Techronnati Update

Posted: 26 Aug 2009 02:53 AM PDT

Have you ever experienced getting a lot of spams in your PHPBB3 Forum lately? I’ve been actually monitoring my forums sections for the past 3-4 months until I discovered by chance I was already hijacked by the spam bots pretending to be real users to the discussion boards. The behavior seemed having a recognizable pattern. They simply put a link to their drug selling sites shown in their profile then manage to create several posts in some vulnerable board sections. You know some sorts of viagra sign ups crippling and making your board dirty and messy. Some tend to have the same IP Addresses, some even have good-to-copycat-real email accounts with gmail and yahoo suffixes masquerading as real users while others play with mail.ru and *.ru extensions at the least. No wonder, these were the tactics but there’s nothing new to me as i also fight these spams here on my wordpress blog installation (Thanks to akismet plugin). The only sad part which i have to handle was cleaning the records manually myself since they have created a lot of links/posts making my life miserable. At first, I was having seconds thoughts what transpired this event since i didn’t place any mod recently. Only to find out, a cracked was made available and was (able to be solved by spambots) in due time. Hmmm.. as i figured out, they were intelligent enough as i have expected. Hmmm….

At first i thought making a simple quick hack into the captcha code to base the image on a reasonably bland photographic background would make a difference but decided to implement a much more secure and widely used spam fighter in the net which is the Recaptcha plugin. This is just to make sure. You know how these spams work together to achieve their mission. Good thing was i was able to install recaptcha in minutes for my PHPBB3 Forum. I used to include Recaptcha code in other Forums (i.e. SMF) which i manage as well and so far i am happy the way it works.

If you are not sure how this can be applied to your PHPBB3, then this procedure may come in handy which can also be found in:

http://code.google.com/p/recaptcha/downloads/list

Files you will need:

reCAPTCHA PHP plugin, available at:

http://code.google.com/p/recaptcha/downloads/list

Extract the file ‘recaptchalib.php’ and place it in:

%phpbb_root_path%/includes/captcha

Files that will be modified in your phpBB3 directory:

%phpbb_root_path%/styles/prosilver/template/ucp_register.html

%phpbb_root_path%/includes/ucp/ucp_register.php

Code to modify:

In ucp_register.html, locate:

<dd>{CONFIRM_IMG}</dd>

Then delete the following lines of code or comment them out:

<dd><input type=”text” name=”confirm_code” id=”confirm_code” size=”8″

maxlength=”8″ title=”{L_CONFIRM_CODE}” /></dd>

<dd>{L_CONFIRM_CODE_EXPLAIN}</dd>

In ucp_register.php, there are many changes that you’ll have to make,

so I’ll have to make the instructions compact.

/*Step 1. Place this code before the line “class ucp_register,” which

is near the top of ucp_register.php*/

require_once($phpbb_root_path . ‘includes/captcha/recaptchalib.’ .

$phpEx);

/*Step 2. Place this code after the line “global $config, $db, $user,

$auth, $template, $phpbb_root_path, $phpEx;” which is a few lines

after step 1.*/

// Get a key from http://recaptcha.net/api/getkey

$publickey = ”;

$privatekey = ”;

# the response from reCAPTCHA

$resp = null;

# the error code from reCAPTCHA, if any

$error = null;

/*Step 3. Place this code on the line “$confirm_id =

request_var(’confirm_id’, ”);” in other words, replace the original

code with this new code*/

$confirm_id = (isset($_POST['recaptcha_response_field']));

/*Step 4. Comment out or delete the following line of code.*/

‘confirm_code’ => array(’string’, !$config['enable_confirm'], 5, 8),

/*Step 5a. Go to the section:

// Visual Confirmation handling

$wrong_confirm = false;

if ($config['enable_confirm'])*/

if (!$confirm_id) {

}

else {

/* Comment out or delete all code within the first else statement

(which has nested if…else statements within it) and replace with the

code in Step 5b.*/

}

/*Step 5b. Place the following code within the first else statement.*/

$resp = recaptcha_check_answer ($privatekey,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

if ($resp->is_valid == false) {

$error[] = $user->lang['CONFIRM_CODE_WRONG'];

$wrong_confirm = true;

/*Step 6. Comment out or delete everything between the following two

lines of code. The two lines themselves are also deleted. In total,

you should be deleting about 13 non-empty lines of code*/

//first line of code.

$code = gen_rand_string(mt_rand(5, 8));

//last line of code

$db->sql_query($sql);

/*Step 7. A few lines after the end of Step 6, replace “$confirm_image

= ” and its values with the following line of code. Basically, you’re

assigning the variable $confirm_image with a new value.

$confirm_image = recaptcha_get_html($publickey, $error);

Step 8. You should be done. I hope. It works for me on my development

webserver, on a basically vanilla version of phpbb3.

There you have it guys. Why don’t you try it? It’s worth your time and effort. Needless i say, this totally saved my boards for despair. =) Thanks to Recaptcha Plugin. . .Kudos to the creators/originators of this helpful plugin for making it FREE and ACCESSIBLE! You make our lives easier. CATCHA !!!=)

http://code.google.com/p/recaptcha/downloads/list