Image CAPTCHA v2.0
Release Notes
2.0 (2012-01-26):
- added: Dutch translation
- added: plugin setting to switch between icon sets (General, Fruit)
- changed: updated code to Elgg 1.8 standards
Jeroen Dalsem
Owner of ColdTrick IT Solutions, developing social networking sites for the dutch market
Project Info
Stats
- Category: Spam
- License: GNU General Public License (GPL) version 2
- Updated: 2014-11-17
- Downloads: 4618
- Recommendations: 36
Other Projects
View Jeroen Dalsem's plugins
Excellent Thank You
Works very nicely. Since adding this, foreign spammers have dropped to maybe 1 per month.
Coldtrick does it again! Thanks for the great plugin Jeroen, hopefully this keeps the spammers in check!
Thanks,This installed
Recommended! Works perfectly in: http://skslink.com/network/
Bye Bye Spamers!~
Tried it out with elgg 1.8.4. Works beautifully like everything else from coldtrick.
The trouble with most captcha is that they do not translate well to non-English languages. That is, most captcha (e.g. used by LinkedIn, if I remember correctly) requires also "domain knowledge" to guess some words. Unless you are American or English, it is sometimes very difficult to guess the word.
This image captcha resolves that issue (with the exception of RSS image, which is a bit nerdy:-) ). An apple is an apple everywhere.
As for an improvement, would it make sense to have the option of configuring various image sizes?
With my limited knowledge, I have one suspicion with this catcha: The answer set is pretty small (possibly it can be extended but by definition it can not be too many). Would it pose a risk to repeatative attemps? That is, could someone mimic UI clicks and go one by one over these images and after a few rejections find the correct one? Or is it not possible to do programmatically (automatically)?
Regards.
The site logo for my site does not display on mobile view,instead it show on plain white font like the default view on site.how can i solve this
sorry for posting the wrong message ,I installed this plugin and it is ok.would this plugin solve the problem of spam groups.I have aot of Spam groups to delete and prevent.
@Burada if it is possible to do a lot of registrations within a short period then it is possible that eventually the right image is clicked. This could be prevent by blocking registration if it fails 5 times in 1 min from 1 ip or something like that.
@kxx4 this plugin places captcha at every place that supports captcha on your site. Group creation is not one of those, but it would be better to block out unwanted users before they ever get into your site.
@Jeroen Thanks.
Spanish Translation:
1- Crete file es.php in: image_captcha/languages/
2- Copy and paste the following text:
I just realised that this plugin prompts users to select an item if they are human but still rejects the request or form submission e.g ' sorry the selection did not match.
Please advice.This happens on 'user registeratioN and password recovery'
My site is running v1.8.1
HELLO, I SOLVED THE PROBLEM. I NOTICED THAT I LEFT THE DEFAULT CAPTCHA ON.IT IS WORKING NOW
so far this is the best plugin to prevent 99% of spam on my site. i was using the regular captcha with alpha/numeric values but still had getting spammers every single day! so far it's been a whole day without spammers registering on my site. i'd recommend this plugin for everyone to use against spammers
Hi
I have Crete a file pt.php and i put:
But after export to folder all i have is a blank page.
Can someone help me??
Tks in advance
Very good, perfect in 1.8.5
I really appreciate your work.
Sorry for English
@José:
replace
'image_captcha:settings:icons' => ""Selecione os ícones que você gostaria de usar para o CAPTCHA,
with
'image_captcha:settings:icons' => "Selecione os ícones que você gostaria de usar para o CAPTCHA",
this should work.
Is it deliberate that the captcha doesn't make registration form sticky before forwarding the user?
Clearing the form may of course slow down the bots but I think it's also bad UX. Few users realize that they also have to select the correct captcha image a second time if some other form value causes the registration to fail. And then the missing captcha answer causes the whole form to be cleared.
@juho : captcha may be used in other instances like registration, forgot password, private messages also. A general solution like https://github.com/Elgg/Elgg/issues/4996 will be better.
@webgalli It wouldn't be a problem for the capcha to use sticky form only when user is doing registration. It says exactly that in the issue:
At the moment I use a customized 'action', 'register' hook handler that doesn't do anything else but makes the form sticky before captcha is validated:
This could as well be done in the image_captcha plugin.
doesn't elgg 1.8 already sticky the register form data for itself ? unless the captcha screws that up ;oO
@Dhrup Yes, Elgg core would make the form sticky in the register action but the request never get's that far because captcha intercepts the registration before it. That's why captchas should take care of making the form sticky before they deny access to the action.
Unfortunately this is currently the only way to prevent an action being done. I would suggest a change in core to be able to handle these issues. They should split the action handler in two seperate hooks. The first one should be the "prepare_action" hook and the next the "execute_action" hook. The first hook will be used for validation purposes, and the execute for the definitive handling of the action. This gives developers more control. For this plugin it would mean that in the prepare hooks the forms can be made sticky, so the last hook (CAPTCHA) could check for a valid CAPTCHA and forward back to the form with all sticky fields intact.
I'm so sad/disappointed/distressed to find that no one, not even a single developer/user of elgg, points out how vulnerable this plugin is:
$('#image_captcha .img').each(function(){ if((/\/([^\/]*)\.jpg/i).exec($(this).attr("style"))[1]==$('#image_captcha label u').html().toLowerCase()){ $(this).click(); } });
I just inhereted a project that has this installed, and I was just going to say the same thing. Need to prevent the answer from being visible in the image urls.