• Attempting to add reCaptcha

    From Noisome@VERT/DIGI52 to All on Thu Apr 11 14:31:57 2013
    Howdy all.

    I'm attempting to add reCaptcha to my newuser.ssjs/inc files. Of course I can POST when I hit submit.

    But I need to submit to the reCaptcha website first to get the true or false reply whether the user response was correct.

    Has anyone managed to do this? Or is there a better way, like SESSION variables for creating personal captcha questions? I haven't been able to
    find "session variables" to make captcha easier.

    Thanks in advance for any help.

    Noisome

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From echicken@VERT/ECBBS to Noisome on Fri Apr 12 00:44:10 2013
    Re: Attempting to add reCaptcha
    By: Noisome to All on Thu Apr 11 2013 14:31:57

    Has anyone managed to do this? Or is there a better way, like SESSION variables for creating personal captcha questions? I haven't been able to find "session variables" to make captcha easier.

    We don't have session variables in our SSJS environment, but there are always tricks you can play using temporary files and such. Not an ideal solution, but a readily-available one.

    I wrote my own captcha for Synchronet a few years ago, but it was an early effort and is not all that good. Glancing at the code now I can see that I made some poor choices, and it should be replaced by something newer-better-safer. That said, it should take some OCR or a lengthy brute-force effort to get past it, and I've yet to see any bot signups on my BBS. You can find it on the CVS at web/lib/captchaLib.ssjs, with supporting files in web/lib/captchaAnsis/. It's meant to use per-letter .asc and .ans files to generate the captcha "image", though right now there are just some figlet-generated .asc files. A few small changes would need to be made for it to work with the stock web interface; I can give further info if you happen to want to use it. I'll probably rewrite it in the near future.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Noisome@VERT/DIGI52 to echicken on Fri Apr 12 13:51:28 2013
    I wrote my own captcha for Synchronet a few years ago,

    echicken

    I did see that one and was going to use it, but then thought about reCaptcha and trying to add that solution. I'm not too savvy on SSJS (still learning) and didn't see any session variable info in the documentation, so figured I missed something. Apparently not. :)

    I could incorporate part of PHP scripting in there, but it'll be a non- transferable solution.

    I did see another idea that I could use for reCaptcha though last night.

    http://bestservedcold.com/news/embedding-php-in-ssjs-pages/62/

    Not embedding php, but using the idea to POST to the reCaptcha website on the server side. I hope it works.

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From echicken@VERT/ECBBS to Noisome on Fri Apr 12 12:56:24 2013
    Re: Re: Attempting to add reCaptcha
    By: Noisome to echicken on Fri Apr 12 2013 13:51:28

    Not embedding php, but using the idea to POST to the reCaptcha website on the server side. I hope it works.

    You can use exec/load/http.js to have your webserver make the HTTP request to the reCaptcha API. If you need any info on how to use it, let us know and we can post a quick example.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Noisome@VERT/DIGI52 to echicken on Fri Apr 12 17:34:36 2013
    You can use exec/load/http.js to have your webserver make the HTTP request to the reCaptcha API. If you need any info on how to use it, let us know and we can post a quick example.

    Please if you don't mind. I grepped the web directory for any examples and
    did not see one use the HTTPRequest function. I can probably muck through it, but any direction is better than no direction sometimes.

    Thanks for all the help!

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From Mro@VERT/BBSESINF to Noisome on Sat Apr 13 00:47:53 2013
    Re: Attempting to add reCaptcha
    By: Noisome to All on Thu Apr 11 2013 02:31 pm

    Howdy all.

    I'm attempting to add reCaptcha to my newuser.ssjs/inc files. Of course I can POST when I hit submit.

    But I need to submit to the reCaptcha website first to get the true or
    false reply whether the user response was correct.

    Has anyone managed to do this? Or is there a better way, like SESSION


    one thing you might want to consider is just making the script so it confuses bots. i've done that with several of my websites.

    people HATE capcha.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Noisome@VERT/DIGI52 to Mro on Sat Apr 13 10:03:25 2013

    one thing you might want to consider is just making the script so it confuses bots. i've done that with several of my websites.

    people HATE capcha.


    I do plan on incorporating confusing forms and a few other tricks, but I am *hoping* that I will soon receive a few people to my site to log in. With
    some of these people will come the jerks, especially the ones that already dislike me. ;-) I'd rather make it a tad more annoying than too easy.

    I host game servers and the information will soon be posted to visit my website. Now this may come as a concern as some will say Synch isn't cut out for that many connections, or why not just use apache/lighttpd/etc and php web forum, etc.

    I'm just having fun, and that's what this is really about in the end.

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From Mro@VERT/BBSESINF to Noisome on Sat Apr 13 10:12:52 2013
    Re: Attempting to add reCaptcha
    By: Noisome to Mro on Sat Apr 13 2013 10:03 am

    I host game servers and the information will soon be posted to visit my website. Now this may come as a concern as some will say Synch isn't cut out for that many connections, or why not just use apache/lighttpd/etc and php web forum, etc.

    I'm just having fun, and that's what this is really about in the end.

    okay but you will see.

    if you are running a web for non bbs content you are better off with apache or lighthttpd. it can still be fun :D
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Noisome@VERT/DIGI52 to Mro on Sat Apr 13 12:49:58 2013

    if you are running a web for non bbs content you are better off with apache or lighthttpd. it can still be fun :D

    Oh I have other content running on apache on other good hardware and OS. But this is 100% for fun and not for anything other than that. I'd rather
    "drudge" through this and learn something (limitations being one of the things I want to reach) than repeat the same things I have done too many times
    before.

    But anyway, http.js, any example on the best usage? :)

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From Ree@VERT/FTELNET to Mro on Mon Apr 15 10:52:09 2013
    one thing you might want to consider is just making the script so it confuses bots. i've done that with several of my websites.

    people HATE capcha.

    Totally agree with this. On sites where I'm getting contact form spam I've started doing this, with a 100% success rate in blocking spam (and presumably
    a 0% rate of blocking non-spam, but even if it's > 0%, it's only going to
    block people running browsers that don't support CSS, and that can't read simple instructions, so no great loss...):

    - Add txtUrl input box
    - Add label saying "leave this box blank or I will ignore your message"
    - Add CSS to hide both input and label
    - When form is submitted, prepend POSSIBLE_CONTACT_SPAM to subject line if an Url was entered
    - Setup mail filter to file away messages with that string

    Like I said works great, and doesn't annoy anybody. It's obviously easily circumvented, but until it is, I'm not going to worry about CAPTCHAs.

    ---
    þ Synchronet þ fTelnet and GameSrv Support BBS -=- http://bbs.ftelnet.ca
  • From echicken@VERT/ECBBS to Noisome on Mon Apr 15 12:02:16 2013
    Re: Re: Attempting to add reCaptcha
    By: Noisome to Mro on Sat Apr 13 2013 12:49:58

    But anyway, http.js, any example on the best usage? :)

    Here's a basic example showing a couple of uses of HTTPRequest.Get and HTTPRequest.Post:

    // Load the HTTP request library
    load("http.js");
    var response;
    var http;

    // Create HTTPRequest object 'http'
    http = new HTTPRequest();

    // Make a GET request, print the response
    response = http.Get("http://bbs.electronicchicken.com/test.xjs"); print(response);

    // Make a GET request with arguments in the query string, print the response response = http.Get(
    "http://bbs.electronicchicken.com/test.xjs?argument1=lol&argument2=dongs"
    );
    print(response);

    // Make a POST request, print the response
    response = http.Post(
    "http://bbs.electronicchicken.com/test.xjs",
    "&argument1=lol&argument2=dongs"
    );
    print(response);

    // End of example

    If you want to get a bit fancy, you can wrap your .Get and .Post requests in try ... catch blocks so that any errors that are encountered don't get shown to your users:

    try {
    response = http.Get("http://this.will.not.work");
    print(response);
    } catch(err) {
    log("There was an error: " + err);
    }

    Otherwise if the HTTP request fails for any reason, an error will be barfed out onto your page.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Noisome@VERT/DIGI52 to echicken on Mon Apr 15 12:35:01 2013
    But anyway, http.js, any example on the best usage? :)

    Here's a basic example showing a couple of uses of HTTPRequest.Get and HTTPRequest.Post:

    Perfect example! Thanks a great deal.

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com
  • From Noisome@VERT/DIGI52 to Ree on Mon Apr 15 13:55:52 2013
    Like I said works great, and doesn't annoy anybody. It's obviously easily circumvented, but until it is, I'm not going to worry about CAPTCHAs.

    Well that's kinda the point I was trying to avoid altogether, the "easily circumvented" part. I will have annoying people joining soon, maybe, and out of them will be *some* jerk.

    -hears a whisper, that's why you choose different, proven software :)-

    One main precaution though is that DOVE-net will be protected from the spam artists. It will require special requests to access write capabilities for
    any user to DOVE-net.

    My whole attempt is to merge olde sk00l with new skule in the most unl33t way possible.

    Thanks to da tuna with legs I'm much closer now :D

    ---
    þ Synchronet þ Digital 52 BBS - digital52.com