www.webdeveloper.com

View Poll Results: How many spam submissions does your directory receive per week?

Voters
2. You may not vote on this poll
  • 0 to 50

    0 0%
  • 51 to 100

    0 0%
  • 101 to 200

    1 50.00%
  • 201 to 300

    0 0%
  • 301 to 400

    0 0%
  • 401 to 500

    1 50.00%
  • 501 to 600

    0 0%
  • 601 to 700

    0 0%
  • 701 to 800

    0 0%
  • 801+

    0 0%
Results 1 to 10 of 10

Thread: How do I install a captcha system?

  1. #1
    Join Date
    Apr 2010
    Location
    Aotearoa
    Posts
    10

    Exclamation How do I install a captcha system?

    Hi everyone,

    I am enjoying managing website submissions to my web directory at www.sfilinkdirectory.info, however the annoying thing is that around 75% of submissions I receive are spam - about sites promoting things like viagra, cialis, you get the picture... I want to be able to somehow put a system on the submission form where I can reduce the amount of spam submissions. I know captchas can be cracked but most of the time they do work. My php and javascript knowledge is very limited, and the last time I tried implementing a captcha system on a submission form the php code came up with all sorts of errors, and I had to reload the whole site from a backup and upload from a database backup to fix it.

    If anyone can give me exact step by step instructions with examples of script at each step, that would be very much appreciated .

  2. #2
    Join Date
    Mar 2010
    Posts
    2,803
    Maybe have a look at using the free reCaptcha at:

    http://recaptcha.net/

    I used their captcha system before I built my own.

    Imo reCaptcha is one of the better ones. It's free to download and their instructions on how to integrate it into your website are very good. It's fairly straight forward if you know some basic html and php.

    The only thing I didn't like, but it might have changed by now, was that you couldn't customise the captcha test's appearance much at all.

  3. #3
    Join Date
    Apr 2010
    Location
    Aotearoa
    Posts
    10
    Quote Originally Posted by tirna View Post
    Maybe have a look at using the free reCaptcha at:

    http://recaptcha.net/

    I used their captcha system before I built my own.

    Imo reCaptcha is one of the better ones. It's free to download and their instructions on how to integrate it into your website are very good. It's fairly straight forward if you know some basic html and php.

    The only thing I didn't like, but it might have changed by now, was that you couldn't customise the captcha test's appearance much at all.
    Thanks for this Tirna, will look into it now . If I have trouble with it I'll let you know on this thread. Thanks again

  4. #4
    Join Date
    Apr 2010
    Location
    Aotearoa
    Posts
    10

    Exclamation Problems with captcha!!!!

    Quote Originally Posted by sfidirectory View Post
    Thanks for this Tirna, will look into it now . If I have trouble with it I'll let you know on this thread. Thanks again
    Hi again,

    I tried putting the captcha code into the link submission page but it won't work. I tried 3 times to try and get it working but since my php knowledge is currently limited I would rather come back for help than make a catastrophic mistake.

    Here is the required captcha codes as instructed from the website you gave me:

    --------------------------------------------------------------------------
    # Now we're ready to start modifying your code. First, we'll add code to display the CAPTCHA:

    require_once('recaptchalib.php');
    $publickey = "..."; // you got this from the signup page
    echo recaptcha_get_html($publickey);

    # In the code that processes the form submission, you need to add code to validate the CAPTCHA. Otherwise, the CAPTCHA will appear, but the answers won't be checked. The validation code looks like:

    require_once('recaptchalib.php');
    $privatekey = "...";
    $resp = recaptcha_check_answer ($privatekey,
    $_SERVER["REMOTE_ADDR"],
    $_POST["recaptcha_challenge_field"],
    $_POST["recaptcha_response_field"]);

    if (!$resp->is_valid) {
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
    "(reCAPTCHA said: " . $resp->error . ")");
    }
    --------------------------------------------------------------------------

    And here is the code for my submission form (note: you have to select a category first before you submit a link):

    --------------------------------------------------------------------------

    <?php

    require_once( 'headers.php' );

    // Input Data
    $smarty = new DirSmarty();
    $_output['linkback_mod'] = $SkaLinks->GetParam( "linkback_required" );
    if ( $_GET['cat'] )
    {
    $cat_id = ( int )$_GET['cat'];
    }
    else
    {
    $cat_id = ( int )$_POST['cat'];
    }

    if ( $_POST['Form_submitted'] )
    {
    $link_title_checked = convert_quote( $_POST['link_title'] );
    $link_desc_checked = convert_quote( $_POST['link_description'] );
    $link_extend_desc_checked = convert_quote( $_POST['link_full_description'] );
    if ( !$_output['linkback_mod'] )

    {
    // get the incorrect field
    if ( !preg_match( "/^http:\/\/[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\/)*[a-zA-Z0-9\-\._]*/", $_POST['link_url'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_url'];
    }
    elseif( ctype_space( $_POST['link_back'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_back'];
    }
    elseif( ctype_space( $_POST['link_title'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_title'];
    }
    elseif( ctype_space( $_POST['link_description'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_description'];
    }
    elseif( !preg_match("/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/", $_POST['link_email'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_email'];
    }

    if ( !$inf_item )
    {
    $link_attribute = 1;
    }
    }
    else
    {
    // get the incorrect field
    if ( !preg_match( "/^http:\/\/[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\/)*[a-zA-Z0-9\-\._]*/", $_POST['link_url'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_url'];
    }
    elseif( ctype_space( $_POST['link_title'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_title'];
    }
    elseif( ctype_space( $_POST['link_description'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_description'];
    }
    elseif( !preg_match("/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/", $_POST['link_email'] ) )
    {
    $inf_item = $_skalinks_lang['add_link']['link_email'];
    }

    if ( !$inf_item )
    {
    $link_attribute = 1;
    }

    }

    }// if ( $_POST['Form_submitted'] )

    if ( $link_attribute )
    {
    $_POST['link_url'] = trim( $_POST['link_url'] );
    $_POST['link_title'] = trim( $_POST['link_title'] );
    $_POST['link_description'] = trim( $_POST['link_description'] );
    }


    $template_id = ( int )$_POST['letter_id'];
    $_output['menu'] = 0;
    $_output['title'] = $SkaLinks->GetTitleChain( -1, $_skalinks_page['title'], $_skalinks_page['title_add_url'] );
    $_output['show_dirtree'] = $SkaLinks->GetParam( 'show_dirtree' );
    $_output['show_admin_ads'] = $SkaLinks->GetParam( 'show_admin_ads' );
    $_output['mod_rewrite'] = $SkaLinks->GetParam( 'mod_rewrite' );
    if ( $_output['mod_rewrite'] )
    {
    $_output['cat_index_url'] = $SkaLinks->GetParam( 'cat_index_url' );
    }

    $ADMIN = $SkaLinks->IsAdmin();

    //

    // TODO : Statements here...

    $_output['cat_info'] = $SkaLinks->GetCatInfo( $cat_id );
    $_output['cat_url'] = $SkaLinks->GetCategoryURL( $cat_id );
    $_output['cat_navigation'] = $SkaLinks->GetCatNavigationLine( $cat_id );

    if ( $_POST['Form_submitted'] )
    {
    $_POST['link_title'] = $link_title_checked['m_strip'];
    $_POST['link_description'] = $link_desc_checked['m_strip'];
    $_POST['link_full_description'] = $link_extend_desc_checked['m_strip'];
    if ( !$link_attribute && $cat_id )
    {
    $msg = $_skalinks_lang['msg']['inf_incomplete']."<br/>".$inf_item;
    $_output['info_inf'] = 1;
    }
    else
    {
    $_output['info_inf'] = 0;
    $status = ( $ADMIN ) ? 0 : 1;
    $alt_domain = ( $ADMIN ) ? $_POST['link_alt_domain'] : "";
    $added = $SkaLinks->AddLink( $_POST['link_url'], $_POST['link_back'], $link_title_checked['s_strip'], $link_desc_checked['s_strip'], $link_extend_desc_checked['s_strip'], $_POST['link_email'], $cat_id, $ADMIN['Name'], $template_id, $alt_domain );

    $link_info = $SkaLinks->GetLinksSearch( $_POST['link_url'], 0, 1 );
    $link_id = $link_info[0]['ID'];
    if ( $_output['linkback_mod'] )
    {
    $SkaLinks->VerifyLinkRecip( $link_info[0]['ID'] );
    }
    $location_link = $SkaLinks->GetCategoryURL( $cat_id );
    $listing_link = ( $_output['mod_rewrite'] ) ? $location_link."listing".$link_id.".html" : $location_link."listing.php?link_id=".$link_id ;
    if ( !$added )
    {
    $letter_theme = ( $ADMIN ) ? 't_admin_link_submitted' : 't_admin_link_approved';
    $SkaLinks->Mailer( $_POST['link_email'], $_skalinks_site['mail_theme'], $letter_theme, $_POST['link_url'], $location_link, $listing_link, $_skalinks_site['brand'] );
    }

    if ( $added )
    {
    $msg = $_skalinks_lang['msg']['link_exists'];
    }
    else
    {
    $msg = $_skalinks_lang['msg']['link_added']."<br>".$SkaLinks->GetParam('same_site_display');
    }
    }
    }
    if ( !$cat_id )
    {
    $msg = $_skalinks_lang['msg']['add_url_root_cat'];
    require_once( 'index.php' );
    }
    else
    {
    $tem_table = $SkaLinks->m_LetterTemTable;
    $tem_binding_table = $SkaLinks->m_LetterTemBindingTable;
    $cat_table = $SkaLinks->m_CategoriesTable;
    $category_id = $cat_id;
    while( !$_output['letter_template'] )
    {
    $result = $SkaLinks->db_Row( "SELECT `t2`.* FROM `$tem_binding_table` `t1` LEFT JOIN `$tem_table` `t2` ON `t1`.`Template_id`=`t2`.`ID` WHERE `t1`.`Cat_id`='$category_id'" );
    if ( $result )
    {
    $_output['letter_template'] = $result;
    }
    else
    {
    $parent_category = $SkaLinks->db_Row( "SELECT `Parent` FROM `$cat_table` WHERE `ID`='$category_id'" );
    $category_id = $parent_category['Parent'];
    }
    if ( !$category_id )
    {
    break;
    }
    }
    if ( !$_output['letter_template'] )
    {
    $sql = "SELECT * FROM `$tem_table` WHERE `Status`='1'";
    $result = $SkaLinks->db_Row( $sql );
    $_output['letter_template'] = $result;
    }
    $_output['js'] = 'form.js';
    display( 'add_url' );
    }
    ?>
    --------------------------------------------------------------------------

    I have not got a clue exactly where to place the captcha code within the submit form code right above this sentence. I know I'm going to sound lazy saying this but could you do it for me? If your code works, maybe I can return the favour for you, like I place a banner in my directory or something?

    If you want to post the successful code privately please send an email to me at this address: sfilinkdirectory (@) gmail (.) com.

    Thankyou in advance!

  5. #5
    Join Date
    Mar 2010
    Posts
    2,803
    I assume you registered the website you will be running the captcha on at the reCaptcha website. If you didn't, then it won't work.

    You can register here by clicking the sign up for API key which you need.

    http://recaptcha.net/plugins/php/

    Basicaly, the reCaptcha code sends the user entered captcha response to the reCaptcha server where the correct answer was generated for your website (that is why you need to register). It compares the user entered value with the correct value and then sends back something like true or false to your page processing the form data. If the user answer matches the correct answer then your form processing script continues:

    1)
    Code:
    require_once('recaptchalib.php');
    $publickey = "..."; // you got this from the signup page
    echo recaptcha_get_html($publickey);
    needs to go into your form. This code generates the captcha test in the form for the user.

    2)

    Code:
    require_once('recaptchalib.php');
    $privatekey = "...";
    $resp = recaptcha_check_answer ($privatekey,
    $_SERVER["REMOTE_ADDR"],
    $_POST["recaptcha_challenge_field"],
    $_POST["recaptcha_response_field"]);
    
    if (!$resp->is_valid) {
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
    "(reCAPTCHA said: " . $resp->error . ")");
    }
    needs to go into your form data processing script. It receives the response from the reCaptcha server saying whether the user entered the correct value or not. If the user entered an incorrect value your form processing scripts stops.

    3) The 'recaptchalib.php' file should be in the zip file you downloaded from reCaptcha. Place it in some folder on your website and then enter the correct path to it in the above require_once() statements.

    I hope this makes sense. It was about 3 years ago now since I started using my own captcha so the above is from memory. But there should be example php code in the zip file you downlaoded and the above link also has instructions on how to integrate recaptcha.

  6. #6
    Join Date
    Feb 2008
    Location
    NW Washington State
    Posts
    1,856
    After working with a large Forum (2500+) which received lots and lots of spam registrations, even with Captcha, I was very pleased when vBulletin upgraded to included human reason questions INSTEAD of Captcha. That switch made a HUGE difference for us! Captcha is easy for bots to get around, the human interface question is much, much, more effective!
    This human interface question can be as simple as:
    "Is 10 pounds lighter or heavier an 20 pounds?"
    "Are you male or female?"
    "Are you in the US or other country"
    It's pretty easy to imagine the correct answers to each question.. and these are just samples... make up your own answers appropriate for your own Web site.
    So create a simple PHP server side script to check for 2 or 3 variations of allowable answers. The results are far better than I've ever seen with Captcha.
    Best wishes,
    Eye for Video
    www.cidigitalmedia.com

  7. #7
    Join Date
    Mar 2010
    Posts
    2,803
    But even asking questions as a captcha test is not 100&#37; fool proof.

    All a hacker has to do is find out what the questions are and then write code that cycles through the possible answers and he/she will eventually very likely get through the captcha test.

    Obviously they won't get through on every occasion, but if they use some sort of 'brute force' algorithm then they very likely will eventually.

  8. #8
    Join Date
    Feb 2008
    Location
    NW Washington State
    Posts
    1,856
    Thanks Tirna for your comments!
    You have exactly boiled down the difference between decyphering the graphic representation of letters and numbers of a Captcha (which can be done by non-human bots) and human reason questions.
    All a hacker has to do is find out what the questions are and then write code that cycles through the possible answers
    I agree, if someone specifically targets your site, they will get in. But in my experience, it's the non-targeted, spamming registrations that were really giving us problems.
    Like.... NONE of the spammers would take the time to go thru the steps you just mentioned. Now really.... if you could spam a site just by typing in 6 or 8 wierd shaped letter or writing and testing PHP script to break a server side script, which would you do?? And it's not even the real humans I worry about! Even most of the hackers understand it's not worth their time.. so they use bot algorithms to 'brute force' the simple Captchas.
    I'm telling you, for our Forum at least, spam registrations and posts have dropped from dozens a day (with Captcha!) to almost zero. The difference is like night and day!
    At least keep an open mind or test it on a directory or Forum yourself.
    Best wishes,
    EfV

  9. #9
    Join Date
    Mar 2010
    Posts
    2,803
    In general I agree - I don't doubt at all that the amount of spam you receive now is greatly reduced.

    I built my own visual captcha for my own website's email submission form and it is extremely rare now for me to receive any spam emails.

    I agree that it would have to be significantly worthwhile for a hacker to spend the time to write the code to break a captcha test and imo the overwhelming majority of web sites, including mine, most probably don't justify the time it would take to break the site's captcha.

    But after having done quite a bit of research on how captcha's work and what makes them robust against attacks before building my own, I am surprised (well not really) at how many captcha tests, both visual and question type, are out there that would not be too difficult to break if someone wanted to spend the time to do so.

  10. #10
    Join Date
    Jul 2010
    Posts
    4
    maybe you'd like to try our captcha system (my boss made it) for your directory. he can help you integrate it to your submission form.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles