Spudinski Posted August 26, 2011 Share Posted August 26, 2011 (edited) Long ago I sold this, but it needs pruning. A very simply addon, can be used for MCCodes or any other game/website. It was to replicate TornCity's captcha, so don't cure at me because of the similarities - it's meant to be so. Screens Stage 1 Stage 2 Config Download: http://www.mediafire.com/?7pwdn8965r7r398 (The manual is included) All important license: http://creativecommons.org/licenses/by-sa/3.0/ Problems should be mailed to spudinski[]gmail.com Discussion should be done in this thread. Edited August 26, 2011 by Spudinski 1 Quote Link to comment Share on other sites More sharing options...
Ben Nash Posted August 26, 2011 Share Posted August 26, 2011 How do you install it? Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 I added styling to my post, please re-read. Quote Link to comment Share on other sites More sharing options...
Ben Nash Posted August 26, 2011 Share Posted August 26, 2011 Okay, Thank you Quote Link to comment Share on other sites More sharing options...
bineye Posted August 26, 2011 Share Posted August 26, 2011 I never understood captchas on gym and crime pages. I know they are put there to stop bots from being used, but in reality once you are on the gym/crime page you no longer have to enter it. I openly admit I once used a bot on the crime page of a game, and the bot could be used without ever leaving the page, rendering any captcha on entering useless. Quote Link to comment Share on other sites More sharing options...
Lithium Posted August 26, 2011 Share Posted August 26, 2011 @bineye: Quite not, as the captcha tends to show every X minutes, so preventing a bot to keep training or doing crimes. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 I never understood captchas on gym and crime pages. I know they are put there to stop bots from being used, but in reality once you are on the gym/crime page you no longer have to enter it. I openly admit I once used a bot on the crime page of a game, and the bot could be used without ever leaving the page, rendering any captcha on entering useless. I get your point, but this was for a client once. It could be used on the register page or login page, it was designed to replace MCCodes captcha system. Also, that method won't work here. If I remember correctly, it resets every x minutes(specified by admin), rendering another captcha to bypass. Captcha's are generally useless, many tools can bypass them. The hard part is creating an intelligent bot to do the work. Quote Link to comment Share on other sites More sharing options...
bineye Posted August 26, 2011 Share Posted August 26, 2011 A solution is to bring up a captcha on the page when a rand() number is hit, say when 1 is chosen between 1 and 100, so no matter whether or not the player leaves the gym, the rand function is always the first thing done on the page and when 1 is hit, the captcha is loaded, or any other number, the gym is loaded. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 The probability of actually hitting one is to low. I don't have statistics, so I can't work out exactly, but is something like 1:1000 ratio. This solution is viable. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 No, rand() is random, it's not a range. The script could produce any number from 1-100 with any execution. It doesn't guarantee a 1:100 chance. Problems with deterministic generators In practice, the output from many common PRNGs exhibit artifacts which cause them to fail statistical pattern detection tests. These include, but are certainly not limited to: Shorter than expected periods for some seed states (such seed states may be called 'weak' in this context); Lack of uniformity of distribution for large amounts of generated numbers; Correlation of successive values; Poor dimensional distribution of the output sequence; The distances between where certain values occur are distributed differently from those in a random sequence distribution. Pseudorandom number generator a.k.a the rand() function. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 26, 2011 Share Posted August 26, 2011 A version of this is used on Zu. On the crimes and gym page and it is as pointed out to stop bots from auto training and committing crimes. Its quite easy to create a macro or just install reload for Firefox and then just set it going and come back a few hours later to find you have committed 10k crimes. Depends on your game setup really. On Zu there is rewards and exp gains for committing crimes. Certain places can only be accessed by having a 3000 crimes trophy for example. So do I want them using bots. Not really. Counting clicks for training etc is also a good approach to it. Quote Link to comment Share on other sites More sharing options...
Anonymous Posted August 26, 2011 Share Posted August 26, 2011 WikiPedia // Mersenne Twister // Advantages // Section #3 It passes numerous tests for statistical randomness, including the Diehard tests. It passes most, but not all, of the even more stringent TestU01 Crush randomness tests. rand() does not perform anywhere near as well as mt_rand() hence the obvious suggestion. Looking at the source of ext/standard.c in the PHP sources, does unfortunately suggest a minor possible problem in that unseeded usage may become predictable in both rand() and mt_rand() cases with access to nothing more complex than a timer and the ability to determine the current process ID. Preserving the state of the LCG across calls is probably beyond the capabilities of many here, and can certainly be considered over-engineering especially when one could equally generate a decent random seed by looking in the manual and however I still would not even consider rand() as a viable LCG. There is some suggestion that mt_rand() is in itself predictable, and indeed it is - however I doubt that anyone has the resources necessary to store the lookup table needed or the cpu processing power necessary to compute the next number "on-the-fly". rand() however is in certain cases a lot simpler assuming the OS itself has not switched over to one of the heavier duty LCG algorithms. mt_rand() would thus seem the ideal replacement as it provides a high degree of future-proofing not to mention a stable known algorithm that is free from operating system problems making it cross-platform, cross operating-system safe. As for the use of captcha's themselves, I see absolutely no need. I actually consider it rather insulting in-game being asked to confirm that I am not a bot. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 26, 2011 Share Posted August 26, 2011 Do you also consider the same on contact forms etc I know some people consider all forms of captcha to be insulting....however they serve a purpose where required and if you feel that its required then so be it. If you get insulted by it then you need to get out more! Quote Link to comment Share on other sites More sharing options...
Anonymous Posted August 26, 2011 Share Posted August 26, 2011 I believe we were discussing in-game - or perhaps I misread the form topic. In game I've yet to discover a need for them - there are far better solutions. Externally; I agree there is a case for them; although even again I don't consider it to be as strong as some people may think. I don't for example use a captcha for comments on my blog - there is no need. Software has been deployed which is capable of determining with a high degree of accuracy if a comment is spam or not. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 26, 2011 Share Posted August 26, 2011 Well Ive heard of better solutions before but nobody ever comes forth with one that is 'actually' better. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 (edited) Well Ive heard of better solutions before but nobody ever comes forth with one that is 'actually' better. That's because none of them are actually better, each have it's own set of features. Everybody uses the feature set most suited to their situation, and for what they are aiming to do. Edited August 26, 2011 by Spudinski grammer :( Quote Link to comment Share on other sites More sharing options...
Anonymous Posted August 26, 2011 Share Posted August 26, 2011 What I presume you mean is that in your limited observations; none of them is actually better, as clearly there are better solutions. To ask a rhetorical question - why use them at all? With nothing to replace them - there is no set of features, there is no feature set most suited to their situation. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 26, 2011 Author Share Posted August 26, 2011 What I presume you mean is that in your limited observations; none of them is actually better, as clearly there are better solutions. To ask a rhetorical question - why use them at all? With nothing to replace them - there is no set of features, there is no feature set most suited to their situation. The implication I'm trying to make, is between methods such as DNSBLs, CAPTCHAs and Spam filters. Each of them serve a different purpose: if you were running a blog, then a spam filter would be much more beneficial to help block spam messages, than say a CAPTCHA system. I weren't talking about the differences between products of the same type, which is what I think you assumed. Quote Link to comment Share on other sites More sharing options...
Kieran-R Posted August 26, 2011 Share Posted August 26, 2011 From this captcha system, I can already see methods which it could be easily bypassed. 1) A script to read the image and get a number wouldn't be too hard to make for these captcha images due to the fact it super simplicity. 2) What if a script was made to keep entering whatever your range of values were until it resulted correct? From the looks of it, it's only 1-10, so what's to stop someone making a script to guess values from 1-10 untill correct? Is there a filter? None of these would be hard to impliment to bypass this system if done by a more intermediate player on a game. Quote Link to comment Share on other sites More sharing options...
Smokey Posted August 27, 2011 Share Posted August 27, 2011 (edited) WikiPedia // Mersenne Twister // Advantages // Section #3 As for the use of captcha's themselves, I see absolutely no need. I actually consider it rather insulting in-game being asked to confirm that I am not a bot. I can understand where you're coming from, sorta like when you leave Wal-Mart and they check your receipt, it is insulting and accusatory...BUT, there are a lot of cheaters out there that will use automated programs to surpass the honest players without deserving it, so if you ask me it is the lesser of two evils. The validation is actually to protect the honest players from falling behind someone that doesn't deserve to get where they are. And I have been looking for a validation just like this one for some time now with no luck, and just acquired one 2 days ago, though I don't think quite as good as this one, so I'm going to check it out. Thanks for posting it. ;) From this captcha system, I can already see methods which it could be easily bypassed. 1) A script to read the image and get a number wouldn't be too hard to make for these captcha images due to the fact it super simplicity. 2) What if a script was made to keep entering whatever your range of values were until it resulted correct? From the looks of it, it's only 1-10, so what's to stop someone making a script to guess values from 1-10 untill correct? Is there a filter? None of these would be hard to impliment to bypass this system if done by a more intermediate player on a game. You could possibly add a field to the user table for so many tries, it wouldnt be foolproof but it would slow down the chances of that happening if you set it to say 5 tries, if they fail 5 times, auto-fed for a day or 2, or revoke privileges to that page for a day, or an hour etc. Edited August 27, 2011 by Smokey Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 27, 2011 Author Share Posted August 27, 2011 I can't believe I forget about that. But anyways, it quite easy to setup a session to do it. I agree, there are methods to bypass these. But it's a possible counterpart to bots. Quote Link to comment Share on other sites More sharing options...
WarMad Posted April 30, 2016 Share Posted April 30, 2016 is there a way to get this to work on v1? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 30, 2016 Share Posted April 30, 2016 what is the problem you are having? Quote Link to comment Share on other sites More sharing options...
WarMad Posted April 30, 2016 Share Posted April 30, 2016 its not showing an error but its not coming up when i go to the gym or crimes it just lets me train/commit crimes Quote Link to comment Share on other sites More sharing options...
WarMad Posted May 2, 2016 Share Posted May 2, 2016 No error or anything just doesn't redirect me to it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.