CustomImgCaptcha: Spam Combat 2.4.1

CustomImgCaptcha: Spam Combat 2.4.1 2.4.1

No permission to download
Some bots seem to attempt to insert images in the users answer field (why, I'm not really sure). When logging this data, it can cause a server error, since the column is utf8, and the DataWriter sends a string that contains binary (which throws a server error). I now sanitise the user answer before sending it to the XenForo DataWriter.
I'm using a form that is heavily spam active (due to the niche and age). One of the great things about this (for me) is that I encounter all sorts of direct attempts to bypass anti spam mechanisms. One of the methods they have attempted is to use old direct links to image for comparison (I've already prevented this type of binary comparison by creating >300k versions per image and the public uuid link being invalid after 24 hours). Due to the number of versions of images, they fail at beating the system, but unwittingly provoke a server error.

So the minor issue is: If a user uses a deactivated public uuid, it throws an error in the server error logs (normal users wont ever see this, but those attempting to automate and bypass the Captcha.. and failing, will)
-- This error is now handled, instead of the attacker producing an error, they just get returned a blank page.
  • Like
Reactions: Toxic
Fixed an issue with images not displaying correctly in IE
  • Like
Reactions: Toxic
  • For every custom image you upload, 320,000 different possible versions are available to be shown to the user, making a binary comparison harder
One of the ways CustomImgCaptcha could be beaten is by the user downloading each of your images and associating the answer to the image (similar to how qa was beaten). These image:answers could then be stored in a central database. Then using a binary comparison to the image:image in database, the image answer could be solved (This would be costly, since images take up space)

.. now this would be much harder, for every single custom image you use, there are now 320,000 different versions shown to the user, all varying quality, smoothness, contrast, brightness. This makes a binary comparison much harder

The images them selves are still good enough quality for the user to identify.
2.2.0b (same a 2.2.0, but img link without the index.php? was not working..)
CustomImgCaptcha Minor Bug Fix To Make Sure Index is not out of bounds for variations of FaceBook Registration (This only produced an unseen server_error and allowed users to register)
Can now turn off username checks for StopBotters (prevents bots taking up all of the valid usernames). Username checks are fairly unnecessary
Forgot to Add the automatic Key update function with the last version (2.0.1), added it to this version 2.0.1b
Back
Top Bottom