Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Update Plugin: Very Simple Bot Protection (VSBP) (V1.0.2)

+9 votes
3,043 views
asked Apr 11, 2014 in Plugins by sama55
edited Dec 19, 2014 by sama55

I developed capture plugin to substitute for reCAPTCHA. I used idea of "Very Simple Anti Bot Registration (VSABR)" mod of FluxBB in Q2A. However, I made program in scratch. This plugin works like reCAPTCHA. Question patterns exist in the language file. You can add patterns without limit. It will be useful on none English / multilingual site. In addition, because I added SHA1 certification hash in form, I think security level and bot block performance is high relatively.

Snapshot

Compatibility

1.6.x, 1.7 (2014/12/20 Updated)

Real demo

Download

Digression

I translate Japanese of FluxBB. There are various kinds of bulletin board. But, FluxBB is very fast. People who are also interested in bulletin board should try it. Surely you will be surprised at god's speed.

Have fun !!

Q2A version: 1.6.x, 1.7
commented Jun 30, 2014 by hungerburg
Cool, options are now correctly saved. Thank you sama!

Regarding languages: Initially, in my installation I did delete all the language files except the default one, which I modified, because I was not sure if others would get the questions defined in those files, e.g. if their browsers are configured differently. My site is not multilingual, so now I am assured that only the questions in the file that matches the site-language would ever be posed to anybody.

I suggest, that the note field in the language file prints its name, so admins know where to edit in their own challenges. Below line works for me (there may be a better place, but it is good nevertheless):

   'vsbp_case_sensitive_note' => 'Language file: '. basename(__FILE__),

Peter
commented Jun 13, 2016 by hungerburg
The Download Link is broken - I have an older version in my q2a and would like to get the 1.7 (2014/12/20 Updated) one - please make the download link work again

5 Answers

+1 vote
answered Apr 15, 2014 by Waterfr Villa
Hi Sama Thank you, but the questions are very limited. Was wondering if you could make the questions generated randomly

Thank you
commented Apr 15, 2014 by Waterfr Villa
that I know, but anyways thank you, i guess there is a  little bit of miscommunications here :)
commented Apr 15, 2014 by Scott
What Waterfr is saying, is that if you had a list of numbers and operators (plus/minus) the plugin could randomly choose 2 numbers and an operator. With 1-10 and +/- you can have 200 different questions without writing them all out manually.

But this plugin is more flexible in another way, since you can put any answer to any question not just numeric. You could write "What is the capital of France?==Paris".
+1 vote
answered Apr 15, 2014 by Scott
I took a quick look at the code and I should point out that using sha1 doesn't really increase the security that much, at least not for numerical answers.

You put the hash in a hidden field, so all I would need to do is take the question, add == and then try every number from 1-100 and hash each one until it matches the hidden value. In fact you almost do this yourself in the validate function...

A better idea would be to have a salt that is not shown on the web page. You can use the language file for that easily. And then do sha1 of salt+questions+answer.
commented Apr 15, 2014 by sama55
Do you understand definitely, too?
commented Jul 9, 2014 by hungerburg
As far as I understand the code, where crypto gets used here: There can be more than one answer to the same challenge, which is very nifty, BTW. SHA works around putting the literal answer into the form while still being able find the correct challenge ;)

Now, if this was a user login form or a banking transaction form, Scott should be right, IMO. In this case though that smelled a little of over-engineering ;)

PS: the salt would rather be a back-end config, like case-sensitivity… (just in case you would want to put this module into mainline q2a)
commented Oct 20, 2014 by Waterfr Villa
This plugin has a potential for salving many spam issues Sama! Say you wanna launch a website in Japanease or Arabic etc, then your plugin questions would be only in those languages and you will not be bothered by Spammers who only understand English! at least you filter them out big time! Anyways good initiative Sama, thank you
+1 vote
answered Oct 7, 2014 by truthonlytruth
I have just downloaded and installed this...

I will closely watch how it goes and report back here...

Thanks...
commented Oct 8, 2014 by truthonlytruth
Well looks like stop spam bot for registering bogus accounts...
Good job... :)
+1 vote
answered Oct 20, 2014 by Waterfr Villa
I just wanted to invite others who suffer from spammers to test this out. Espceally helpful if your website targets non-english speackers
+1 vote
answered Nov 3, 2014 by jasom

Hi, I just want to say thank you for this simple awesome plugin. Here you can see my versions of questions:

    'vsbp_qs_1' => 'What is missing from Seoquestions.cl_b?==u',
    'vsbp_qs_2' => 'What is missing from Seoquest_ons.club?==i',
    'vsbp_qs_3' => 'What is missing from Seoque_tions.club?==s',
    'vsbp_qs_4' => 'What is missing from Seoq_estions.club?==u',
    'vsbp_qs_5' => 'What is missing from Seoquestions.c_ub?==l',
    'vsbp_qs_6' => 'What is missing from S_oquestions.club?==e',

My site is Seoquestions.club and this kind of question help users to memorize the brand.

commented Nov 3, 2014 by truthonlytruth
clever and nice... :)
commented Nov 3, 2014 by sama55
Fine. Simple numerical formulas seem to be analyzed with bots. Your usage may prevent many bots.
...