XOOPS Bot Signup Protection

From XOOPS Web Application System

ModuleRepository_X

Release Notes

Have you ever noticed how some programmers have been witting spam bots that automatically sign up to your website. They signup with usernames like newiz002344 and so on, this is an implementation of Captcha, that prevents bot and only humans from signing up.

All you have to do is unzip into the root of your xoops installation and CHMOD 775/777 the path /uploads/_captcha_tmp/

This required GD or GD2 Library to be installed and utilises one of the better turning keys for registration. It is more of a security patch! It has been tested on xoops 2.0.14 - 2.0.16, unsure if compatible with later versions.

This turning key utilises Artifical Intelligence to validate your data entry and as far as I can tell does not use or has been broken by security breeching robots.

ZIP CRC

• MD5: b7c6e32001bfdce57e03845735ceb4a6
• SHA1: 07377f063eee08180f91a6644df2ab44d691ad12
• RIPEMD160: 4414195707ea9c3f509394b72b942c43473afcab
• CRC32: b7184fb0

BUG FIXES

• True Type Fonts Inc
• PHP Server Setting Patched - Some PHP Servers would have a problem with the location of the file, this has been patched to use XOOP_ROOT_PATH

File Details

1. Author: Wishcraft
2. Version: 1.04
3. Downloads 88
4. File Size: 520.51 KB
5. Home Page: Chronolabs

Installation

Simple copy into your /public_html path from the root of the zip source code. You should see some similar directories, this is compatible with XOOPS 2 - 2.0.1 - 2.0.18.1 RC as currently tested.

It is an easier alternative for registration hack that takes some programming skills. You may have to chmod /uploads/_tmp_captcha but in most instances this will already have a fine access path permission needs to be either 755, 775, 777 varying on server structure.

Make it more Secure

To make it more secure in your site there is two variables you must change to ensure this module cannot be cracked!

In /yoursite/register.php you need to find this statement, it is at the top:

$CAPTCHA_INIT = array(
            'tempfolder'     => XOOPS_ROOT_PATH.'/uploads/_captcha_tmp/',      
            'TTF_folder'     => XOOPS_ROOT_PATH.'/include/fonts/', 
            'TTF_RANGE'      => array('ariblk.ttf','BAUHS93.TTF','BROADW.TTF', 
                                      'CHILLER.TTF','ELEPHNT.TTF'), 
            'chars'          => 6,       // integer: number of chars to use for ID
            'minsize'        => 13,      // integer: minimal size of chars
            'maxsize'        => 16,      // integer: maximal size of chars
            'maxrotation'    => 17,      // integer: define the maximal angle for char-rotation, good results are between 0 and 30
            'noise'          => TRUE,    // boolean: TRUE = noisy chars | FALSE = grid
            'websafecolors'  => FALSE,   // boolean
            'refreshlink'    => TRUE,    // boolean
            'lang'           => 'en',    // string:  ['en'|'de']
            'maxtry'         => 3,       // integer: [1-9]
            'badguys_url'    => '/',     // string: URL
            'secretstring'   => 'A very, very secret string which is used to generate a md5-key! Jesus!!',
            'secretposition' => 12,      // integer: [1-32]
            'debug'          => FALSE
}

You will need to change these two variables to something random.

'secretstring'   => 'A very, very secret string which is used to generate a md5-key! Jesus!!',
'secretposition' => 12,      // integer: [1-32]

The secretstring can be any string you want your name, your mother friend best friend puppies name or a combinations of data, you might like to change the secretposition as well, this is an integer between 1 and 32