Jump to content
MakeWebGames

[Verify Addon - TornCity Style


Spudinski

Recommended Posts

Long ago I sold this, but it needs pruning.

A very simply addon, can be used for MCCodes or any other game/website.

It was to replicate TornCity's captcha, so don't cure at me because of the similarities - it's meant to be so.

Screens

Stage 1

bed26ef2830168b059d904739204ccca57047c80590c1da50aac5de5cbcc58296g.jpg

Stage 2

f15524d8a670e6efecbb658994dbdb4154dfe645ee83346ab80101de78eac7506g.jpg

Config

86711a9ed0d2e9ed678b10ed162fa0f90fe785832778a04c739af74cf586ae0b6g.jpg

Download: http://www.mediafire.com/?7pwdn8965r7r398 (The manual is included)

All important license: http://creativecommons.org/licenses/by-sa/3.0/

Problems should be mailed to spudinski[]gmail.com

Discussion should be done in this thread.

Edited by Spudinski
  • Like 1
Link to comment
Share on other sites

I never understood captchas on gym and crime pages. I know they are put there to stop bots from being used, but in reality once you are on the gym/crime page you no longer have to enter it. I openly admit I once used a bot on the crime page of a game, and the bot could be used without ever leaving the page, rendering any captcha on entering useless.

Link to comment
Share on other sites

I never understood captchas on gym and crime pages. I know they are put there to stop bots from being used, but in reality once you are on the gym/crime page you no longer have to enter it. I openly admit I once used a bot on the crime page of a game, and the bot could be used without ever leaving the page, rendering any captcha on entering useless.

I get your point, but this was for a client once.

It could be used on the register page or login page, it was designed to replace MCCodes captcha system.

Also, that method won't work here. If I remember correctly, it resets every x minutes(specified by admin), rendering another captcha to bypass.

Captcha's are generally useless, many tools can bypass them. The hard part is creating an intelligent bot to do the work.

Link to comment
Share on other sites

A solution is to bring up a captcha on the page when a rand() number is hit, say when 1 is chosen between 1 and 100, so no matter whether or not the player leaves the gym, the rand function is always the first thing done on the page and when 1 is hit, the captcha is loaded, or any other number, the gym is loaded.

Link to comment
Share on other sites

No, rand() is random, it's not a range.

The script could produce any number from 1-100 with any execution. It doesn't guarantee a 1:100 chance.

 

Problems with deterministic generators

In practice, the output from many common PRNGs exhibit artifacts which cause them to fail statistical pattern detection tests. These include, but are certainly not limited to:

Shorter than expected periods for some seed states (such seed states may be called 'weak' in this context);

Lack of uniformity of distribution for large amounts of generated numbers;

Correlation of successive values;

Poor dimensional distribution of the output sequence;

The distances between where certain values occur are distributed differently from those in a random sequence distribution.

Pseudorandom number generator a.k.a the rand() function.

Link to comment
Share on other sites

A version of this is used on Zu.

On the crimes and gym page and it is as pointed out to stop bots from auto training and committing crimes. Its quite easy to create a macro or just install reload for Firefox and then just set it going and come back a few hours later to find you have committed 10k crimes.

Depends on your game setup really. On Zu there is rewards and exp gains for committing crimes. Certain places can only be accessed by having a 3000 crimes trophy for example. So do I want them using bots. Not really.

Counting clicks for training etc is also a good approach to it.

Link to comment
Share on other sites

WikiPedia // Mersenne Twister // Advantages // Section #3

It passes numerous tests for statistical randomness, including the Diehard tests. It passes most, but not all, of the even more stringent TestU01 Crush randomness tests.

rand() does not perform anywhere near as well as mt_rand() hence the obvious suggestion.

Looking at the source of ext/standard.c in the PHP sources, does unfortunately suggest a minor possible problem in that unseeded usage may become predictable in both rand() and mt_rand() cases with access to nothing more complex than a timer and the ability to determine the current process ID.

Preserving the state of the LCG across calls is probably beyond the capabilities of many here, and can certainly be considered over-engineering especially when one could equally generate a decent random seed by looking in the manual and however I still would not even consider rand() as a viable LCG.

There is some suggestion that mt_rand() is in itself predictable, and indeed it is - however I doubt that anyone has the resources necessary to store the lookup table needed or the cpu processing power necessary to compute the next number "on-the-fly". rand() however is in certain cases a lot simpler assuming the OS itself has not switched over to one of the heavier duty LCG algorithms.

mt_rand() would thus seem the ideal replacement as it provides a high degree of future-proofing not to mention a stable known algorithm that is free from operating system problems making it cross-platform, cross operating-system safe.

As for the use of captcha's themselves, I see absolutely no need. I actually consider it rather insulting in-game being asked to confirm that I am not a bot.

Link to comment
Share on other sites

I believe we were discussing in-game - or perhaps I misread the form topic. In game I've yet to discover a need for them - there are far better solutions.

Externally; I agree there is a case for them; although even again I don't consider it to be as strong as some people may think. I don't for example use a captcha for comments on my blog - there is no need. Software has been deployed which is capable of determining with a high degree of accuracy if a comment is spam or not.

Link to comment
Share on other sites

Well Ive heard of better solutions before but nobody ever comes forth with one that is 'actually' better.

That's because none of them are actually better, each have it's own set of features. Everybody uses the feature set most suited to their situation, and for what they are aiming to do.

Edited by Spudinski
grammer :(
Link to comment
Share on other sites

What I presume you mean is that in your limited observations; none of them is actually better, as clearly there are better solutions.

To ask a rhetorical question - why use them at all? With nothing to replace them - there is no set of features, there is no feature set most suited to their situation.

Link to comment
Share on other sites

What I presume you mean is that in your limited observations; none of them is actually better, as clearly there are better solutions.

To ask a rhetorical question - why use them at all? With nothing to replace them - there is no set of features, there is no feature set most suited to their situation.

The implication I'm trying to make, is between methods such as DNSBLs, CAPTCHAs and Spam filters.

Each of them serve a different purpose: if you were running a blog, then a spam filter would be much more beneficial to help block spam messages, than say a CAPTCHA system.

I weren't talking about the differences between products of the same type, which is what I think you assumed.

Link to comment
Share on other sites

From this captcha system, I can already see methods which it could be easily bypassed.

1) A script to read the image and get a number wouldn't be too hard to make for these captcha images due to the fact it super simplicity.

2) What if a script was made to keep entering whatever your range of values were until it resulted correct? From the looks of it, it's only 1-10, so what's to stop someone making a script to guess values from 1-10 untill correct? Is there a filter?

None of these would be hard to impliment to bypass this system if done by a more intermediate player on a game.

Link to comment
Share on other sites

WikiPedia // Mersenne Twister // Advantages // Section #3

As for the use of captcha's themselves, I see absolutely no need. I actually consider it rather insulting in-game being asked to confirm that I am not a bot.

I can understand where you're coming from, sorta like when you leave Wal-Mart and they check your receipt, it is insulting and accusatory...BUT, there are a lot of cheaters out there that will use automated programs to surpass the honest players without deserving it, so if you ask me it is the lesser of two evils. The validation is actually to protect the honest players from falling behind someone that doesn't deserve to get where they are.

And I have been looking for a validation just like this one for some time now with no luck, and just acquired one 2 days ago, though I don't think quite as good as this one, so I'm going to check it out. Thanks for posting it. ;)

 

From this captcha system, I can already see methods which it could be easily bypassed.

1) A script to read the image and get a number wouldn't be too hard to make for these captcha images due to the fact it super simplicity.

2) What if a script was made to keep entering whatever your range of values were until it resulted correct? From the looks of it, it's only 1-10, so what's to stop someone making a script to guess values from 1-10 untill correct? Is there a filter?

None of these would be hard to impliment to bypass this system if done by a more intermediate player on a game.

 

You could possibly add a field to the user table for so many tries, it wouldnt be foolproof but it would slow down the chances of that happening if you set it to say 5 tries, if they fail 5 times, auto-fed for a day or 2, or revoke privileges to that page for a day, or an hour etc.

Edited by Smokey
Link to comment
Share on other sites

  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...