Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Oct 2002
Posts: 24
Newbie
Newbie
Offline
Joined: Oct 2002
Posts: 24
Mod Name / Version: Security Code to Prevent Automated Login Attempts

Description: Recently there have been some brute force attempts to crack passwords on my BB. These attacks are automated, and work simply by trying every possible password (starting with common words and phrases). In order to protect our members from having their accounts compromised, I created a security code feature which prevents automated login attempts. I don't know how many other administrators have this same problem, but for those that do this modification is relatively easy to install and provides reasonably strong protection against automated login attempts.

The security code is a standard CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart). It generates an image of a 4 digit number which must be typed in correctly for the login to succeed. Here is an example of what it looks like on my BB.

Working Under: UBB.Threads 6.4

Mod Status: Finished

Any pre-requisites: PHP compiled with GD library support.

Author(s): Ythan

Date: 07/05/04

Credits: Thomas Jacob for the Captcha PHP Script.

Files Altered:
/login.php
/logout.php
/start_page.php
/ubbt.inc.php
/templates/login.tmpl

New Files:
/includes/captcha/captcha_func.php
/includes/captcha/captcha_pic.php

Database Altered: No, but if your server doesn't support sessions you will have to create a new table.

Info/Instructions: First, download and extract the new files you will need (they are attached to this post).

Captcha_func.php contains the configuration information for the script. If your server supports sessions, you should not need to alter any settings. Otherwise, you will need to configure the script to use mySQL. Instructions can be found on the script's web page.

After verifying the configuration settings are correct, make a new directory called 'captcha' in your /forums/includes directory, and upload the two new files to that location. (You can use another location if you like, but you will have to update the code manually.)

Next, open login.php and logout.php. In both files, find the line which reads:
Code
require ("main.inc.php");

Directly beneath it, add the following:
Code
  // BEGIN CAPTCHA MOD <br />  header ("Expires: ".gmdate("D, d M Y H:i:s", time())." GMT"); <br />  header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); <br />  header ("Cache-Control: no-cache, must-revalidate"); <br />  header ("Pragma: no-cache"); <br />  if(!session_id()) session_start(); <br />  require ("$thispath/includes/captcha/captcha_func.php"); <br />  if ($_GET['new']) { <br />  	captcha_delete(); <br />  } <br />  if (!captcha_avail()) { <br />  	captcha_create(false, 4, 0, 0, false); <br />  } <br />  // END CAPTCHA MOD

Open start_page.php. Find the line which reads:
Code
$rememberme = get_input("rememberme","post");

Directly beneath this add:
Code
$Code = get_input("code","post");

Find the line which reads:
Code
$html -> do_login ($Cat,$Username,$Password,$rememberme);

Change it to:
Code
$html -> do_login ($Cat,$Username,$Password,$rememberme,$Code);

Open ubbt.inc.php. Find the part which reads:
Code
function do_login($Cat = "",$Username="",$Password="",$rememberme="") {

Change it to:
Code
function do_login($Cat = "",$Username="",$Password="",$rememberme="",$Code="") {

Find the part that reads:
Code
       if ( ($approved != "no") && ($approved != "yes") ) { <br />         $this -> not_right($ubbt_lang['UNVERIFIED'],$Cat); <br />       }

Directly beneath this, add:
Code
       // BEGIN CAPTCHA MOD <br />       if(!session_id()) session_start(); <br />  	   require ("$thispath/includes/captcha/captcha_func.php"); <br />  	   if (captcha_code() !=  $Code) { <br />  	   	 $this -> not_right("The security code you entered is incorrect.",$Cat); <br />       } else { <br />       	 captcha_delete(); <br />       } <br />       // END CAPTCHA MOD

Finally, open login.tmpl. Find the part which reads:
Code
{$ubbt_lang['PASSWORD_TEXT']}<br> <br /><input type="password" name="Loginpass" class="formboxes"> <br /><br> <br /><br>

Directly beneath this, add:
Code
<!-- BEGIN CAPTCHA MOD //--> <br />Your security code is:<br> <br /><img src="{$config['phpurl']}/includes/captcha/captcha_pic.php" alt="Security Code" border="1"> <br /><br> <br />Type in security code:<br> <br /><input type="text" name="code" value="" maxlength="4"><br> <br /><a href="$PHP_SELF?new=1">I can't read it!</a> <br /><br> <br /><br> <br /><!-- END CAPTCHA MOD //-->

That's all there is to it, the security code feature is now installed.

Hope some people find this useful!

-Y

Disclaimer: Please backup every file that you intend to modify.
If the modification modifies the database, it's a good idea to backup your database before doing so.

Note: If you modify your UBB.Threads code, you may be giving up your right for "official" support from Infopop.If you need official support, you'll need to restore unmodified files.
Attachments
116399-captchamod.zip (0 Bytes, 35 downloads)

Sponsored Links
Joined: Nov 2001
Posts: 10,369
I type Like navaho
I type Like navaho
Joined: Nov 2001
Posts: 10,369
Good work!
Thanks!

Joined: Mar 2004
Posts: 118
Journeyman
Journeyman
Offline
Joined: Mar 2004
Posts: 118
You want more?
Image verification


Kind regards,
PaNTerSan
Joined: Nov 2001
Posts: 134
Journeyman
Journeyman
Offline
Joined: Nov 2001
Posts: 134
Does this work on 6.5 ?

Joined: Oct 2002
Posts: 24
Newbie
Newbie
Offline
Joined: Oct 2002
Posts: 24
It should work fine in 6.5.x with small changes, but if you're thinking of using this mod you should know that I've updated it a bit. The biggest change is that now it only asks for a security code after 2 failed login attempts in a row. I also fixed some browser-specific bugs so I recommend you use this new version instead of the one above. Please download captchamod.zip attached to the first post in this thread, but then follow the instructions attached to this reply. Let me know if you have any problems.

-Y
Attachments
126693-captcha.txt (0 Bytes, 86 downloads)

Sponsored Links
Joined: Jan 2005
Posts: 39
User
User
Offline
Joined: Jan 2005
Posts: 39
This new captcha.txt makes mention of a ubbt_captcha.tmpl file. Where is it?

Joined: Oct 2002
Posts: 24
Newbie
Newbie
Offline
Joined: Oct 2002
Posts: 24
The contents of that file is at the bottom of the updated instructions.

Peace,

-Y

Joined: Dec 2000
Posts: 1,471
Addict
Addict
Offline
Joined: Dec 2000
Posts: 1,471
Thx for the update!


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)