maxlength="4" /><br />
</div>
</div>
</fieldset>
</div>

6

Re: Simple Antispambot-code Mod v0.8

pkeod wrote:

I was thinking about how to make this mod so that there would be a few random questions.

I think sirena already has a multiple question/answer version of the mod in the pipeline. Might be worthwhile asking her to release it if it's stable?

Re: Simple Antispambot-code Mod v0.8

Hi MattF.

That update I was planning isn't ready yet. I'm currently bogged down with tweaking the Calendar mod code smile

Pls feel free to post up your excellent code in the meantime. I think pkeod will find it of interest - great minds think alike etc...

It's always good to get some extra input into cooking up ways of improving the mod.

Re: Simple Antispambot-code Mod v0.8

a bit too easy to break. If a user would hapen insert the previous value inserted in the banner he/she would quickly find that weakness, also we are talking about it in here where everybody can read us.

But, yes, a non visual captcha is in my opinion a beter idea then a visual one.

There is also a akismet module which works cool for me.

9

Re: Simple Antispambot-code Mod v0.8

sirena wrote:

That update I was planning isn't ready yet. I'm currently bogged down with tweaking the Calendar mod code smile

big_smile big_smile It keeping you busy then? big_smile big_smile

Have you had chance to check that multiple question/answer code in operation yet? It's only had minimal testing here. big_smile I'll get a version of it put together. Do you want me to post it up in this thread?

10

Re: Simple Antispambot-code Mod v0.8

MattF wrote:

Have you had chance to check that multiple question/answer code in operation yet? It's only had minimal testing here. big_smile I'll get a version of it put together. Do you want me to post it up in this thread?

Yes, pls post it up. I put it into my test punbb and it worked OK, but took it out again as I was trying something else with the mod, so I have nothing to post up that would be better than what's already up here.

Sorry!

11

Re: Simple Antispambot-code Mod v0.8

If you want the code to only work with one answer then when you use the random code, just have it create a hidden field to submit. Then, when the hidden field is submitted (1,2, or 3), just check that the answer and hidden field number are the same tongue Once again, easy for anyone experienced to spot... but if you did it that way at least people would not be able to give any answer.

12

Re: Simple Antispambot-code Mod v0.8

Right. I'll get this posted up before I forget again. big_smile Big thanks to Smarty's for the guidance he provided on this. smile smile


*** Remember to make a backup of your root register.php file before you start ***



First, create a file 'include/user/register.php' and enter the following in that file:

<?php

$register_failed = 'The answer you supplied was incorrect. Please try again.';

session_start();
if (!isset($_SESSION['answer']) || $_SESSION['answer'] == '')
{

$number = rand(1, 4); // Alter the second number to match the number of questions.

//---Questions array---//

$questions = array(

'q1' => 'One plus three equals?',
'q2' => 'Two plus four equals?',
'q3' => 'Eight plus eight equals?',
'q4' => 'Three times three equals?'

);

//-----Hints array-----//

$hints = array(

'h1' => 'One less than five',
'h2' => 'One more than five',
'h3' => 'Just under seventeen',
'h4' => 'One shy of ten'

);

//----Answers array----//

$answers = array(

'a1' => 'Four',
'a2' => 'Six',
'a3' => 'Sixteen',
'a4' => 'Nine'

);

$_SESSION['hint'] = $hints[h.$number];
$_SESSION['answer'] = $answers[a.$number];
$_SESSION['question'] = $questions[q.$number];

}

?>

The questions/hints/answers are in numeric matching order. I.e: q1 = question, h1 = hint for q1, a1 = answer for q1. The ones in the code above are merely for demonstartion purposes. Alter to your specific requirements. If you wish to add any more questions, just increment the number by 1 for each additional set. I.e: the next triple would be q5, h5 and a5. Also, make sure to alter the second number on this line to match the amount of questions you have defined:

$number = rand(1, 4);

So if you have ten questions/answers, the 4 would need changing to 10.

In the register.php file in the root forum directory, find this bit near the top of the file:

if ($pun_config['o_regs_allow'] == '0')
{
        require_once PUN_ROOT.'header.php';
        message($lang_register['No new regs']);
}

and add after that section this line:

require_once PUN_ROOT.'include/user/register.php';

This is the next section of code that needs adding in the root register.php file. Add in the same place as in the instructions for the original mod. The bits between the //----// need adding. I've included existing code above/below for reference, just incase it's slightly different.

        else
        {
                $language = $pun_config['o_default_lang'];
        }

//------------------------------------------------//

                if (isset ($_POST['spamcode']) && $_POST['spamcode'] != '' && $_POST['spamcode'] == $_SESSION['answer'])
                {
                        session_unset();
                        session_destroy();
                }
                else
                {
                        session_unset();
                        session_destroy();
                        message("$register_failed");
                }
        
//------------------------------------------------//

        $timezone = round($_POST['timezone'], 1);
        $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1';

This is the final section in the root register.php file. Again, layout as above, and goes in the same spot, (I believe), as the original code:

                                                <input type="text" name="req_email2" size="50" maxlength="50" /><br /></label>
<?php endif; ?>                                 </div>
                                </fieldset>
                        </div>

//----------------------------------------------------//

                        <div class="inform">
                                <fieldset>
                                <legend>Spambot prevention question</legend>
                                        <div class="infldset">
                                                <p><b>Question:</b> <?php echo $_SESSION['question']; ?></p>
                                                <p><b>Hint:</b> <?php echo $_SESSION['hint']; ?></p>
                                                <input method="post" type="text" name="spamcode" size="10" maxlength="10"/><br/>
                                        </div>
                                </fieldset>
                        </div>

//----------------------------------------------------//

                        <div class="inform">
                                <fieldset>
                                        <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend>

Again, it's just the section between the //----// lines which needs adding. (Don't include the //----// lines when you copy it). Code above and below those lines is for reference only.


Matt

13

Re: Simple Antispambot-code Mod v0.8

There is a slight accessibility glitch with that. The question and hint need to be in one <label> tag which is linked to the input otherwise a screenreader user browsing in forms mode will never hear the question.

14

Re: Simple Antispambot-code Mod v0.8

Paul wrote:

There is a slight accessibility glitch with that. The question and hint need to be in one <label> tag which is linked to the input otherwise a screenreader user browsing in forms mode will never hear the question.

Cheers for the pointer. smile I'm not familiar with the screen readers, so I'd never contemplated that scenario. What would be the layout required to comply with those requirements? Would changing that section to:

<label>
<p><b>Question:</b> <?php echo $_SESSION['question']; ?></p>
<p><b>Hint:</b> <?php echo $_SESSION['hint']; ?></p>
</label>

make it usable, or is there a different layout required within label tags?


Thanks,

Matt

15

Re: Simple Antispambot-code Mod v0.8

Just as an update for the <label> bit, the code in register.php needs to be:

                        <div class="inform">
                                <fieldset>
                                <legend>Spambot prevention question</legend>
                                        <div class="infldset">
                                                <label>
                                                <b>Question:</b> <?php echo $_SESSION['question']; ?><br/>
                                                <b>Hint:</b> <?php echo $_SESSION['hint']; ?><br/>
                                                <input type="text" name="spamcode" size="10" maxlength="10"/>
                                                <br/></label>
                                        </div>
                                </fieldset>
                        </div>

Re: Simple Antispambot-code Mod v0.8

Hey Im using this Mod and its worked great. I have one question though. How do I make it so that it accepts uppercase and lowercase because it would work with uppercase, for example if I put password, it would work, but not if I put Password. How can I make it so that it accepts either,
Thanks

17

Re: Simple Antispambot-code Mod v0.8

Hmm. Not sure how to do that in PHP.

Easy (non-PHP) way: tell users in the hint (eg 'lowercase only') how to enter the code. Or just user numeric codes.

Maybe a PHP guru will be able to assist in allowing different alpha case for the 1st character of the code..

But the downside of this approach is that it weakens your anti-spambot code. PunBB passwords for example are case-sensitive, for good reasons I guess.

18

Re: Simple Antispambot-code Mod v0.8

Change this line:

if (isset ($_POST['spamcode']) && $_POST['spamcode'] != '' && $_POST['spamcode'] == $_SESSION['answer'])

to:

if (isset ($_POST['spamcode']) && $_POST['spamcode'] != '' && strtolower($_POST['spamcode']) == strtolower($_SESSION['answer']))

19

Re: Simple Antispambot-code Mod v0.8

Thanks MattF. That seems a good solution.

I guess the strtolower won't affect handling of numeric codes?

NB: from a quick look at the PHP manual, if you use the function above, and the returned code needs to be in a non-ASCII character set (eg Chinese, Arabic etc), strtolower may not work reliably.

20

Re: Simple Antispambot-code Mod v0.8

Numbers are caseless. big_smile

It does what is required. If, (and I know not the exact answer to your second statement), there is a problem with certain characters sets, (although I can't see how), then there are numerous other places where PunBB would fall on it's arse for using the same function. big_smile

21

Re: Simple Antispambot-code Mod v0.8

MattF wrote:

Numbers are caseless. big_smile

Cool. But it never pays to check. Programming languages often have idiosyncratic rules about number formats, data structures etc.

... If, (and I know not the exact answer to your second statement), there is a problem with certain characters sets, (although I can't see how), then there are numerous other places where PunBB would fall on it's arse for using the same function. big_smile

Aha.

I just based my observation on some of the comments on the function from non-ASCII users visible at:
http://docs.php.net/manual/en/function.strtolower.php

The comments seem to indicate possible issues with Polish, Slovenian, Croation, Cyrillic, Chinese etc. Anyway, I know it will work for me at least with my language setup:)

But for others it's worth at least testing it out to see if it will work in your preferred language before you deploy it.

22

Re: Simple Antispambot-code Mod v0.8

I used this on a board that I just setup and it works great.

I did however make a slight modification to have the user just enter text instead of having question asked (some forum members complained about having to google the answers.  lazy folks.. )

Re: Simple Antispambot-code Mod v0.8

Hey, I posted a while ago about 7 posts up asking how to allow the answer to be in uppercase or lowercase. I am using the original  antispam mod posted by sirena at the start of this thread and not the modified one by MattF. Does anyone know how to allow uppercase and lowercase as the answer in the original mod?
Any help would be appreciated,
Thanks

24

Re: Simple Antispambot-code Mod v0.8

Change this:

// anti-spam code variable checked here. Customize to suit your needs.
if ($_POST['spamcode'] <> "1492") 
  message('Please enter the correct 4 digit code for the year Columbus discovered America.');

to this:

// anti-spam code variable checked here. Customize to suit your needs.
if (!isset($_POST['spamcode']) || $_POST['spamcode'] == '' || strtolower($_POST['spamcode']) != strtolower(1492))
{ 
      message('Please enter the correct 4 digit code for the year Columbus discovered America.');
}

Obviously, replace 1492 with whichever answer you're using. smile

25

Re: Simple Antispambot-code Mod v0.8

Thanks for that info MattF - as usual you are super-helpful and on-the-ball. smile