hackblog@wonderwinds

Thanks. Nice plugin. I'm guessing this is almost a 100% safe unless the spam bots guess the answer... right?

Correct. They can't simply crack it because the answer is different for each installation. They COULD try to brute-force their way in, but since the answer can be anywhere from 1 to 32 characters long it's unlikely that'll happen. In theory they could hire ultra-cheap labor to read the page and tell them the answer, but that means there actually is a human out there so ... you delete/ban/report the spammer's website and change your question and answer.

Hey there's a bug in v0.1 of this if you're using v1.9.2 of b2evolution. It'll work, at least I think it'll work, but a commenter will get all sorts of errors and notices and crap after they leave a comment with the correct answer. I have half a fix in place but I won't zip it up as v0.2 until I get to test it as a new commenter and as a previous commenter. It'll be 2 or 3 days before I get to that because I gotta go to work and that doesn't leave me much time to play with a keyboard.

Thanks, Ed. You just saved me the trouble of doing this myself :-)

Glad you like it Travis. I just finished and uploaded v0.2 though, so if you're using v1.9.2 you'll probably want to upgrade this plugin.

testing

12.72.134.173 (aka "ok") you're an asshole. This is not a playground. If you don't have a real name and a valid email address and something worth saying DON'T BOTHER COMMENTING!

Question: can the turing test be turned on only for user registration? Right now I think I want to use it only for new registration but enable it for comments and postings if needed.

Hi v1nce. As-is: no. I didn't even think to look to see if there were hooks available for the registration process so it doesn't work there at all. I'll check it out after work (which starts soon for me), and if so I'll make this work there. The next thing I would have to do is make the plugin only work on whichever of the 3 sections (comments, message form, and registration if possible) the admin wants, but since you can already set it to "registered members get the answer auto-filled" it's really transparent for them.

Good idea by the way. Gotta get ready for work so I'll check it out when I can.

Thanks Ed! Welcome for the idea.

Is it possible to use this with version 0.9.1?

Thanks :cheeze:

Yep, but not exactly this. Check out http://wonderwinds.com/hackblog.php/2006/03/23/simple_turing_test_for_0_9_1

Thanks

I like this concept. I think it should be expanded to user registrations (like on phpbb forums, where the captcha codes no-longer stop image scanning robots).

Now, it seems to me that even a more complicated question and one that doesn't provide the answer anywhere in the question might be better (to prevent text scanning, should this method become more popular as an anti-spam mechanism). Of course, the question would require specific correct answer (maybe one that could be googled). For example, "What iron compound is commonly known as fool's gold?" Answer: pyrite.

Hi sam. I've got a rev of this done that covers the registration process, but I got so busy trying to upgrade old skins for v1.9.2 that I let it sit on the back burner for far too long.

It, as-is, asks a different question of registrants than commenters so that you could pick and choose where to use it, and have different questions for each application. This way you could ask "what is the secret code word" for registrants, and have a generic type of question for comments. I won't open registration here, but the blog I run that will have open registration will require answering a question in which the answer has nothing to do with the question. So for example I could use your "fools gold" question with an answer of "TheCityOfLightsWentDarkLastNight". That way only people with access to the private phpbb forum on that web will be able to know the answer. For commenters though it's different (to me) because all I want to do is make sure it's a person out there. Spammers are extremely unlikely to break this, unless they are specifically targeting you. In that case it's probably a human acting maliciously so ... what can you do?

Anyway stay tuned as the "covers registration" version will be available soon. Gotta go to work soon, but I'm going to give up on skins for a while and get this plugin updated.

Aw crap I just made v0.3 and now see where I missed v1nce's desire for only using it on new registrants. Oh well. Just make a super-easy Q&A for comments like "type asdf" with the obvious answer "asdf" and a nice rejection text of something like "please - go back and type "asdf" in the field where it's required". Then give the free pass to previous commenters. I'll do a v0.4 for ya, but not now. Now I'm tired and going to bed.

That's ok Ed, I'll just wait for .04 don't hurry on my account. I recently upgraded b2 and just wanted an added measure of protection just for registrants because prior to the upgrade, I never let people register (only so they can subscribe to post update emails). My ideal version (hehe) would be a turing test that I can enable/disable for comments, posts and registration (or any combo of the 3).

Thanks for the plugin, Unfortunately after configuring everything it doesn't work on my blog. The question simply does not appear, and if I enter my comment, I get taken to a page that displays my "message to be displayed if user does not answer correctly". Is it because I am using a custom skin? Do I need to change something somewhere? This is the adress if you want to look at it yourself: http://www.le-ludophile.com/blogs/index.php?blog=5&title=video_games_ as_dramatic_reenactments&more=1&c=1&tb=1&pb=1#feedbacks Thanks for the support.

It's probably something to do with your skin, but not just because of using a customized skin. My best guess would be to compare your skin's _feedback.php file with the 'custom' skin that matches your installation, looking especially for plugin hooks. It'll say something about what it's for in both the commented out stuff and the name of the hook. Hope it helps!

I just installed and I had the same problem as dominic and I use a custom skin as well. I'll try what you just said but I could truly use specifics. I get way too much spam so I truly need this turing test.

I had to uninstal because of two things:

1. I need the error page to be customizable in the way it looks and...
2. My customized _feedback.php didn't allow the question to show up.

I'll try again later.

Hi! Nevermind I found the difference between my _feedback.php and the normal one. :eek: When I have time I'll try it out again. Thanks.

Yeah the _feedback.php file has a couple of changes in recent releases that can slip past you when upgrading a customized skin because, for the most part, feedback will work without those details being caught. I had the same problem when I tried to install smilies in comments because my _feedback.php file was missing a bit that only mattered for that detail.

The 'error page' isn't anything new in this plugin. I took advantage of a hook that allows me the same 'bad comment' response as you would see if you were to leave a blank comment. You can customize it though by editing htsrv/comment_post.php and looking for "Display error messages:" (line 190 in v1.9.3) and tweaking the contents there as you see fit.

This is a great plug-in. I just discovered it in the b2evo plug-in list on their main site. Thanks so much for putting it together, EdB!

Thanks for this script... it was keeping our blogs VERY safe after an enslaught of spammers... but...

I do believe we was HACKED!

For literally months, no worries... then someone searched under "bot test" using Google and found our blogs, then our SQL became unavailable, then the script stopped working and I can't find out why...

I uploaded a very recent copy of the CSS/PHP/HTML et al and it's still pooched... when I disabled the bot test, I had six pieces of spam comments in five minutes.

So, I downloaded the databases and... well... I can't find the glitch... but by process of elimination, it's in there somewhere.

When using IE (Firefox is my preferred browser so I used IE to test as it had no cookies) I notice a very visible "flicker" when I enter the e-mail into the form... so perhaps it's something there?

Can someone help a brother n00b out?

Sorry, but you're asking the wrong person. Getting hacked has nothing to do with using a plugin. Oh and tinyurl is, to me, pure spam. Especially when you call it a direct URL.

I owe Matthew an apology. Sorry dude, but the truth is I know nothing about how assholes hack servers, and really don't trust tinyurl any more. Hijacked by spammers, but I recognized your URL in your domain name and visited to see if you were intact or not.

I'd be really surprised if the hack happened because of this plugin since it doesn't even touch the database or your login credentials. It's possible, and if I learn that this really was the source I'll pull it offline and advertise that it sucks, but I doubt that's the case.

Anyway I shouldn't freak out because something looks spammy. It might be spam because sometimes humans are spammers, but it might be a real person. Like this time.

Sorry dude. Didn't mean to be such a dick.

Hi,

thanks for this plugin.

Rg Stulle

Testing plugin

Well, I was excited when I found the plug in! I follow the instal instructions and then, only then, did I realize I'm still running 1.6 Alpha! DOH! I have work to do Hopefully the upgrade will go without a hitch.


I used to live around McQueen and Ray.

Thanks for this EdB! The humble wizard that you are...

EdB, I know your just getting back into it but I do hope that you can update this fine plugin to work with the 2x versions at some stage in the future.

Testing Turing... EdB, I don;t know if as Admin you see the word "array" next to the Answer input field. This is what happened when I tried Turing with v2.

Yeah I'm seeing that now, but I doubt I'll fix it. I'm pretty much giving up on b2evolution is the thing. Don't like 220 at all!

Nice plug-in. It seems that it is case sensitive however. "Dog" isn't the same as "dog". Perhaps in the next version?

Hi Mark. Sorry, but no: the next version is already out and it doesn't do "case insensitive". To be honest I never considered it. I'll try the next time I'm tinkering on it, but no promises.