Captcha is too easily hacked. Recaptcha instead?

[jayh]

Script URL: mboard.php
Version of script: 1.3
Hosting company: hostmonster.com
URL of phpinfo.php: http://www.monocacyboard.org/mboard/phpinfo.php
URL of session_test.php: http://www.monocacyboard.org/mboard/session_test.php
What terms did you try when SEARCHING for a solution: recaptcha

Write your message below:
Looks like some script kiddies have got an easy hack for captcha and a botnet to use it with. Has anyone implemented recaptcha in place of the captcha? Any help would be appreciated or else I need to get up to speed on php and figure out how to replace the captcha functionality with recaptcha. I can probably figure it out in a few days but if anyone's done it already I'd love to save the time.

Thanks,
Jay

[Klemen]

Yes, the script is indeed due for an updated. Has been for a long time to be honest.

If you're familiar with PHP adding reCaptcha shouldn't be that hard, just use the library Google provides:
https://developers.google.com/recaptcha/docs/php

One simple trick you can try instead is switching background and text colors, for example in secimg.inc.php change

Code: Select all

            $background_color = imagecolorallocate($im, 255, 255, 255);
            $text_color = imagecolorallocate($im, 0, 0, 0);

to

Code: Select all

            $text_color = imagecolorallocate($im, 255, 255, 255);
            $background_color = imagecolorallocate($im, 0, 0, 0);

[BillyJean]

Yes, the script is indeed due for an updated. Has been for a long time to be honest.

If you're familiar with PHP adding reCaptcha shouldn't be that hard, just use the library Google provides:
https://developers.google.com/recaptcha/docs/php

One simple trick you can try instead is switching background and text colors, for example in secimg.inc.php change

Code: Select all

            $background_color = imagecolorallocate($im, 255, 255, 255);
            $text_color = imagecolorallocate($im, 0, 0, 0);

to

Code: Select all

            $text_color = imagecolorallocate($im, 255, 255, 255);
            $background_color = imagecolorallocate($im, 0, 0, 0);

My site is under heavy attack from spambots. This method above did not work for me, the security box becomes blank. I would really like to try the method of using googles recaptcha. Has anyone successfully added this yet? If so how to do it please? Which files would get modified and/or where would the changes be made? Thank you,
Billy

[Klemen]

I'm not aware of reCaptcha being integrated yet.

However, did you modify both lines exactly as shown in the suggested code? Should work 100%.

If you only get a white image on of the lines probably isn't modified correctly.

[BillyJean]

I'm not aware of reCaptcha being integrated yet.

However, did you modify both lines exactly as shown in the suggested code? Should work 100%.

If you only get a white image on of the lines probably isn't modified correctly.

Yes i did, i cut and paste what is shown. I am guessing that maybe i have a background color in my webpage the nulls the change. I think is from using phpinclude or iframe to bring in message board to the page, i forget which one i used and not that it matters but i would rather not change my backgrounds if this is what is happening.

[Klemen]

What your website settings are has no effect on colors you set in the "secimg.inc.php" file.

[BillyJean]

Ooops, my mistake. i left a bit of code in the file. I then tested again and see the black background white letters (its working) but immediately started filling with spambot garbage. So i just pulled msg board off line for now. In the last three weeks i have had to delete close to 300 bot postings. There has got to be a better solution. I have seen a mathematical equation box that i was looking to add but not sure i can add it either as my code ability is limited. Any help would be greatly appreciated.
Thanks - Billy

[Klemen]

See this: viewtopic.php?f=8&t=4596

[BillyJean]

Excellent! I will try it.

[BillyJean]

Now that we have the recaptcha mod in place and it works pretty well but i am not convinced its working 100%. still seeing about 5 to 10 posts a day of what appears to be botnet spam. Is it a real human doing this or are the botnets that smart? Could they be using a back door entry? I'm not sure... I was wondering if this might help, to have a question/challenge added to the pre- post message along side the recaptcha? I have seen some that are math quizzes and others that are kind of like the PHPBB signup where it asks the question "are you human" but this should be a random Q&A that always changes. Like i said though Recaptcha has helped allot, for a while there i was seeing about 20 - 30 bot posts a day. Thanks Klemen

[Klemen]

I'll see if I can come up with a complete update of MBoard over the summer and include anti-spam question functionality as well.

[BillyJean]

That would be cool, thanks.

[jayceegee]

Hello Klemen,

Checking the message board, found the number of spams had risen to 1643, due to not receiving any emails, which now appears to be solved after adding recaptcha.
Having uploading recaptcha, I am now only getting the occasional spam (1 item), so they must be doing it by hand.
If you update the script, could you add a similar facility as in the guestbook, that messages have to be approved before they can added.
Many thanks,
Jim.

[Klemen]

Will add it on my "to do" list, but can't give any promises when...