Lol @ MyBB 1.6.5 hidden "CAPTCHA"
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #1
Lol @ MyBB 1.6.5 hidden "CAPTCHA"
It seems MyBB 1.6.5 is trying to be a little more resistant to spam.
Some measure seem good, others are questionable.  Overall it probably won't really do much, though I guess every bit helps.

One thing I do wonder about is this "hidden CAPTCHA" thing they've introduced.  Despite the fact this is nothing like a CAPTCHA, I'm really not sure how they think an additional setting will really make it harder for spambots to get through.

member_register_hiddencaptcha template

HTML Code
<tr style="display: none;">
	<td colspan="2" id="{$captcha_field}_status">Leave this field empty: <input type="text" class="textbox" name="{$captcha_field}" id="{$captcha_field}" style="width: 100%" maxlength="50" value="" /></td>
</tr>


Existing spambot applications may need to be slightly tweaked to get around this.  But as this is a forum system level thing, it's likely they'll do it - the only issue being when (not if).
The absurd part is that the name of the field can be changed.  This is pretty much completely pointless - at most it makes the regex slightly tricker to write.  And the code to get around it is much smaller than the code to implement all of this.

Well written spambots should automatically be able to bypass this anyway.  If I were writing a bot, I'd automatically do something similar to:

PHP Code:
$data = preg_replace('~\<([a-z0-9]+)(?:\s+|\s[^>]+\s)style\=([\'"])display\:\s*none;?\\2(?:\s[^>]*)?\>.*?\</\\1\>~i', '', $data);

(regex not deemed to be perfect, but if I wanted to do a 60 second fix to my spambot, this is probably what I'd do)
before trying to parse the <input> tags on the page.
So really, I don't give a damn what you name the field, this spambot bypasses it all without issue.

Not too sure why there's a setting to enable/disable this either, unless it's to get around the template updater not properly inserting the variable, although this won't really have any detrimental effect.


Other thing I'd like is a properly extendable CAPTCHA class (hint: interfaces), not some poorly designed OOP concept.


My Blog
(This post was last modified: 10-06-2011 12:49 PM by ZiNgA BuRgA.)
10-06-2011 12:41 PM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Lol @ MyBB 1.6.5 hidden "CAPTCHA" - ZiNgA BuRgA - 10-06-2011 12:41 PM

 Standard Tools
Forum Jump: