I am looking for a few people running LinksSQL v3.x to beta test
an image verification plugin I have written.

The plugin is called CAPTCHA, and it displays a randomly generated
image/code that must be entered in order to submit the various forms
used throughout LinksSQL.

The forms that are image-protected against spam bots include:
User Signup, Add Link, Modify Link and Reviews. Each form can be
individually enabled/disabled with regard to the image verification.

The CAPTCHA plugin currently uses PHP to create and display the verification
image. There will be a non-php version in the near future. Non-PHP modes will
require one of 2 perl modules... GD::Image or ImageMagick. If your server is
equipped with either/both of those perl modules, please say so, as that makes
you an ideal beta tester.

The CAPTCHA plugin is used by 2 other plugins I have written.
The 2 plugins are Guestbook plugin and Contact Form plugin. Beta
testers will be given a single license to all 3 plugins in return
for testing and feedback.

If you are interested in testing this plugin, please send me a PM
providing the url that you would be installing the plugins at.

Chris
RGB World, Inc. - Software & Web Development.
rgbworld.com

Hi Chris,

Does your CAPTCHA plugin work with rating feature too? so that when user is rating the script, the vote 'will not' be counted, if image verification fails. As I believe that is the area where maximum span happens (along with link submission I suppose)

Thank you.

Vishal
-------------------------------------------------------

CAPTCHA can be added to any form, but it does require a pre_ hook
on the submission of the form in order to call the verification subroutine.

If verification fails, no further action is taken and the submitter is
directed back to the form which displays a verification failed message.

I am adding hooks for the forms I determin need verification.
I questioned adding CAPTCHA to the rating form, so I will add that one too.

Currently supported forms are:
User Signup (user_signup)
Add Link (user_add_link)
Modify Link (user_modify_link)
Add Review (add_this_review)
Rating (rate_link)

Each hook can be individually enabled/disabled. I will add others if suggested.
CAPTCHA is also supported by my ContactForm plugin, Guestbook plugin
and soon-to-be UserEdit plugin.

Chris
RGB World, Inc. - Software & Web Development.
rgbworld.com

Although I think this plugin is a VERY good idea. I was wondering how useful it would be; how hard would it be for a hacker/bot to falsely rate/modify etc? (Unless of course community is installed)

A user can't access any of these features without signing up. A user can't sign up without entering the image verification. Therefore it seems redundant. A contact page seems different because a webmaster may not require a user to signup to contact them. I recently had to take down my contact page (written in php) due to a server overload because of these hackers.

I guess my real question is: Would this plugin be mainly used for non-community users, or would there be a use for it with community users (with image verification turned on) ?

Thanks,

- Jonathan

I may want to beta test it for you. I actually bought that sort of thing and more from Pugdog, but I wasn't initially able to get it to work... but there was a bit of an issue with my server. I think that issue is resolved now, so I'll have to try it again.

As to the PHP email forms, one of my other sites got hit really bad by that last week. If you don't know what happened, I'd venture a guess it was the "email injection" vulnerability. Google that for more information. I figured out what they were doing and read how they were doing it, but was unable to make my forms do it... but with all the bounce messages, it was clear what was happening. Luckily with the subject line, I was also able to determine which of my clients sites was the culprit too.

Instead of trying to fix my current form, which I couldn't test anyway, I just found a whole new script that did the code checking it needed. It also has a basic image verification etc. Anyrate, you can check it out at http://www.dagondesign.com/articles/secure-php-form-mailer-script/ It wasn't quite what I was expecting, it actually creates the form for you, but once you get the simple hang of it, it's really cool. Hint: If you use it on multipe sites, just use the // to comment out any form fields you don't need as you go from site to site.
------
John Martel
New Age Web Marketing
My GL site

Many sites prefer to allow users to be able to rate links without having an user account, and in such case CAPTCA can be little bit too useful (especially if it also logs the list of IP's and votes by them).

Vishal
-------------------------------------------------------

So why did you ask this question?

I added the Rate form because I thought you were requesting it.
I personally will only be using CAPTCHA on the Contact Form and Guestbook.

If someone chooses to allow visitors to Add Links, Modify Links, Add Reviews
without being a registered user, they will now have the choice of adding
image verification to those forms. If they don't need it, they don't need it.

I am still looking for beta testers as per my original post

Chris
RGB World, Inc. - Software & Web Development.
rgbworld.com

Thanks for the response. I actually found another page on my site that was getting exploited: recommend.cgi. I guess this would be a perfect example of a script community users (with image verification) would find useful. Since recommend it does nothing but give you more hits, it would be pointless to have a user be required to login. Have you thought about adding the option to external links scripts? Maybe having a simple global or include or hook to allow this. I know its not as simple as it sounds.

Thanks,

- Jonathan