Hi,
I've made a guest VP with the possibility for a guest to create a account in my Aware system.
This is easy to do, but I do not want that someone tries to create fake accounts with scripts or something like that.
So actually I need a Captcha or something like that to prevent this.
Is there a way to make this possible (a captcha or another smart solution)??
Including a Captcha or other solution
Including a Captcha or other solution
Using 8.7 Professional 3025 on MySQL/Windows
-
aware_support
- Posts: 7526
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Yes I know, but thats a captcha for logging in and to prevent brute force attacks.
I want to use a captcha in the 'create guest user' proces. Creating an guest account can be done easily, but you cannot integrate a captcha there.
So a robot can create guest users and pump your database full of fake users.
I want to use a captcha in the 'create guest user' proces. Creating an guest account can be done easily, but you cannot integrate a captcha there.
So a robot can create guest users and pump your database full of fake users.
Using 8.7 Professional 3025 on MySQL/Windows
Thanks for your answer Powerm.
Do you have an example of the No Captcha in and AwareIM form?
I do not think approving manually is the way to go. Of course you must do that with 'normal new users', but if a script kiddy attacks your site and he creates thousands of fake users and I don think that approving manually is a good solution then.
Do you have an example of the No Captcha in and AwareIM form?
I do not think approving manually is the way to go. Of course you must do that with 'normal new users', but if a script kiddy attacks your site and he creates thousands of fake users and I don think that approving manually is a good solution then.
Using 8.7 Professional 3025 on MySQL/Windows
You can use the "logon_captcha.html" available on Tomcat/AwareIM folder as a start to build your No Captcha API.
In some of my SEO applications I use DeathByCapcha to create links and I can say capcha's can be by bypassed easily, for now No Captcha is still resisting.
There are a lot of bots around so you'll have to manually approve new users or implement a phone verification system which is much safer ( SMS activation has been already cracked....)
In some of my SEO applications I use DeathByCapcha to create links and I can say capcha's can be by bypassed easily, for now No Captcha is still resisting.
There are a lot of bots around so you'll have to manually approve new users or implement a phone verification system which is much safer ( SMS activation has been already cracked....)
Independent Developer
I've implemented the new (more userfriendly) Nocaptcha from Google.
You don not have to solve difficult texts aso, so this is better (I think) than the 'old' Recaptcha which is already in AwareIM.
More information: https://developers.google.com/recaptcha/docs/display
Captchas work from two sides: one on the client (which show that captcha) and one validation (to validate the users input) on the server side. I've found and modified a Java class, bu cannot get it to work.
This Java class should be compiled and put into the \AwareIM\Tomcat\work\Catalina\localhost\AwareIM\org\apache\jsp folder.
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.google.gson.Gson;
public class HandleRecaptcha extends HttpServlet {
private static final long serialVersionUID = 1L;
private String secretParameter="MY_SECRET_KEY";
public HandleRecaptcha() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Get input parameter values (form data)
String name = request.getParameter("name");
String email = request.getParameter("email");
String recap = request.getParameter("g-recaptcha-response");
// Send get request to Google reCaptcha server with secret key
URL url = new URL("https://www.google.com/recaptcha/api/si ... moteAddr());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
String line, outputString = "";
BufferedReader reader = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
while ((line = reader.readLine()) != null) {
outputString += line;
}
System.out.println(outputString);
// Convert response into Object
CaptchaResponse capRes = new Gson().fromJson(outputString, CaptchaResponse.class);
request.setAttribute("name", name);
request.setAttribute("email", email);
// Verify whether the input from Human or Robot
if(capRes.isSuccess()) {
// Input by Human
request.setAttribute("verified", "true");
} else {
// Input by Robot
request.setAttribute("verified", "false");
}
request.getRequestDispatcher("/response.jsp").forward(request, response);
}
}
My problem is that this does not compile. The Javac compile fails on the import com.google.gson.Gson; part
I'm not a Java programmer, so I'm stuck now. Is there somebody who can pick this up and get it to work??
You don not have to solve difficult texts aso, so this is better (I think) than the 'old' Recaptcha which is already in AwareIM.
More information: https://developers.google.com/recaptcha/docs/display
Captchas work from two sides: one on the client (which show that captcha) and one validation (to validate the users input) on the server side. I've found and modified a Java class, bu cannot get it to work.
This Java class should be compiled and put into the \AwareIM\Tomcat\work\Catalina\localhost\AwareIM\org\apache\jsp folder.
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.google.gson.Gson;
public class HandleRecaptcha extends HttpServlet {
private static final long serialVersionUID = 1L;
private String secretParameter="MY_SECRET_KEY";
public HandleRecaptcha() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Get input parameter values (form data)
String name = request.getParameter("name");
String email = request.getParameter("email");
String recap = request.getParameter("g-recaptcha-response");
// Send get request to Google reCaptcha server with secret key
URL url = new URL("https://www.google.com/recaptcha/api/si ... moteAddr());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
String line, outputString = "";
BufferedReader reader = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
while ((line = reader.readLine()) != null) {
outputString += line;
}
System.out.println(outputString);
// Convert response into Object
CaptchaResponse capRes = new Gson().fromJson(outputString, CaptchaResponse.class);
request.setAttribute("name", name);
request.setAttribute("email", email);
// Verify whether the input from Human or Robot
if(capRes.isSuccess()) {
// Input by Human
request.setAttribute("verified", "true");
} else {
// Input by Robot
request.setAttribute("verified", "false");
}
request.getRequestDispatcher("/response.jsp").forward(request, response);
}
}
My problem is that this does not compile. The Javac compile fails on the import com.google.gson.Gson; part
I'm not a Java programmer, so I'm stuck now. Is there somebody who can pick this up and get it to work??
Using 8.7 Professional 3025 on MySQL/Windows
Robleer,
Download gson-2.3.1.jar from
http://search.maven.org/#artifactdetail ... |2.3.1|jar
and add it to your classpath when compiling your java code. That should get you past your compile issue.
You probably will also have to put the jar file in C:\AwareIM\Tomcat\lib
Good luck
Download gson-2.3.1.jar from
http://search.maven.org/#artifactdetail ... |2.3.1|jar
and add it to your classpath when compiling your java code. That should get you past your compile issue.
You probably will also have to put the jar file in C:\AwareIM\Tomcat\lib
Good luck
Bob
that link is a little messed up.
find it here:
http://search.maven.org/remotecontent?f ... -2.3.1.jar
find it here:
http://search.maven.org/remotecontent?f ... -2.3.1.jar