Captcha (Visual Confirmation) for comments/registration/reporting/login/ecard - Page 23 Captcha (Visual Confirmation) for comments/registration/reporting/login/ecard - Page 23
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Captcha (Visual Confirmation) for comments/registration/reporting/login/ecard

Started by Sami, September 17, 2006, 07:04:22 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

padysan


MELeBlanc

Interesting "quirk" I just found while installing this plug in.

I first made sure I met all the reqs and installed the plug in according to the installation instructions.

At the beginning I had the issue of it not showing up on the registration page but after searching the thread I found the work around.

At that point the plug in was displaying the infamous broken image.. so I searched on that one and saw that there were some conflicts with other plug ins.  The only other one I had installed was Wirewolf's contact plug in (I have the older non captcha one installed).  I went to remove the plug in to test if that fixed it and found that somehow or another I was logged out.  So now I am stuck.. but looking again I see where it is explained how to manually remove the plug in so you can log in once again.  Follow the instructions and am able to log in fine.  Go back into the plug ins manager and uninstall the contact us plug in and reinstall the captcha plug in.

Captcha plug in now is working flawlessly... but unfortunately I lost the functionality of the contact us plug in  :-[

Now here is the odd part... When I had the contact us plug in installed I had gone ahead and created a custom link on the page template to jump to the contact form.  This, of course, is still showing since the plug in manager cannot uninstall what it doesn't know about.  Before going into the template and removing the code, I click the link to see what kind of error it throws and it takes me to the contact form... hmmmmm.. so I put in a test message, send it off, and it works without a hitch!  So now I can have both plug ins running (although one is marked as not being installed).. the only thing I lose is the automatic insertion of the "Contact Us" button in the menu.

Anyone else run into this?

- Michael

artefatta

Installed this plugin for cause of chinese bots, and now I can't login!

On login page In FF I can't see any captcha image, in IE bloken link image. I modified codebase.php as indicated by Sami here: http://forum.coppermine-gallery.net/index.php/topic,36319.msg225008.html#msg225008 , but it's the same.

How can I solve this? Please help.

www.artefatta.biz

Sami

@MELeBlanc
This is a known issue (you can't have both plugin at the same time yet!) , contact us plugin needs some modification , maybe in near future .... ;)

@artefatta
You missed 3rd installation step
Quote3.Copy captcha.php to gallery root
‍I don't answer to PM with support question
Please post your issue to related board


MELeBlanc

Quote from: Sami on March 20, 2008, 05:05:17 PM
@MELeBlanc
This is a known issue (you can't have both plugin at the same time yet!) , contact us plugin needs some modification , maybe in near future .... ;)

I understand that... what I was trying to point out in my post was that eventhough you disable the "contact us" plugin, it still works! So it is possible (with a little tweak) to have both running at the same time!   ;D

cherish

I have followed all the directions to load the captcha plugin and it is working beautifully on all my pages except for the register page.

I can tell it not to use captcha for this page and that is fine. However, when I specify that all the users (Administrators,Registered,Guests) SHOULD see captcha (by removing them from ' '), it does not work properly. There is no image that shows up for me to look at in order to type in the letters, so naturally no one can register to use the gallery, which is the point. However, it is not keeping the malicious bots out of my inbox either.

any ideas?

the link is http://allianceofillustrators.org/portfolios/register.php

thanks -cherish

Sami

‍I don't answer to PM with support question
Please post your issue to related board

mikon

Hello,
the captcha version 3.0 would be hacked from somebody.

Because since last night i got more new registration from spamming/advertising peoples.

Is there one update out there?

Many thanks for all helping answers!

Sami

- Link to your gallery please
- How many user did they register per hour ?
   if it was a robot registration then it should be more than 1000
keep in mind that captcha only prevent robots to register not the humans
‍I don't answer to PM with support question
Please post your issue to related board

mpyusko

Quote from: mikon on March 25, 2008, 04:41:52 PM
Hello,
the captcha version 3.0 would be hacked from somebody.

Because since last night i got more new registration from spamming/advertising peoples.

Is there one update out there?

Many thanks for all helping answers!
same problem....
I have had 10 new spam registrations in the past 3 days.
http://www. y u s k o n e t ..com (no spaces)

MELeBlanc


I too have noticed that I've had an increase in spam accounts being created on my gallery.... I added another font to the array in the captcha.php file and it appears (though I cannot be 100% positive) that this may have deterred them a bit.  Only issue is that you have to be really careful which fonts you add since some of them are completely illegible when displayed through captcha.

- M

Joachim Müller

There are rumours that spammers managed to break captcha using OCR, so you might have a point here to use another font. After all, this is a war between website owners and spammers - as much as we're striving to develop anti-spam mechanisms, they are trying to circumvent those methods.
Let me quote part of the discussion on the dev-only board for cpg1.5.x that is meant to illustrate that the dev team is aware of captcha not being the final method to get rid of spam permanently:
Quote from: Hein Traag on February 27, 2008, 03:50:52 PM
I just finished reading this : http://blogs.iss.net/archive/CAPTCHA.html.

Since 1.5 offers captcha as a option under the comments settings in config i thought of coppermine when reading that article.
[...]

Should we be looking for a other way for users to safeguard comment posting or is it safe to continue using captcha ?
Quote from: Joachim Müller on February 27, 2008, 05:26:18 PM
It was only a question of time untill spammers where able to defeat captcha imo - I have anticipated that they would be able to compromise captchas sooner or later. The key in the article you refered to is this sentence:
QuotePersonally, I don't think it's really worth strengthening the algorithms used to create more complex CAPTCHA's – instead, just deploy them as a small "speed-bump" to stop the script-kiddies and their unsophisticated automated attack tools. CAPACHA's aren't the right tool for stopping today's commercially minded attackers.
This being said, consider captchas not as method that will stop spamming once and for all - it will just slow down the number of spam attacks by keeping the script kidies away (at least for a while).
That's why I have introduced comment moderation as well into cpg1.5.x. We might even consider adding the akismet mod into the core. Not because those methods will deliver the final blow to spammers - I agree to the author of the article that this fight has already been lost, but because it will allow our end users to achieve less spam comments.
Bottom line: captcha is not dead (yet), but it's certainly a valid idea to consider other technologies of spam prevention than captcha.
[...]
Quote from: Joachim Müller on February 28, 2008, 10:38:32 AM
I have added some explanation to the comments section of the docs to clarify our concerns

inferion

Hi all,

After upgrading from version 1.4.14 to 1.4.16, the captcha plugin isn't working correctly.
When I try to register, nothing is shown, but I get an error that the code isn't correct.
When the plugin is configured to pop up at the login page, it works correctly.

Config hasn't changed, only upgraded coppermine.
What am I doing wrong?


Thnx.

Sami

‍I don't answer to PM with support question
Please post your issue to related board

inferion


mpyusko

Is there an update for Captcha?  I see elsewhere it has audio challenges, etc.  I know My gredit union uses pictures.  Maybe we could do a rotating image (of say a boat for example)  then select one of 4 options ( boat, car, plane, mouse).

AlexL


Joachim Müller


onuzu

#459
Quote from: Sami on September 25, 2007, 02:54:49 PM
It's strange I can't see any issue here !
preg_match can't see the expression (Line #82 $exper) on your register.php output , but when I check I can see it
BTW try this :
change this (Line #82)

$exper = '(<td colspan="2" align="center" class="tablef">.*
                 .*<input type="submit" name="submit" value="' . $lang_register_php['submit'] . '" class="button" />.*
             .*</td>)';

to this

$exper = '(<td.*>.*\n.*<input type="submit" name="submit".*\n.*</td>)';


Update: changed new exper



I can't find the above lines on my register.php and I'm using the latest coppermine. My problem is that I can't get the captcha to work. No image shows on the registration page, only a text input box but no image so that visitors can see what to type in the text box. I had to uninstal it before posting this so that people can be able to register while I look for help. My gallery is at http://lurrenzinc.com/photos *NSFW*