Had issues to register.

[raymors]

Hi,

had some issues to register, the page:
ucp.php?mode=register
would not get me past to the next page.

I had to manipulate the parameters of the URL using Paros to get through. This may stop other users from entering as well.

I use Firefox 3.

Kind regards,

Raymond.

[Steve]

Tnks Raymond,


Valerio (forum admin)... what do you say about?

[Val3r10]

Sorry for that, but as we had a lot of bot spam, we had to use a dirthy trick: a simple javascript code (a math evaluation formula) to avoid automated submission of new registrations.

You should enable javascript temporary basis for only that page and this should solve the issue.
Btw, if you can read this, you finally did manage

Apologize for that, but the phpbb native captcha isn't so strong to fight bots

Thanks for understanding

Valerio.

[corvonero]

Sorry to insist, but the forum bug is here.

The onclick (or was it onsubmit?) does not get executed before the form submission.
I had to manually change the result value of iamabot (recalling from memory...)
Firebug was helpful just once more!

M.

[Val3r10]

Thank you for reporting.

Sorry but I don't understand your point.
There's a javascript arithmetic operation within the onclick trigger in the registration form.
This is only to avoid spam/bot authomatic registration (bot doesn't know how to evaluate such semaphore..)

That's why you DO NEED to have js enabled only for that page, as clearly stated in the end user agreement.

What exactly didn't work with you ?

Valerio.

[corvonero]

That is totally true, the point is that in certain browser (firefox 3.5 and explorer 8!) it does not get triggered at all times.

Put it the way you like, but I had to manually change the value, unless it wouldn't let me thru, and I had javascript ON!

[Val3r10]

Thanks for your feedback & support.
As a matter of facts, you aren't the first person reporting such problems with Firefox, but unfortunately there isn't a strong/effective way to avoid the bot spam for phpBB yet.

We tried that javascript math trigger, but probably I could find out something cleaner and wide open.
I'm lookin at as soon as have enough time.

Thank you again

Valerio.


PS: I'm an OWASPer... and usually use WebScarab to tamper POSTs

[corvonero]

Thanks for your feedback & support.
As a matter of facts, you aren't the first person reporting such problems with Firefox, but unfortunately there isn't a strong/effective way to avoid the bot spam for phpBB yet.

[snip]

Sorry, but the point is not firefox. Your JavaScript is just simply incorrect.
Referencing a global element must be done via document.getElementById() and not with a direct call to the id itself. This is just a shortcut that is made available by few (non correct) browsers.

If you want to keep the JS check, you can use the following code:

Code: Select all

<input type="hidden" name="imabot" value="1" id="myImabot"/>
<input type="submit" onclick="document.getElementById('myImabot').value = 0-document.getElementById('myImabot').value;" class="button1" value="I agree to these terms" id="agreed" name="iagree"/>

This is possibly more crossbrowser and certainly DOM compliant.

Thank you for your time

[Val3r10]

Thanks for any hint, but we preferred to use a server-side anti-spam customization.
It's much more standard and secure, as the client code could always be tampered. You know.

Hopefully, MD5 hashing & guessing isn't too hard to forensers !
Thank you again

V.