Lol @ MyBB 1.6.5 hidden "CAPTCHA"
ZiNgA BuRgA Online
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #1
Lol @ MyBB 1.6.5 hidden "CAPTCHA"
It seems MyBB 1.6.5 is trying to be a little more resistant to spam.
Some measure seem good, others are questionable.  Overall it probably won't really do much, though I guess every bit helps.

One thing I do wonder about is this "hidden CAPTCHA" thing they've introduced.  Despite the fact this is nothing like a CAPTCHA, I'm really not sure how they think an additional setting will really make it harder for spambots to get through.

member_register_hiddencaptcha template

HTML Code
<tr style="display: none;">
	<td colspan="2" id="{$captcha_field}_status">Leave this field empty: <input type="text" class="textbox" name="{$captcha_field}" id="{$captcha_field}" style="width: 100%" maxlength="50" value="" /></td>
</tr>


Existing spambot applications may need to be slightly tweaked to get around this.  But as this is a forum system level thing, it's likely they'll do it - the only issue being when (not if).
The absurd part is that the name of the field can be changed.  This is pretty much completely pointless - at most it makes the regex slightly tricker to write.  And the code to get around it is much smaller than the code to implement all of this.

Well written spambots should automatically be able to bypass this anyway.  If I were writing a bot, I'd automatically do something similar to:

PHP Code:
$data = preg_replace('~\<([a-z0-9]+)(?:\s+|\s[^>]+\s)style\=([\'"])display\:\s*none;?\\2(?:\s[^>]*)?\>.*?\</\\1\>~i', '', $data);

(regex not deemed to be perfect, but if I wanted to do a 60 second fix to my spambot, this is probably what I'd do)
before trying to parse the <input> tags on the page.
So really, I don't give a damn what you name the field, this spambot bypasses it all without issue.

Not too sure why there's a setting to enable/disable this either, unless it's to get around the template updater not properly inserting the variable, although this won't really have any detrimental effect.


Other thing I'd like is a properly extendable CAPTCHA class (hint: interfaces), not some poorly designed OOP concept.


My Blog
(This post was last modified: 10-06-2011 12:49 PM by ZiNgA BuRgA.)
10-06-2011 12:41 PM
Find all posts by this user Quote this message in a reply
WhiteEagle Offline
Member
***
Posts: 62
Joined: Sep 2011
Post: #2
RE: Lol @ MyBB 1.6.5 hidden "CAPTCHA"
I've gotten 21 registrations at LL that I have a sneaky suspicion are spammers, but because none of them have posted yet (or maybe the Bad Behavior plugin I installed prevents them?), I can't do nothing about them. Tongue If they were genuine, I think they would have posted by now.

I fold for team 52482. Do you fold?
MyBB powered sites: Leet Link FoodRatings
10-07-2011 06:23 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Online
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #3
RE: Lol @ MyBB 1.6.5 hidden "CAPTCHA"
I've had plenty of (legit) registrations in the past who never post.  TBH, I'm not too sure why a lot of people do it - maybe it's for the ability to change settings or remember read threads, or maybe they intended to post, but changed their mind later on.

You can check if they've filled in their signature or website - if so, a good possibility of a spammer.

My Blog
10-07-2011 08:19 AM
Find all posts by this user Quote this message in a reply
WhiteEagle Offline
Member
***
Posts: 62
Joined: Sep 2011
Post: #4
RE: Lol @ MyBB 1.6.5 hidden "CAPTCHA"
I've blocked sigs for those under 10 posts. Don't want to deal with hassle of signature spam.

I fold for team 52482. Do you fold?
MyBB powered sites: Leet Link FoodRatings
10-09-2011 10:00 AM
Find all posts by this user Quote this message in a reply
YoYoBallz Offline
Junior Member
**
Posts: 2
Joined: Mar 2008
Post: #5
RE: Lol @ MyBB 1.6.5 hidden "CAPTCHA"
I added a security questions to my site and spam registrations have stopped.  I know it's not the best fix but it indeed has helped.
10-10-2011 06:06 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

 Standard Tools
Forum Jump: