I was getting sick of all the comment spam, so yet more WP goodness for you:
Download: WP AuthImage Hack (v3.0) here.
See Comment #215 below for instructions on using version 2.1.1 of this plugin without the FreeType extension.
New in version 3.0: Last night I found this site which seems to indicate that the default image generated by AuthImage was way too easy to crack; I’m not really all that surprised. A little looking around and I found a great, free PHP class package called VeriWord, which does a hell of a lot better job than I did in generating a random image — perhaps too good. I’ve sorta sloppily incorporated the VeriWord code into AuthImage, and judging by what I see so far, it should take quite some time for PWNtcha to crack it.
Unfortunately though, I’ve gotten rid of the text version of AuthImage in this version. If you still want to use the phonetic text version, it still works in version 2.1.1.
Make SURE you read the new README if you’re interested in installing this new version. You can see the new image at the bottom of this page
Special thanks to Marcus Welz for his work on using session variables and other tweaks!
This hack (NOT plugin) plugin displays an image with some random text that the commenter has to enter in order for their comment to go through. This should cut down on any bots out there from spamming your comments area and perhaps remove the need for comment moderation.
NOTE: This version now includes the ability to generate phonetic-English text if you don’t want to (or can’t) create an image. See the README for details.
NOTE: Another option to consider is possibly utilizing the Drupal Captcha image option. Does anyone think it’s better than Veriword? Let me know and maybe I’ll consider either adding an option to use it or change to it completely. Personally I think what I have now is fine.
WordPress Hack: AuthImage
This plugin will add an image with random text the visitor leaving a comment must enter to be validated. If you are being hit with comment spam and have tried some of the other options this is a sound technique, although it does add an additional step…
Trackback by Blogging Pro - Blog News, Tools and Hacks — June 7, 2004 @ 2:45 pm
Hi there!
I’ve tried to download WP AuthImage Hack (v1.1) but it keeps asking me authentication to be able to download it. I use download Accelerator for downloading. What am i supposed to do?
Comment by aline — June 20, 2004 @ 8:03 pm
It’s a Unix gzip’ed tar file, which I believe should open in WinZip, but I haven’t tested the code on Windows. Perhaps if you try downloading without the accelerator?
Comment by Gudlyf — June 20, 2004 @ 9:53 pm
OK, I just put a new version up, but this time I zipped the file. Click the new link above for version 1.2 and see if that downloads.
Comment by Gudlyf — June 20, 2004 @ 10:15 pm
I tried your hack but got the error message ‘imagettftext undefined function’. This was because the Freetype library was not installed. (Which is not uncommon I understand). So I have hacked the hack and have posted a workaround below. You cannot use TrueType fonts however, you must use Bitmap Fonts. I have found a site where you can download some:
BitMap Fonts
The ‘dimurph.gdf’ font is similar to the one used here.
Here is the hacked hack:
function createCodeImage() {
global $tmp_code_loc, $tmp_code_prefix;
$tmp_code_loc = getcwd() . $tmp_code_loc;
$font = imageloadfont('dimurph.gdf');
$tmpfname = tempnam($tmp_code_loc, $tmp_code_prefix);
$code = substr($tmpfname, (strlen($tmp_code_loc) + strlen($tmp_code_prefix)), 6);
$im = @imageCreate(140, 30) or die("Cannot Initialize new GD image stream");
$background_color = imageColorAllocate($im, 170, 170, 170);
$text_color = imageColorAllocate($im, 0x00, 0x00, 0x00);
imagestring($im, $font, 5, 3, $code, $text_color);
// ImageTTFText($im, 20, 0, 4, 20, $text_color, $font, $code);
ImageJPEG($im, $tmpfname);
$temp = fopen($tmpfname,"rb");
$buffer = fread($temp,filesize($tmpfname));
fclose($temp);
// Now zero-length the file. No need for its content anymore.
$temp = fopen($tmpfname,"w");
fwrite($temp, NULL);
fclose($temp);
// Now chmod it so it can be deleted later by the user
chmod($tmpfname, 0666);
header("Content-type: image/jpeg");
echo $buffer;
}
Comment by Trev — July 19, 2004 @ 4:12 pm
Captcha
Thanks to this plugin, I’m now able to cut down on the amount of comment spam I have to moderate. Only recently (presumably with an increase in traffic thanks to my affiliation with the Spread Firefox project and my own authorship of a couple of appar…
Trackback by Two Ells — September 23, 2004 @ 3:47 pm
Hiya. So glad I found this, will save me lots of time and headaches. However, I seem to have installed everything properly, and it seems to be working, but the code image is not showing. It is displaying a broken image icon. Please advise.
Thanks!
Comment by jonathan — September 23, 2004 @ 5:26 pm
Ok. got the image to show up (had to adjust the path for the tmp location). But even when I enter the code correctly (I’ve checked against the files created in /tmp) it gives me the incorrect error code. Is it not including the prefix part of the code?
We’ll get this working yet!
Comment by jonathan — September 23, 2004 @ 6:26 pm
Blog spam: solved
I solved the blog spam problem with the following trick: I simply added a [[CAPTCHA]] to the comment dialog. This was inspired by Kristian Koehntopp’s Serendipity advocacy, and fortunately, there’s a CAPTCHA system available for WordPress. You can fi…
Trackback by AK's weblog — September 24, 2004 @ 4:46 pm
Comments Spam
I’ve been getting a lot of comments spam in the past few days trying to improve the pagerank of some online pharmacy. Firewall rules haven’t been that effective, since these appear to be sent by robots running on zombied machines across a number of …
Trackback by CJC.org — September 29, 2004 @ 2:24 pm
Captcha Hack(ing)
I recently installed a
anyway, had any real spam trouble. But then I have had all comments requiring my moderation!
AuthImage captcha for this site. I’ve not, so far
I saw this neat little feature when I was searching for some other lon…
Trackback by clurrcache online — October 5, 2004 @ 3:45 pm
I use Wordpress 1.3 beta and it seems it works great at the commens. But I tested trackbacking from other blogs - and now the TBs of this blog will not more be shown. What can I do??? Thank you so much!
Comment by Herbert — October 6, 2004 @ 10:34 pm
You can view my site to see the error, but I believe it has something to do with this line:
Fatal error: Call to undefined function: _e() in /home/mintruth/public_html/blog/wp-comments.php on line 69
Comment by John Lamar — October 7, 2004 @ 7:25 am
The user above is using WP 1.0.1, which I’m not supporting. He was able to fix the problem it seems:
Comment by Gudlyf — October 8, 2004 @ 1:50 pm
As you can see just from the comments on this page, trackbacks work fine and don’t require the auth code, of course. If this ever becomes a problem later for spam, then I’ll see about addressing it.
Comment by Gudlyf — October 8, 2004 @ 1:52 pm
Spammage = popularity?
Well, I got my first blog comment spam. I guess that means someone somewhere is reading this, which is kinda cool I guess. I’ve found a few WordPress plugins and patches that will prevent the spam which I’ll add at some point in the next few days -…
Trackback by cliffrowley :: blog — October 22, 2004 @ 4:58 am
Spam
Well that is really surprising: the language of this blog has been German for almost 3 months and the very first day I write in English my blog gets spamed.
Looks like I am going to use a captcha which I’ll implement as soon as posible.
Trackback by Chris|Weblog — October 22, 2004 @ 2:21 pm
I’m not getting any errors, but the image isn’t showing up. Just a broken icon. i visit the authimage.php script and it doesn’t report an error. Just does nothing.
What are the minimum requirements for this to work (version, php modules, etc)?
Comment by AxsDeny — October 23, 2004 @ 7:17 pm
I’ve got a problem getting this hack to work, when I open authimage.php directly i get a white page, and when I go to a comment page I see a broken image with an X. I have freetype installed, and did everything as it should be and gajillion other variations just in case, and still nothing
Comment by zaguben — October 23, 2004 @ 9:53 pm
The font generation requires both the GD library and the FreeType library. You can check what modules your PHP has loaded by running ‘php -m’ or by creating a simple php page to show module info with the following line:
phpinfo(INFO_MODULES);
Comment by Gudlyf — October 23, 2004 @ 10:45 pm
ok, the 2nd time around reinstalling apache worked. Awesome hack, thank you for making it
Comment by zaguben — October 24, 2004 @ 3:58 am
Comment Spam
Wow. I haven’t even really got the site up…just testing the blog and I already had over a dozen comment spam posts.
So, I went out looking for some possible solutions to comment spam in WordPress. The WordPress Wiki has a How to combat comment …
Trackback by ushimitsudoki — October 25, 2004 @ 9:12 pm
Thank you for a very nice hack! I got it working with WordPress 1.0.2 after some extra hacks of the hack, but it is rather straight forward - see my site for the details.
Comment by MartinG — October 28, 2004 @ 12:12 pm
I love you! This hack is absolutely amazing, thank you so much. This should come as standard in WP 1.3!
Comment by Cheeks — October 29, 2004 @ 7:59 am
This is great! I’ve had tons of those poker spam comments over the last week or so, and it’s been so annoying. With this I hope it will stop!
Thanks for all the great work!
Comment by Magnus Nystedt — October 29, 2004 @ 8:44 am
Great plugin and with the recent push in lamer spamming (I’m glaring in your direction, Mr. Texas Hold ‘Em Viagara), it will be very popular.
One issue I had getting this to work (maybe will help someone else), I had forgotten to CHMOD my tmp directory to 777 (was 755), so the auth.img seemed to generate but no text visible. (i.e. I didn’t get a broken img icon)
Fixed the permissions, works great. Thanks for sharing this.
Comment by Keely Weston — October 29, 2004 @ 9:15 am
Upgrade plus improvement
Upgraded to WP 1.2. That seems to have gone very smoothly indeed. My response was “that’s it? How simple!”
But I also noticed my first comment spam today
.
So to deal with that, I’ve required an entry for name and email address, and ins…
Trackback by Mountebank — October 29, 2004 @ 10:31 am
thanks for the code.
Comment by David Krug — October 30, 2004 @ 1:01 am
Nun aber …
Nachdem mein Provider seine Serverprobleme alle behoben hat, hab ich die Blogsoftware zwar eigentlich umsonst umgestellt, aber da ich mich nun in den letzten Tagen so schön in Wordpress eingearbeitet habe, werde ich nun endgültig umsteigen. Mein einzi…
Trackback by LANtastic's — October 31, 2004 @ 9:55 am
Friend of a friend hooked me up with your plugin. I was starting to get hit hard with spammers, but now nothing after I installed your plugin, and was easy to do too.
Thanks, mate.
Foton
Comment by Foton — October 31, 2004 @ 7:56 pm
thanks for the hack! I just implemented it and I had to make a change to the definition of the $font var in createCodeImage(). I included the path to the ttf file and it started to work. prior to that change I was getting a blank grey box. Now let’s see if that Poker Playing-v selling reject get in…
Comment by MichaelE — October 31, 2004 @ 8:18 pm
I got this hack to work right away. Great job! I hope like hell this stops that poker spam going around. btw … i got the blank gray box at first too but simply changing the tmp folder to 777 worked to fix the prob.
Comment by myke — October 31, 2004 @ 9:36 pm
Great hack! It worked perfectly for me. If I may make a humble recommendation… can you code it so that it never turns up a “1″ or an “l”? Those characters just look too similar in that font.
Comment by Joe — October 31, 2004 @ 10:21 pm
WordPress Hack: AuthImage
AuthImage is een hack die moet voorkomen dat de wordpress logs gek gespammed worden door comment bots. (voor de non techniekers, dat betekent een honderdtal of meer comments die leiden naar met name viagra of pills of online casino’s.)
Nu is dat heel…
Trackback by Swapdepths — November 1, 2004 @ 10:12 am
For right now the font will have to include “1″ and “l”. I’m sort-of working on a neat addition to this that may help some of the issues people have had with fonts.
Comment by Gudlyf — November 1, 2004 @ 10:17 am
Well (if you read dutch see the trackback ) else…
Thanx for this hack. I had it build in in the 1.3 alpha 4 version and it works like charm. Had to catch the $code first , so when you see a image and no code there could be 2 things.
1: the chmods for your tmp dir are not correct
2: the $code needs to be catched as
$_POST['code'];Comment by Folkert — November 1, 2004 @ 11:34 am
I just installed this hack on my wordpress site and am having a slight problem. I always get: “Error: Invalid authorization code” even if I enter the correct code. Thanks!
Comment by scott — November 1, 2004 @ 5:08 pm
hmm.. I’d almost want to opt for the random GD images - like a dang puzzle for this one… the “aych” threw me off for a sec… lol.. nice hack tho.
Comment by ryno — November 1, 2004 @ 8:11 pm
scott — Are the tmp files being created?
Comment by Gudlyf — November 1, 2004 @ 9:34 pm
Yes, I have amassed a collection of temp files.
Comment by scott — November 1, 2004 @ 10:52 pm
scott — Hrm, that is a strange problem. Do you see the temp file with the code in question there? What are the permissions on the tmp directory you’re using? The permissions probably don’t matter, since if it can be written to it can be read from.
Comment by Gudlyf — November 2, 2004 @ 10:08 am
I see the temp files but now that I look at them, they all have a size of 0. The files are being created but nothing is being written.
Comment by scott — November 2, 2004 @ 11:50 pm
They should have zero-length — the code does that.
For some reason the code checking is not reading the temp filenames, which is where it gets the code from (it’s the last 6 characters of the filename). I’m not sure right now what else for you to try.
Comment by Gudlyf — November 3, 2004 @ 12:13 am
Thanks for creating this; it works great, although I had to tweak it a bit to make it work on my Apache/Win2k server (plus I changed how it works a bit):
- I had to use a bitmap font (opposed to a TrueType, even though I have the GB and FreeType libraries installed).
- I use a random length string (instead of a fixed length, say 6).
- In Win2k, the tempnam php function tacks on “.tmp” when it creates a file. Instead, I use the ImageJPEG function which creates the temporary file from the random string.
- Removed code from createCodeImage function that isn’t required for Windows.
I’m thinking of using a random font for the image, too.
Since installing it no spam comments have appeared.
Comment by Jody Cairns — November 3, 2004 @ 8:54 am
As mentioned in comment #44, if anyone sees that the font I used isn’t adequate or the code length isn’t adequate or random enough, let me know and I’ll make alterations to the code to randomize the font and randomize the code length. I really doubt it’s needed unless someone, somehow, writes a bot that can do text recognition and read the code. Really a better idea will be to alternate the background image from the default grey to perhaps a striped background.
Comment by Gudlyf — November 3, 2004 @ 12:13 pm
I just installed your great hack. The problem is, i just have the same problems as Scott. The Image is shown, I type in the code correctly and it tells me, that the code is wrong.
Comment by Waldorf — November 3, 2004 @ 4:33 pm
For the people saying they’re getting the “wrong code” problem, please try downloading the latest version of AuthImage here and follow the directions in the README. Especially note that the function names are different now. My guess is that you may be using an old version of the scripts and copied the info in the README incorrectly.
Comment by Gudlyf — November 3, 2004 @ 4:48 pm
Hey, thanks for the help, but I followed the instructions exactly (and used the latest version) and I still get the same problem.
Comment by Scott — November 3, 2004 @ 8:20 pm
This is a great hack. I think it should be inplemented into the WP core. Great Job!!!
Comment by Richard — November 4, 2004 @ 5:00 pm
AuthImage
Well I’ve found my solution. People will now be required to add in a small randomly generated code - sorry for the extra step but I was getting about 200 comments an hour!
Trackback by W. Andrew Loe III — November 4, 2004 @ 9:19 pm
Scott,
Are you installing this hack with your root directory different from your wordpress directory? I had some similar problems with this hack and ended up needing to put in symlinks for my my-hacks.php file and my tmp directory. After that, things seemed to work alright. Just a though.
Comment by Chris — November 5, 2004 @ 9:57 am
Yes, my root directory is different from my wordpress directory; I’ve tried symlinking everything so that they are accessible from all locations but it still hasn’t worked
Comment by scott — November 5, 2004 @ 2:30 pm
now it keeps telling me i need to re-enter the code even though i type the right code in the box
Comment by Anonymous — November 5, 2004 @ 8:24 pm
I dont know how to install this thing…I am very new to all this and am really an idiot still…help would be appreciated. I have it downloaded but now what???
Comment by jsrdrnr — November 6, 2004 @ 12:52 pm
Thanks a lot for the hack! I got it working, using comment #5’s code, but the image quality is not so great…
I was wondering if along with this hack we should also setup a cron job which would delete all the temp files periodically, depending on the site’s traffic.
Comment by Gaurav — November 6, 2004 @ 2:10 pm
There are instructions in the README for what to add to your crontab. Like I mentioned in the post above, I’d recode AuthImage to use cookies instead of temp files if people thought that would work better.
Comment by Gudlyf — November 6, 2004 @ 2:25 pm
I agree with many of the comments so far. This looks like a brilliant hack that MUST be integrated into the core development of WordPress. Does the core team know of it’s existence? Please let them know if they are blind to it ;-). The quicker we get this into the core development, the better for all of us WordPress users.
SPAMMERS you are on notice. There are smart people working to protect us. Thanks guys.
Comment by John Thomson — November 6, 2004 @ 4:32 pm
I believe the WP folks know about it from one of the mailing lists (thread here). They seem to think it should remain seperate and as a choice for users, although they seem to think it’s a simple plugin that can be turned on/off easily (when it’s in fact a hack that has to be coded in).
Comment by Gudlyf — November 6, 2004 @ 4:45 pm
I keep getting an error that spells out the code on my blog, and on this one when I hit Say It! just now
Any idea what might be causing this?
Comment by Anonymous — November 6, 2004 @ 5:40 pm
You got the error on this blog?
Comment by Gudlyf — November 6, 2004 @ 5:46 pm
yes came up just once when I went back and hit refresh it let me post
Comment by Anonymous — November 6, 2004 @ 5:53 pm
test
Comment by Kyle — November 6, 2004 @ 9:24 pm
The Final Solution hopefuly
Recently I’ve been getting spammed. Some asshole up ther in spamland decided that emailing people junk mail was okay. Then, when that failed, he decided to hire a bunch of code monkeys to code something to write posts in a effort to boost up their pag…
Trackback by Crazysim's Blog — November 6, 2004 @ 11:26 pm
Hi, Great hack, but im getting this errot
“Fatal error: Call to undefined function: showaialttext() in /home/co7784/public_html/beta/weblog/wp-comments-post.php on line 50″
http://www.7784.co.uk/beta/weblog/index.php?p=1#comments
any ideas?
Comment by James — November 7, 2004 @ 4:55 am
What version of WordPress are you using? Did you turn on usage of the “my-hacks.php” file? Check the options. It seems it didn’t load the file properly.
Comment by Gudlyf — November 7, 2004 @ 10:19 am
i’m using WP1.2.1 and my-hacks is enabled. I’ve followed the instructions to the letter.
Comment by James — November 7, 2004 @ 2:14 pm
Comment 56 - My bad, I didn’t read the whole readme.txt
& yesterday I had the same problem with this site (and mine too) as described in comment # 59 n 61
Comment by Gaurav — November 7, 2004 @ 3:44 pm
You’ll get the phonetic-English translation of the code if you typed it wrong. I can only guess that you typed it wrong the first time or left it blank.
Comment by Gudlyf — November 7, 2004 @ 4:31 pm
Authimage finally working!
Big thanks to Gudlyf for his WordPress hack Authimage! Initially, I had a bit of difficulty getting it to work. My biggest problem was that it would not recognize that I entered the correct code. I noticed other people had posted problems about this,…
Trackback by blog.stevenbrown.ca — November 7, 2004 @ 5:31 pm
Gudylf, I’ve gotten it working now. I followed the instructions that blog.stevenbrown.ca posted above. (Just had to modify them a bit to fit my specific directory structure). Thanks so much!
Scott
Comment by scott — November 7, 2004 @ 6:27 pm
Freudige Bekanntgabe II
since this post trackbacks a (foreign) blogentry written in english, i will post a statement in English after the German crap here
Operation geglueckt - Patient tot lebt.
Das Spam-Problem kann als ‘eingekreist’ gelten. Nach ein bissel rumprobier…
Trackback by xchylde speakin but mostly writing — November 8, 2004 @ 11:28 am
I finally got it to work, although i had to re-install wordpress to do it. I also had to remove the leading ‘/’ from every path.
Comment by James — November 8, 2004 @ 2:27 pm
AuthImage implemented
Or what’s left of it (grab the original here). It started with PHP5 taking issue with the old code — the line that generated the $code to be used in the image — most likely due to the way strlen() or substr() or so is handled in PHP5, I’m guessing….
Trackback by marcus' scrappad — November 9, 2004 @ 1:09 am
Fight against spam
Like many sites, I get the odd bit of spam commenting. Now, being the kind of lazy guy I am, instead of being content with deleting the 2 or 3 comments that appear every day, I’ve decided to throw software at the problem. I’ve just ‘hacked’ the s…
Trackback by the salmon farm — November 9, 2004 @ 10:21 pm
hi all. I have done some days ago a very similar plugin to stop the non-human spammers. you can find more information in the Esther Fuldauer’s blog and it is listed at WordPress plugins wiki
I think the yours one is very nice ! We have to stop these stupid spammers.
Comment by coffelius — November 10, 2004 @ 1:46 pm
Begone, Comment Spam!
I’ve been having a tough time with comment spam lately. It’s mostly been invisible, since it gets moderated. But that means I have to read more spam, and I hate that.
I found a superb solution: AuthImage. Finally!
Trackback by The ChangeLog — November 10, 2004 @ 5:31 pm
I’ve seen that others have had this problem, but I can’t find a solution (I don’t have access to reinstall my server, as someone above did). Please help! At first, I saw no image. Then, when I copied my-hacks.php from my blog directory into my root directory, I got a blank, gray image (no text/code). I checked with my server, and I have both freetype and GD installed:gd
GD Support enabled
GD Version 2.0 or higher
FreeType Support enabled
FreeType Linkage with freetype
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled. What could be the problem? Authimage.php and attomicclockradio.ttf are both in my root directory. I also tried it with a bitmap font (just uploading and replacing that in my-hacks). My temp directory has files in it….
Comment by nathaniel — November 11, 2004 @ 2:32 am
Creamy hack! Thanks! Got it working in an hour - and most of that time was spent finding out how to implement my-hacks.php
I also had the problem of lower case L looking like a 1 so I edited the error message to give the user more info - like “sometimes L looks like a 1 - code is case sensitive, etc. I will try to change the font to see if that helps. Rock on!
Comment by Kate Jenkins — November 11, 2004 @ 3:33 am
Just a comment on the idea for the visually impaired. I think it’s great that it occurred to you, but I’m not sure audio would be the best solution. All of the visually impaired people I’ve come into contact with use a refreshing Braille display as opposed to audio. This is mainly because of bandwidth issues and the problem that there is no standard for audio formats. There may be some kind of solution that could be done with xml and stylesheets for the visually impaired, but I’m not sure what it would be.
Comment by andy — November 12, 2004 @ 12:02 am
Check out: http://krijnen.com/archives/000322.shtml
Nor more spam! No More spam commenters!
Comment by leon — November 12, 2004 @ 7:46 am
I am not entirely sure, but if after patching in this hack and all you get is a blank grey image, it could be due to PHP5. The $code variable that’s set in the createAICode() function won’t have any value assigned to it. This is due to the way substr() works in PHP5. This line (in my-hacks.php):
$code = substr($tmp_fname, (strlen($tmp_code_loc) + strlen($tmp_code_prefix)), $code_length);Essentially reads:start at the end of the filename and return 6 characters. I believe in PHP4 it would automagically search the string backwards, but PHP5 says no.
Try modifying the line to read:
$code = substr($tmp_fname, -1, $code_length);or even just
$code = substr($tmp_fname, -6);I haven’t tested this, since I don’t have access to a PHP4 server. For more info on this, read the php manual on substr().
Comment by marcus — November 13, 2004 @ 9:24 pm
Thanks Marcus; actually, I’m running 4.3.9. I decided to try your havk hack anyway, but to no avail. Any other thoughts? I appreciate your help!
Comment by nathaniel — November 14, 2004 @ 2:01 am
Just updated the code — version 2.0 is now available, and it’s now a plugin! Minimal hacks needed. Give it a look.
Comment by Gudlyf — November 14, 2004 @ 2:23 am
Sound Generation in WP
Gudlyf’s blurb about sound generation in his AuthImage hack, or plugin now, made me want to look into actually implementing that.
I took the cheap way out, using Festival. It’s implemented, and it works now, but I’ve got a few gripes with it.
…
Trackback by marcus' scrappad — November 14, 2004 @ 5:04 am
Here’s another (small) idea:
1. Have the code generated in wp-comments.php and stored in the
session.
2. Then have authimage.php just pull the code from the session.
This allows you to display the code in the ALT tag of the image in the
wp-comments.php file.
This should work, by the way, because sessions use a locking
mechanism. see here.
Anyway, having the alt tag with the code would allow lynx, links and w3m users to
post comments, too.
Comment by Marcus — November 14, 2004 @ 1:37 pm
Yeah I dunno about the alt tag idea, as it makes it way too easy for bots to fool, unless you put the phonetic text in the alt tag.
Comment by Gudlyf — November 14, 2004 @ 2:28 pm
That’s what I did. I convert the digits to strings and they show up as “seven nine three four seven”. It works great on IE. Firebird 0.9.3 however, apparently decides to cache the image anyway, even though the headers tell it not to. Took me a second to track that down, too. So much for that idea.
On a separate note, my wife’s web log is still getting spam. It’s “only” one guy spamming away for his casino. Pretty annoying. And her web log isn’t even popular or anything. Heck, it’s barely a week old. All spam is coming from different IPs, and *even* with AuthImage it’s still coming through. I’m wondering if they’re actually going out of their way to spam by hand. Really weird.
The only other explanation I have is that they open the page once, get the auth code, and then use bots to spam the site with the code included. If the bots don’t reload the image, no new code is generated. That’s why I also changed the checkAICode() function to create a new code — I don’t think I had that implemented before.
Who knows, maybe they’re employing indians for 5 cents a day to manually Spam The World™.
Comment by Marcus — November 14, 2004 @ 5:05 pm
Nice work!
Comment by xhantt — November 14, 2004 @ 6:32 pm
I successfully installed the plugin. Thanks for contributing this to the community. It would be good to note in the installation instructions that steps 9 and 10 (about the hacks) are no longer required on newer versions of WordPress. Also, a note about needing to change the URL in the IMG tag would have saved me some initial confusion. Thanks again.
Comment by Matthew Simoneau — November 14, 2004 @ 8:25 pm
I’m having troubles with the back button. If the commenter mistypes the code and then presses “back”, his comment is gone and he has to retype it. Worse, the page reloads and sets a new cookie, but the image doesn’t update, so his code will now fail.
I’m using Mozilla and this behavior seems to be browser dependant. IE refreshes neither the image nor the page, so it works fine. Looking at the code in wp-blog-header.php, WordPress marks the page as “always modified” in the headers, so Mozilla is actually doing the right thing (at least with respect to the text).
Sam Snow noticed the same problem with a similar plugin and suggests a crude workaround:
http://www.wellardsworld.com/archives/2004/10/30/imageauth-hack-for-wordpress/#comment-202
I’m not sure what to do to fix it more robustly. Perhaps I could modify the plugin so it also forces a reload of the image, possibly by changing the URL each time. Maybe one of the post preview plugins could be adapted to handle the error page, rather than forcing users to hit back at all. Best (and most involved), would be to fix WordPress so it doesn’t always force a reload. This problem also affect Mozilla commenters who didn’t fill out a required e-mail address. Another side-effect of the page reload is that the browser doesn’t return to the same place on the previous page when you hit “back”, which is a drag. Googling around, I’m surprised I don’t see more discussion on the page reload issue.
If anyone has any ideas, please post them here. Thanks.
Comment by Matthew Simoneau — November 14, 2004 @ 8:58 pm
IMHO, this is actually a typical form handling and, in a way, a WP business logic issue.
I have never been a fan of forms that post to new pages. My code typically looks like this:
# header include
# logic to check whether form was submitted
{
# validate form data, update database and redirect to new page
# otherwise, just fall through
}
# display form
# footer include
In the event the form validation fails, the form gets displayed again, with the fields already filled in.
However, this kind of logic would be easier to implement for the wp-comments-popup.php, than the wp-comments.php, unless a hack wraps
ob_start();andob_end_flush();around the whole WP logic. In which case wp-comments.php could submit to itself (i.e. the current url), if necessary (i.e. on form submission) callob_clean_end();and then redirect to the new page. However, the “new page” would be the same url. If there’s still people out there with NS4.0, they’ll get errors. NS4.0 tries to avoid infinite loops when pages redirect to themselves.Just brainstorming here. Okay, different idea. Have wp-comments-post.php check to see whether there’s an error, and instead of just doing the studid
die('hey, you forgot your name');or whatever, have it display the wp-header and at least the comment form (i.e. the light gray box at the bottom of this page) again, giving users the chance to fix their missing name, email, correcting the code, or what have you.Comment by marcus — November 14, 2004 @ 9:24 pm
Yay, got it implemented on my site. It’s quite a hackjob, not very portable either. For one, because I use threaded comments. It requires copying rather large portions of index.php and wp-comments.php. Ugly, I tell ya. But it works. Give it a shot.
Comment by marcus — November 14, 2004 @ 10:18 pm
Sweet! I’ve got it working as well - I noticed the same issues that Matthew and Marcus commented about above. I’m not so concerned about the text missing bit, only the fact that the image doesn’t refresh… buuuuuut - right now anything is better than deleting 20 “FREE TEXAS HOLDEM” comments a day.
Comment by Noah — November 15, 2004 @ 3:13 am
Slight Blog update
A friend pointed out to me the other day that my blog didn’t have a style-sheet in Internet Explorer. When I looked into the problem, I realised it must have been that way since I updated from WordPress 1.0.2 to 1.2. Sorry!
This does give me a good…
Trackback by Irregular Verbiage — November 15, 2004 @ 11:56 am
Wordpress blog spam
I think I finally found something against the current spam attacks I’ve been getting.
I kept getting new comments offering various products, but similar enough to be from the same bot. As IP banning doesn’t help, the comment moderation queue has t…
Trackback by Blogcat — November 15, 2004 @ 12:34 pm
Finnaly got this working by putting the absolute URL of the font into authimage.php (wasn’t seeing it for some reason). Hey Marcus: care to share your form handling code? Or Gudlyf: how come your page seems to have my forms filled in when I hit the back button, but mine doesn’t?
Comment by nathaniel — November 16, 2004 @ 2:24 am
Actually I’m just testing the comment plugin to see how it works. Looks good!
Comment by Paul (pabs) — November 16, 2004 @ 5:17 pm
I’ve tried installing this, but the image doesn’t show up for me, even when I put the absolutely path as what Nathaniel said. Is there anything that I can do? Thanks!
Comment by Nettie — November 16, 2004 @ 8:06 pm
TEST
Comment by Beth — November 18, 2004 @ 8:48 pm
I just tried installing this plugin (version 2.0.1a) on a debian sarge apache2 based system running 1.2.1. I had a few issues. I wanted to detail them in case other people had the same problems.
First, I did have to install one more debian package to get gd support working, as well as restart apache2 after the install:
apt-get install php4-gd2
/etc/init.d/apache2 restart
The second change that I needed to make was in the code contained in step 5 of the install guide. There, in both the text and image versions of the code, I needed to remove leading / from the wp-content/plugins/authimage.php path.
The final change I had to make (this has been mentioned before) was to set the full Linux file system path to the .ttf file inside the wp-content/plugins/authimage.php file.
I hope that helps other people. I still need to look at the JavaScript code and see if that helps keep the “text lost on wrong-auth back” problem discussed above. The jury is still out with me…
Sam
Comment by Sam Snow — November 19, 2004 @ 3:32 pm
I was thinking to edit this hack and make it annonymous only, which means that the registered users won’t have to enter the auth code. Right now its an extra step which everybody has to go through in order to submit comments. But am not sure if it will work or not as the spammers can also register automatically (may be add another auth code for registration?)
Comment by Gaurav — November 22, 2004 @ 1:58 am
I’m sure you must be fed up of people commenting and asking for help so feel free to ignore me! The problem I’m having is that my web hosting doesn’t support FreeType. Someone on their web forums advised me to try monospaced fonts. If you wouldn’t mind letting me know how to alter the code so I can use a different font, it would be very much appreciated. I’ve only had my blog up a couple of days and I haven’t had any “real” comments yet, but the spam is already flooding in!
Comment by Helen — November 22, 2004 @ 4:46 pm
Great plugin!! I used to spend night after night cleaning out my MT comments for spam. Then I fell for Wordpress which is the best! This plugin really cashes in the reward for that switch over! Thanks for giving me no more hard headed spam bustin’ evenings!!
Comment by Matthias — November 23, 2004 @ 3:33 pm
captcha for b2evolution revisted
I realize in looking at this that there is a well-known issue with this plugin– that is, that once an incorrect code has been entered, and you are sent back to the page to re-enter it .. the image doesn’t refresh. Consequently, even if you enter the …
Trackback by village-idiot.org — November 24, 2004 @ 7:32 pm
1. Can you make it ignore caps?
2. There is a minor mistake in the README file, line 81 should be:
php -i | grep “FreeType Support”
Comment by Cloudless — November 25, 2004 @ 3:32 pm
Thanks for the great plugin. I also had to enter the full Linux path to the font file for it to work. Outside of that, no problems.
Comment by Kevin — November 26, 2004 @ 8:59 am
I am not getting this going. I have an error somewhere I am sure. Looked at all the above comments and in #89 noticed that my-hacks.php isnt required anymore. Is that correct? If anyone is willing to assist I will email you the error page I get. Just didnt want to put all that in here.
Comment by Willie Strickland — November 26, 2004 @ 5:04 pm
OK, I got it working now after adding the full server path to the font file as noted by others above.
Comment by Willie Strickland — November 26, 2004 @ 5:42 pm
Ever since attempting to install this hack, I get a strange list of errors. (Hac never functioned. WP 1.21) I completely ripped out the hack and STILL get the errors. What has screwed my blog? Anyone have a clue? Here’s the error codes:
Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1348
Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1349
Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1350
Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1351
Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1352
These repeat for each of the following…
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 89
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 90
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 91
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 93
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 94
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 95
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 96
Warning: Cannot modify header information - headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 101
I’m lost. I even re-installed clean copies of the files with no luck.
~Omar*
Comment by Omar — November 26, 2004 @ 6:26 pm
Follow-up:
The comment *is* being logged, but the page full of errors shows up regardless.
I hope someone can help.
~Omar*
Comment by Omar — November 26, 2004 @ 6:48 pm
I noticed the Readme file skips from Step 1 to Step 5, and I can’t get the plugin to work. Are there supposed to be steps 2-4 in the readme?
Thanks for the plugin. I look forward to implementing it.
Comment by Justin Baeder — November 26, 2004 @ 11:18 pm
Seems to work ok without the missing steps
Comment by Carsten — November 27, 2004 @ 12:22 am
Well, I’ve spent the last 40 hours attempting to get this hack to funtion as stated, and failing in that, to get my blog to function correctly after removal. No good there, either. Thinking I might have missed something, or failed to type in something correctly, I re-istalled it once again - this time with my wife checking my every move vs. the docs. Still does not function, still huge #’s of errors, still can’t bring blog back to before-install comment abilities. (kicks self for not doing a complete backup before starting…)
At least the error messages have changed with it installed, but no image - or any other sign of the hack - is evident.
Would still love some help from you Geek Gods out there. This redneck is lost fer sher….
LOL,
~Omar*
Comment by Omar — November 27, 2004 @ 8:42 pm
I cannot get this plugin to work no matter what I try! I’ve done the my-hacks thing and I’ve got all the libraries, I’ve followed every step, but every time I try to install this, it says only “enter this code: authimage”. No grey box, no text. This sucks too, cuz I get a lot of spam comments!
Comment by Mau — November 27, 2004 @ 10:17 pm
That’s all I could get out of it too, Mau.
Then, if you entered a comment, it would post, but be followed by a white page with the errors I listed above.
Comment by Omar — November 28, 2004 @ 12:15 am
What happens if you guys turn off comment moderation? Does that fix things?
Comment by Gudlyf — November 28, 2004 @ 12:59 pm
Mau — Are you sure you’re specifying the correct path to the authimage.php file?
Comment by Gudlyf — November 28, 2004 @ 1:00 pm
Where would I go to specify the path? I don’t remember seeing anything like this so maybe that’s it…
Comment by Mau — November 28, 2004 @ 1:53 pm
Oh, wait, I’m assuming you mean: /wp-content/plugins/authimage.php…yes, it’s correct.
Comment by Mau — November 28, 2004 @ 1:55 pm
And what happens if you go directly to that URL?
Comment by Gudlyf — November 28, 2004 @ 3:50 pm
Blank page!
Comment by Mau — November 28, 2004 @ 10:21 pm
And I do have gd and freetype libraries installed…
Comment by Mau — November 28, 2004 @ 10:43 pm
My issue has been resolved. It had NOTHING to do with Authimage, but rather spaces in my spam words list. I’m now gonna try to install Authimage again.
My apologies for wasting time and space.
~Omar*
Comment by Omar — November 29, 2004 @ 4:03 am
Oops!
I spoke too soon. My error messages are gone, however I seem to be exactly where Mau it at….
It shows no image, just the alt “authimage”. Any entry, of course, just takes me to the ‘wrong code’ page.
~Omar*
Comment by Omar — November 29, 2004 @ 4:51 am
I spent the night trying different things with no positive effect. I, too, get a blank screen when I go directly to the ‘/wp-content/plugins/authimage.php’ url. All libraries are properly installed.
No error messages, just won’t work.
Comment by Omar — November 29, 2004 @ 8:11 am
The answer to comment spam: AuthImage
Last friday I spent some time to set up another personal weblog (entirely in Dutch, and not computer related, sort of. If you can understand Dutch, don’t be offended by the uri, it’s ment to be funny). But within 72 hours…Comment Spam!
Sigh…
…
Trackback by Gargleblaster.org — November 29, 2004 @ 6:14 pm
Circle of Protection: Spam
As part of the ongoing battle against the spammer[BLEEP]s who keep trying to let all the Soul Cookie’s readers know about all-natural Viagra and online poker and whatever else strikes their small-[BLEEP]ed fancy, I’ve added a visual checksum, GudLyf…
Trackback by Home of the Soul Cookie — November 29, 2004 @ 8:58 pm
great work. i was able to install it as a plug-in in less than 5 minutes on my profesor’s site. see it in action athttp://www.luisteodoro.com.
thanks a lot!
Comment by ederic — November 29, 2004 @ 10:41 pm
Turn on PHP error reporting and try it again. You should be seeing errors that indicate what’s wrong. Put this in your .htaccess file:
php_flag display_errors on
Comment by Gudlyf — November 30, 2004 @ 10:26 am
An end to comment spam??
So recently my weblog has been receiving an increasignly large number of spam comments. My previous method of forcing all those comments containing more than 1 link to be moderated was catching a fair few and resulting in many annoying e-mails to mysel…
Trackback by mikemoate.co.uk — November 30, 2004 @ 11:17 am
And what if you go to:
/wp-content/plugins/authimage.php?type=text
Comment by Gudlyf — November 30, 2004 @ 2:25 pm
It’s a white page that says: upper-zee upper-jay upper-ess one seven
Comment by Mau — November 30, 2004 @ 8:09 pm
I just set this up for someone on their site. I didn’t have any access to the admin section, just the FTP, so maybe that’s where I went wrong. Anyway, I found that with the phonetic iframed-text-mode, the string it generated was missing one letter, so taht when it went to validate, it was always wrong. I found that using a substr($_SESSION['AI-code'],0,5) fixed the problem. I also had to remove the if (strlen($code) < 6){$code = ”;} lines from the page, because the string was too short, and would be deleted by this code.
Just my 2 cents, in case anyone comes across the same problem.
Comment by Ashley — November 30, 2004 @ 11:32 pm
It looks like my comment got chopped off. Essentially, the check to make sure the string was of the right length was blanking out the codes, because with a letter missing, they were too short. I got rid of the line completely, although maybe setting it to less than 5 would be more reasonable.
Just thought I’d submit this, in case anyone else was in the same boat.
Comment by Ashley — November 30, 2004 @ 11:35 pm
I can’t do authimage :o(
Bugger, I can’t run the captcha authimage with WordPress because my hosting provider has only compliled GD and not freetype with PHP… sigh… any other solutions out there? I’ve posted this here, on the WP boards too.
Update… seems like the -h…
Trackback by incorporated subversion — December 2, 2004 @ 1:11 am
I’ve downloaded AuthImage. Works like a charm! Thanks so much!
Comment by Ulysses — December 2, 2004 @ 7:11 am
I’ve upgrade my 1.4 to 2.0.2 version and it’s running well except one thing, all of my pages become not XHTML 1.0 strict when I’m validate it on W3C (my web previously validate as XHTML 1.0 strict with authimage 1.4), for now I’ve recently delete the session starter on my_hacks.php to fix this problem, anyone has any better solution for this problem? because the session_start function from authimage makes some links and form on my page not XHTML 1.0 strict compliant (the ampersand format etc.)
Comment by Dikiwink — December 2, 2004 @ 1:10 pm
Well the latest i cannot get to word with 1.2 strange cause as earlyer i did the older version on 1.3 alfa4 and that worked well.
Now i only get a ‘non’ image. Followed the instructions as they are in the readme but there is no go.
Comment by Folkert — December 2, 2004 @ 1:19 pm
If i call directly the athimage.php it gives a balnc page (ofcourse ;)) but then when i directly visit authimage.php?type=image then he gives me an 404
Comment by Folkert — December 2, 2004 @ 2:57 pm
I’ve installed the plugin, but the comment page is displaying a text box with a 404 page inside of it. I went directly here: http://www.intricateart.com/journal/wp-content/plugins/authimage.php
and got this error message:
“Fatal error: Call to undefined function: add_filter() in /wp-content/plugins/authimage.php on line 185
On top of that, the box to enter comments is not even viewable (as it is on yours), it just stops after the plugin display. I’ve reinstalled it twice to no avail…help HUGELY appreciated!!!
Comment by Leanne — December 2, 2004 @ 6:54 pm
Leanne — Did you enable the plugin?
Comment by Gudlyf — December 2, 2004 @ 9:46 pm
thanks for a great plugin Gudlyf!
i got it up and running on my site with very little trouble at all!
not only should it prevent the dirty spammers, it looks cool too
Comment by chris — December 3, 2004 @ 3:45 am
Finally … sheesh.
For those who use Wordpress and who have been bombarded by fucking casino spam comments you can try installing the AuthImage plugin by Gudlyf
I spent the past thirty minutes trying to troubleshoot it (broken image file). I had to take a step back a…
Trackback by 8pril: return of hope — December 3, 2004 @ 7:49 am
Gotcha - CAPTCHA
My blog has only been active for a few days, and I’ve already experienced the first flood of porn spam comments.
But I knew what to look for to get it fixed without having to manually ban IP address Ad Nauseum, or permanently have to approve commen…
Trackback by From the Fingers of Henrik Flensborg — December 3, 2004 @ 4:28 pm
Gudlyf, yes I did enable it. I even deactivated it and reactivated it. :/
Comment by Leanne — December 3, 2004 @ 7:18 pm
Thanks for the excellent plugin! I’ve tried others and this is by far the best. I, too, had the problem that Leanne was having. I found that in the README.txt file, I needed to make a change.
If you are using the image portion, then change line #116 of the README.txt file to read:
<img src="wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />If you are using the phoenetic English portion, then change line #123 of the README.txt file to read:
<iframe src="wp-content/plugins/authimage.php?type=text" width="155" height="50" />In each case, there is an unnecessary preceding forward slash that when removed allows the plugin to work perfectly… well at least on my site it works perfectly with that change.
Comment by BillH — December 4, 2004 @ 4:18 am
Oops, looks like the CODE tag is NOT allowed in your comments! Here are the changes:
Line #116:
<img src="wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />Line #123:
$lt;iframe src="wp-content/plugins/authimage.php?type=text" width="155" height="50" />Comment by BillH — December 4, 2004 @ 4:20 am
One more time:
#116: img src=”wp-content/plugins/authimage.php?type=image” width=”155″ height=”50″ alt=”authimage” /
#123: iframe src=”wp-content/plugins/authimage.php?type=text” width=”155″ height=”50″ /
Comment by BillH — December 4, 2004 @ 4:22 am
BILL you are a GODSEND. THANK YOU THANK YOU THANK YOU!!!!!
Comment by Leanne — December 4, 2004 @ 12:05 pm
psst…what is the code to change the error message for wrong/invalid/blank code entry to the lil popup message? Anyone wanna share?
Comment by Leanne — December 4, 2004 @ 12:08 pm
Great stuff, thanks.
One minor correction to the docs: It says that shell access is required. This is not true. Instead you can check whether your PHP install has the required libraries by creating a file called
info.phpcontaining a single line< ?php phpinfo(); ?>Visit this page in your browser, and look in the output for GD and Freetype both enabled.
Comment by Alastair — December 4, 2004 @ 6:24 pm
Oops, that should say:
< ?php phpinfo(); ?>
Comment by Alastair — December 4, 2004 @ 6:25 pm
One more time:
<?php phpinfo(); ?>
Comment by Alastair — December 4, 2004 @ 6:27 pm
FYI, to leave <code> comments, put the tags on their own line.
Comment by Gudlyf — December 4, 2004 @ 10:02 pm
don’t forget to rewrite
#116: img src="wp-content/plugins/authimage.php?type=imageā€¯ width="155ā€³ height="50ā€³ alt="authimageā€¯and
#123: iframe src="wp-content/plugins/authimage.php?type=textā€¯ width="155ā€³ height="50ā€³to reflect your own w-p directory. it sounds stupid, but it stumped me for a good 5 mins!
Thanks for the great plugin!
Comment by Niss — December 5, 2004 @ 6:52 pm
Validation Code Added for Comments
Very sorry to have to do it but the spammers have forced me to set up a validation system.
When you go to post a comment you will have to enter the validation code displayed in the comment post area. Hopefully this will eliminate the flood of spam …
Trackback by Jim Lynch: Off the Top of My Head... — December 5, 2004 @ 8:40 pm
Validation Code Added for Comments
Very sorry to have to do it but the spammers have forced me to set up a validation system.
When you go to post a comment you will have to enter the validation code displayed in the comment post area. Hopefully this will eliminate the flood of spam …
Trackback by Jim Lynch: On the Soapbox — December 5, 2004 @ 8:40 pm
Image not appearing on your comment page - but everything else is configured properly? Try removing the leading slash in front of the path to authimage, i.e.
in wp-comments.php at around line 74. Fixed everything for me!
Comment by Kate — December 5, 2004 @ 10:47 pm
Hi Gudlfy:
Thanks for such good plugin! I just use your idea and write a new plugin for pLog! Thanks!
http://blog.markplace.net/index.php?op=ViewArticle&articleId=189&blogId=1
Regards, Mark
Comment by Mark — December 6, 2004 @ 3:46 am
having the same problem as post #140. Tried suggestion from #148. Didn’t work, I tried putting in real path to authimage.php and still get “enter this code: authimage” on my comments page. I would like to set up the text and not the image. Any suggestions?
Comment by mike s. — December 7, 2004 @ 1:34 am
got the image path resolved, but now my comment box, “say it” button and side bar are gone.
Comment by mike s. — December 7, 2004 @ 3:17 am
Mike — Do you have PHP error reporting turned on? Do you get any errors reported at all?
Comment by Gudlyf — December 7, 2004 @ 10:13 am
I’m desperately trying to get this thing to work, but all I get is a grey square with no text. The Images are created and left in the tmp-directory though. I’m trying out the version 1.4.1
Any suggestions?
Comment by Dan — December 7, 2004 @ 12:43 pm
the only error I did encounter was: “Fatal error: Call to undefined function: add_filter() in /wp-content/plugins/authimage.php on line 185″. It was resolved. After digging thru wp-comments.php, I can find the code(line 81 thru 91) for the missing comment box and “say it” button but it still won’t appear on my comment page. Where else should I look for the php error messages?
Comment by mike s. — December 7, 2004 @ 8:26 pm
Mike — Can you try using the latest version of authimage instead?
Comment by Gudlyf — December 7, 2004 @ 8:35 pm
WP Plugin: AuthImage
Say `bye bye` to spam comments on this blog since I’ve installed AuthImage plugin for wordpress. Beside entering your name and email it requires from you to enter some random text in order to your comment go through….
Trackback by kurcula.com — December 7, 2004 @ 11:09 pm
started over from scratch with v2.02 and stuck in same spot. Still no comment box or “say it” button or sidebar. If I put my saved original copy of wp-comments.php, everything back to normal minus authimage ofcoarse.
Comment by mike s. — December 8, 2004 @ 1:24 am
does it make a difference that I followed this post:
http://wordpress.org/docs/installation/different-address/
and have my blog files seperate from my index?
Comment by mike s. — December 8, 2004 @ 1:28 am
Really annoying
Well I decided to do a bit more about comment spamming when I was greeted by 195 comments that needed moderation due to being caught by the blacklist plugin, so I’ve added a very cool little plugin (which isn’t so cool to install) which may, with luc…
Trackback by Random Tasks — December 8, 2004 @ 6:10 am
Mike — What happens when you go to the authimage.php file directly (i.e., http://www.yourblog.com/wp-content/plugins/authimage.php) ?
Comment by Gudlyf — December 8, 2004 @ 9:46 am
Well I finally managed to get the picture and code show up, but it gives me “Error: please enter the valid authorization code.” no matter if I enter the correct code or not…
Very weird indeed.
Any ideas?
Comment by Dan — December 8, 2004 @ 11:01 am
Thanks man! I just added this to my blog, and I’m looking forward to seeing much less spam…
Comment by Zonker — December 8, 2004 @ 11:59 am
I get this error message:
Fatal error: Call to undefined function: add_filter() in /homepages/45/d89914993/htdocs/wordpress/wp-content/plugins/authimage.php on line 185
Comment by mike s. — December 8, 2004 @ 12:48 pm
Mike — Sorry I should have said to try going to “authimage.php?type=image”. With the latest version, you need to add the type at the end of the url like that.
Comment by Gudlyf — December 8, 2004 @ 2:08 pm
if I use =image, I get a grey box w/o letters and/or numbers. if I use =text I get phonetic-English of letters and/or numbers.
Comment by mike s. — December 8, 2004 @ 9:57 pm
take that, spammers!
We’ve been getting tons of comment spam lately, so I installed the AuthImage plugin for Wordpress. This means anyone leaving a comment will have to enter a random code, which the spam-robots can’t do.
I did a little modification to show the comme…
Trackback by the gookins dot net — December 10, 2004 @ 2:40 pm
Adventures with Comment Spam
In the past couple of weeks, comment spam turned into a real problem (100+/day), but a plugin seems to have solved the problem.
Trackback by pbblog — December 10, 2004 @ 7:42 pm
Hi there! First of all, excellent hack! This should save me bunches of time.
I did make a modification to correct for Mozilla’s bogus cache control. Basically, I added a randomized &nocache= in the image location causes Mozilla to think that itā€™s getting a new image each time it reloads the HTML for the page (as it should), which in turn causes it to reload the image and work like it should. Full details are in my blog posting, titled AuthImage Comment Validation. In any case, I hope you might include this fix in your next release of the plugin. Just want to contribute it back in the spirit of sharing with others what I’ve found to be helpful, just as you have done.
And thanks again for the great plugin!
Comment by sizban — December 11, 2004 @ 2:03 pm
Thank you so much! This is really, really helpfull!
Comment by Emanon — December 11, 2004 @ 5:04 pm
This is a really good tool, almost exactly what I was looking for. I’ve just made a couple of mods to it to fit more with my site. I put the authentication as the last entry rather than under URI, to me it makes more sense. I changed the colours to match my site and used image/PNG rather than image/JPEG because the compression looked a bit messy. Finally, I removed “zero” and “oh” from the dictionary just to avoid confusion.
Cheers again for a really useful bit of code.
Adam
Comment by Adam Bracegirdle — December 11, 2004 @ 5:55 pm
Anyone having the problem of spam appearing the moment you post a new item despite the fact you have Authimage running should have a look at: http://tamba2.org.uk/wordpress/spam/#imm
Basically a spammer has used a script to insert a bunch of comments into your database for articles that do not yet exist.
Authimage will prevent this happening again for you, but the damage was done before you set it up.
Love the plug in, Keith - nice work.
Comment by Jamie A. Thom — December 11, 2004 @ 9:14 pm
Captcha it is
I had been fighting comment spam well for awhile here. Not a lot of it, but enough to annoy me. Then I got about 200 in about 30 minutes and I went through the fucking roof on Friday.
It’s time for stronger measures. I didn’t even know this w…
Trackback by highlymoody — December 12, 2004 @ 11:35 am
Great plug-in! Suggestion: why not exempt users who have been validated and are logged-in from having to type in the code? That would be a nice addition, I think.
Comment by washburn — December 13, 2004 @ 4:19 am
I just installed your plugin; it already seems wonderfully useful. I had to do somethings different from what you have in the README to get the phonetic text to work: instead of using only an opening
< iframe >tag, I had to use an opening and closing, or else the remainder of the page after that wouldn’t be displayed (in IE 6 and Opera 7). More importantly, the display code in authimage.php only displays the first 5 chars of the 6 digit authentication scheme, so authentication always fails until that loop is fixed. Hope that helps others.Comment by Alex G — December 13, 2004 @ 3:45 pm
Spam smackdown
Well thanks to AuthImage my comment spam has gone from a minimum of 40 a day to nothing over night!
I am dead chuffed by this and hope that the spammers don’t find a way round this, or at least realise that the effort involved really isn’t worth i…
Trackback by Random Tasks — December 14, 2004 @ 10:10 am
Can “AuthImage” be implemented on any form?
Comment by Ulysses — December 14, 2004 @ 1:59 pm
Ulysses — Like what?
Comment by Gudlyf — December 14, 2004 @ 2:11 pm
Can AuthImage be implemented on any web form outside of WordPress? I have a contact form that I want protected from spam? Thanks.
Comment by Ulysses — December 14, 2004 @ 2:36 pm
Sure you’d just need to take a look at the code and it’s pretty easy to figure out how to adapt it.
Comment by Gudlyf — December 14, 2004 @ 2:52 pm
Ok, took me a while to get it working, but I finally got it with WP 1.2.1 “Mingus.” For some reason, your instructions didn’t work for me until I fixed three problems that I did not see in the README. My steps were:
1. Copied authimage-hacks.php to the root dir of the WP installation as the filename “my-hacks.php”. With my-hacks.php installed, I had to enable it via Options->Miscellaneous-> and checked the box for “Use legacy my-hacks.php file support”. This was not clear in the readme and WP is deprecating my-hacks, so as a new user to WP, I had no idea what my-hacks.php was.
2. Changed the line in authimage.php that read “$font = ‘atomicclockradio.ttf’” to “$font = ‘/absolute/full/path/to/atomicclockradio.ttf’”
3. Followed all your directions for installation in the README.txt file.
Please add to your readme if possible to help out other 1.2.1 Mingus users.
Additionally, I tried doing the text only version and the <iframe … /> code didn’t work well at all for mozilla viewing. I changed <iframe … /> to <iframe … ></iframe> and it fixed it.
I also want to note that for Debian Linux users, installing the GD module for PHP is a breeze. Do an
apt-get install php4-gdand it’ll install all the dependencies, including Freetype! and will change the php.ini file for you. Thanks for making this plugin!Comment by lah — December 14, 2004 @ 7:37 pm
what a fabulous plugin!
but i’m having trouble getting it working. I’m using the most recently generated code (downloaded this evening, 12/14).
Basically, the image code doesn’t generate. In safari, it displays a little box with a question mark; in firefox it generates the alt text (which is “authimage”).
If I try to pull up the authimage.php file by itself, http://lquilter.net/blog/wp-content/plugins/authimage.php, that generates a blank page. If I pull it up with type=image [http://lquilter.net/blog/wp-content/plugins/authimage.php?type=image] I get a lot of interesting error messages. Most saliently, I get:
Warning: imagettftext(): Could not find/open font in /home/lquilter/public_html/blog/wp-content/plugins/authimage.php on line 54
It seems like this is likely the same or similar path problem that many others have had. But I haven’t figured it out yet.
I’ve tried several different paths in the authimage.php file — absolute [unix true directory], absolute from the web path, a variety of relative paths — to no avail.
In wp-comments.php I’ve set the path to ./wp-content/plugins/authimage.php but tried other equivalent paths as well.
I’ve turned the my-hacks.php both on and off. [The readme still says to do it but recent comments make me think that's no longer necessary? Can you confirm this?]
Another possibility is the tmp directory — I don’t actually have a tmp directory, and everything else seems to work okay. But I’m happy to create a tmp directory if I only know where to put it … I tried creating a tmp directory, with permissions 777, in my root directory, blog directory, wp-content, and wp-content/plugins.
Comment by laura q — December 14, 2004 @ 11:53 pm
I ended up having to use the text display since my webhost doesnt have gd enabled. I found a couple things:
1. the loop code createAIAltText has incorrect bounds. It should be:
for($i = 0; $i < 6; $i++) { //total of 6 char code
2. I ended up changing the last return line in the same function to the following. Maybe there is a simplier way to do it, but I didnt like having an iframe that had to be scrolled simply to see the text. I also changed the size of the iframe to make sure all the text fit in..
$alt_code=”<html><style type=”text/css”>nbody{border:0;padding:0px;margin:
0px;background-color:#DDDDDD}</style><body>$alt_code</body></html>”;
Comment by James Sasitorn — December 16, 2004 @ 5:13 pm
Gudlyf — first of all, thank you for creating the simplest plugin to block spam bots. I have installed AuthImage 2.0.3 as instructed in my WP 1.2.1. The only problem I’m facing is an error regarding ob_start(”ob_gzhandler”) on line 452 in wp-includes/functions.php. This appears only for the first time a visitor accesses a page on the blog; after a refresh, it disappears. Close and reopen the browser, access the site and the error appears again. All your instructions were followed correctly, I double-checked and triple-checked. After some tinkering, I’ve discovered that turning off my-hacks.php solves the problem with no apparent side-effects. My question is — is it a problem for AuthImage or WP if I’m not using my-hacks.php ? Thanks in advance.
Comment by Titel — December 17, 2004 @ 2:08 pm
Hm, perhaps there’s already a “session_start()” in WP 1.2.1 that I’m unaware of. Really that’s the only thing that’s in the my-hacks.php that I’ve included. Starting the session for PHP is necessary to get the session variables to work, so I put it in the my-hacks.php file. If it’s already started elsewhere, there’s no need for it.
Comment by Gudlyf — December 17, 2004 @ 2:16 pm
I had to tweak authimage.php to enable it to find the font file, as $plugins_dir is not defined:
@@ -45,8 +45,10 @@
if ($type != "text") {
+ $plugins_dir = dirname(__FILE__).'/';
$fontfile = "atomicclockradio.ttf";
$font = $plugins_dir . $fontfile;
$im = @imageCreate(155, 50) or die("Cannot Initialize new GD image stream");
Also, the patch code given in step 2 of README.txt is wrong: the second double-quote in the IMG element must be removed.
Comment by hf — December 17, 2004 @ 2:28 pm
*dusts off the ol’ bloggy*
I’m mainly updating as an excuse to test the mexcellent captcha plugin I just installed.
CaptchaWHA?
A simplistic explanation is that it’s a test that a human can pass but a machine cannot.
So what are they good for?
In my case, it’s to …
Trackback by Meow Mix — December 17, 2004 @ 8:07 pm
Just a note to those using the “alt” update; if you want your authimage to not be case sensitive, add the two lines of code from the main plug-in that make the user’s entry upper
Comment by nathaniel — December 18, 2004 @ 6:50 am
Well, I have been trying to get this to work on OS X Panther.
Seems I missed an important requirement:
Apache 1.3 or above running on Linux.
Does this mean that running this script locally on OS X is not possible, or could someone offer me a suggestion or 2. I am building my site and testing locally before uploading when my host is ready. Thanks
Comment by Morgs — December 18, 2004 @ 9:34 am
Found error in the README file: for the code to