Gudlyf's World

WordPress Hack: AuthImage
This plugin will add an image with random text the visitor leaving a comment must enter to be validated. If you are being hit with comment spam and have tried some of the other options this is a sound technique, although it does add an additional step…

Hi there!
I’ve tried to download WP AuthImage Hack (v1.1) but it keeps asking me authentication to be able to download it. I use download Accelerator for downloading. What am i supposed to do?

It’s a Unix gzip’ed tar file, which I believe should open in WinZip, but I haven’t tested the code on Windows. Perhaps if you try downloading without the accelerator?

OK, I just put a new version up, but this time I zipped the file. Click the new link above for version 1.2 and see if that downloads.

I tried your hack but got the error message ‘imagettftext undefined function’. This was because the Freetype library was not installed. (Which is not uncommon I understand). So I have hacked the hack and have posted a workaround below. You cannot use TrueType fonts however, you must use Bitmap Fonts. I have found a site where you can download some:
BitMap Fonts
The ‘dimurph.gdf’ font is similar to the one used here.

Here is the hacked hack:

function createCodeImage() {
global $tmp_code_loc, $tmp_code_prefix;

}


Captcha
Thanks to this plugin, I’m now able to cut down on the amount of comment spam I have to moderate. Only recently (presumably with an increase in traffic thanks to my affiliation with the Spread Firefox project and my own authorship of a couple of appar…

Hiya. So glad I found this, will save me lots of time and headaches. However, I seem to have installed everything properly, and it seems to be working, but the code image is not showing. It is displaying a broken image icon. Please advise.

Thanks!

Ok. got the image to show up (had to adjust the path for the tmp location). But even when I enter the code correctly (I’ve checked against the files created in /tmp) it gives me the incorrect error code. Is it not including the prefix part of the code?

We’ll get this working yet!

Blog spam: solved
I solved the blog spam problem with the following trick: I simply added a [[CAPTCHA]] to the comment dialog. This was inspired by Kristian Koehntopp’s Serendipity advocacy, and fortunately, there’s a CAPTCHA system available for WordPress. You can fi…

Comments Spam
I’ve been getting a lot of comments spam in the past few days trying to improve the pagerank of some online pharmacy. Firewall rules haven’t been that effective, since these appear to be sent by robots running on zombied machines across a number of …

Captcha Hack(ing)

I recently installed a
AuthImage captcha for this site. I’ve not, so far anyway, had any real spam trouble. But then I have had all comments requiring my moderation!

I saw this neat little feature when I was searching for some other lon…

I use Wordpress 1.3 beta and it seems it works great at the commens. But I tested trackbacking from other blogs – and now the TBs of this blog will not more be shown. What can I do??? Thank you so much!

You can view my site to see the error, but I believe it has something to do with this line:

< ?php _e("Enter this code: "); ?>
the error:

Fatal error: Call to undefined function: _e() in /home/mintruth/public_html/blog/wp-comments.php on line 69


The user above is using WP 1.0.1, which I’m not supporting. He was able to fix the problem it seems:

I ended up changing things like this:

die( __(‘Error: Invalid authorization code.’) );

To look like this:

die(‘Error: Invalid authorization code.’);

Works fine from what I can tell and has stopped spam!

As you can see just from the comments on this page, trackbacks work fine and don’t require the auth code, of course. If this ever becomes a problem later for spam, then I’ll see about addressing it.

Spammage = popularity?
Well, I got my first blog comment spam. I guess that means someone somewhere is reading this, which is kinda cool I guess. I’ve found a few WordPress plugins and patches that will prevent the spam which I’ll add at some point in the next few days -…

Spam
Well that is really surprising: the language of this blog has been German for almost 3 months and the very first day I write in English my blog gets spamed.

Looks like I am going to use a captcha which I’ll implement as soon as posible.

I’m not getting any errors, but the image isn’t showing up. Just a broken icon. i visit the authimage.php script and it doesn’t report an error. Just does nothing.

What are the minimum requirements for this to work (version, php modules, etc)?

I’ve got a problem getting this hack to work, when I open authimage.php directly i get a white page, and when I go to a comment page I see a broken image with an X. I have freetype installed, and did everything as it should be and gajillion other variations just in case, and still nothing

The font generation requires both the GD library and the FreeType library. You can check what modules your PHP has loaded by running ‘php -m’ or by creating a simple php page to show module info with the following line:

phpinfo(INFO_MODULES);


ok, the 2nd time around reinstalling apache worked. Awesome hack, thank you for making it

Comment Spam
Wow. I haven’t even really got the site up…just testing the blog and I already had over a dozen comment spam posts.

So, I went out looking for some possible solutions to comment spam in WordPress. The WordPress Wiki has a How to combat comment …

Thank you for a very nice hack! I got it working with WordPress 1.0.2 after some extra hacks of the hack, but it is rather straight forward – see my site for the details.

I love you! This hack is absolutely amazing, thank you so much. This should come as standard in WP 1.3!

This is great! I’ve had tons of those poker spam comments over the last week or so, and it’s been so annoying. With this I hope it will stop!

Thanks for all the great work!

Great plugin and with the recent push in lamer spamming (I’m glaring in your direction, Mr. Texas Hold ‘Em Viagara), it will be very popular.

One issue I had getting this to work (maybe will help someone else), I had forgotten to CHMOD my tmp directory to 777 (was 755), so the auth.img seemed to generate but no text visible. (i.e. I didn’t get a broken img icon)

Fixed the permissions, works great. Thanks for sharing this.

Upgrade plus improvement
Upgraded to WP 1.2. That seems to have gone very smoothly indeed. My response was “that’s it? How simple!”

But I also noticed my first comment spam today .

So to deal with that, I’ve required an entry for name and email address, and ins…

thanks for the code.

Nun aber …
Nachdem mein Provider seine Serverprobleme alle behoben hat, hab ich die Blogsoftware zwar eigentlich umsonst umgestellt, aber da ich mich nun in den letzten Tagen so sch�n in Wordpress eingearbeitet habe, werde ich nun endg�ltig umsteigen. Mein einzi…

Friend of a friend hooked me up with your plugin. I was starting to get hit hard with spammers, but now nothing after I installed your plugin, and was easy to do too.

Thanks, mate.
Foton

thanks for the hack! I just implemented it and I had to make a change to the definition of the $font var in createCodeImage(). I included the path to the ttf file and it started to work. prior to that change I was getting a blank grey box. Now let’s see if that Poker Playing-v selling reject get in…

I got this hack to work right away. Great job! I hope like hell this stops that poker spam going around. btw … i got the blank gray box at first too but simply changing the tmp folder to 777 worked to fix the prob.

Great hack! It worked perfectly for me. If I may make a humble recommendation… can you code it so that it never turns up a “1″ or an “l”? Those characters just look too similar in that font.

WordPress Hack: AuthImage
AuthImage is een hack die moet voorkomen dat de wordpress logs gek gespammed worden door comment bots. (voor de non techniekers, dat betekent een honderdtal of meer comments die leiden naar met name viagra of pills of online casino’s.)
Nu is dat heel…

For right now the font will have to include “1″ and “l”. I’m sort-of working on a neat addition to this that may help some of the issues people have had with fonts.

Well (if you read dutch see the trackback ) else…
Thanx for this hack. I had it build in in the 1.3 alpha 4 version and it works like charm. Had to catch the $code first , so when you see a image and no code there could be 2 things.
1: the chmods for your tmp dir are not correct
2: the $code needs to be catched as $_POST['code'];

I just installed this hack on my wordpress site and am having a slight problem. I always get: “Error: Invalid authorization code” even if I enter the correct code. Thanks!

hmm.. I’d almost want to opt for the random GD images – like a dang puzzle for this one… the “aych” threw me off for a sec… lol.. nice hack tho.

scott — Are the tmp files being created?

Yes, I have amassed a collection of temp files.

scott — Hrm, that is a strange problem. Do you see the temp file with the code in question there? What are the permissions on the tmp directory you’re using? The permissions probably don’t matter, since if it can be written to it can be read from.

I see the temp files but now that I look at them, they all have a size of 0. The files are being created but nothing is being written.

They should have zero-length — the code does that.

For some reason the code checking is not reading the temp filenames, which is where it gets the code from (it’s the last 6 characters of the filename). I’m not sure right now what else for you to try.

Thanks for creating this; it works great, although I had to tweak it a bit to make it work on my Apache/Win2k server (plus I changed how it works a bit):
- I had to use a bitmap font (opposed to a TrueType, even though I have the GB and FreeType libraries installed).
- I use a random length string (instead of a fixed length, say 6).
- In Win2k, the tempnam php function tacks on “.tmp” when it creates a file. Instead, I use the ImageJPEG function which creates the temporary file from the random string.
- Removed code from createCodeImage function that isn’t required for Windows.

I’m thinking of using a random font for the image, too.

Since installing it no spam comments have appeared.

As mentioned in comment #44, if anyone sees that the font I used isn’t adequate or the code length isn’t adequate or random enough, let me know and I’ll make alterations to the code to randomize the font and randomize the code length. I really doubt it’s needed unless someone, somehow, writes a bot that can do text recognition and read the code. Really a better idea will be to alternate the background image from the default grey to perhaps a striped background.

I just installed your great hack. The problem is, i just have the same problems as Scott. The Image is shown, I type in the code correctly and it tells me, that the code is wrong.

For the people saying they’re getting the “wrong code” problem, please try downloading the latest version of AuthImage here and follow the directions in the README. Especially note that the function names are different now. My guess is that you may be using an old version of the scripts and copied the info in the README incorrectly.

Hey, thanks for the help, but I followed the instructions exactly (and used the latest version) and I still get the same problem.

This is a great hack. I think it should be inplemented into the WP core. Great Job!!!

AuthImage
Well I’ve found my solution. People will now be required to add in a small randomly generated code – sorry for the extra step but I was getting about 200 comments an hour!

Scott,

Are you installing this hack with your root directory different from your wordpress directory? I had some similar problems with this hack and ended up needing to put in symlinks for my my-hacks.php file and my tmp directory. After that, things seemed to work alright. Just a though.

Yes, my root directory is different from my wordpress directory; I’ve tried symlinking everything so that they are accessible from all locations but it still hasn’t worked

now it keeps telling me i need to re-enter the code even though i type the right code in the box

I dont know how to install this thing…I am very new to all this and am really an idiot still…help would be appreciated. I have it downloaded but now what???

Thanks a lot for the hack! I got it working, using comment #5’s code, but the image quality is not so great…

I was wondering if along with this hack we should also setup a cron job which would delete all the temp files periodically, depending on the site’s traffic.

There are instructions in the README for what to add to your crontab. Like I mentioned in the post above, I’d recode AuthImage to use cookies instead of temp files if people thought that would work better.

I agree with many of the comments so far. This looks like a brilliant hack that MUST be integrated into the core development of WordPress. Does the core team know of it’s existence? Please let them know if they are blind to it . The quicker we get this into the core development, the better for all of us WordPress users.

SPAMMERS you are on notice. There are smart people working to protect us. Thanks guys.

I believe the WP folks know about it from one of the mailing lists (thread here). They seem to think it should remain seperate and as a choice for users, although they seem to think it’s a simple plugin that can be turned on/off easily (when it’s in fact a hack that has to be coded in).

I keep getting an error that spells out the code on my blog, and on this one when I hit Say It! just now
Any idea what might be causing this?

You got the error on this blog?

yes came up just once when I went back and hit refresh it let me post

test

The Final Solution hopefuly
Recently I’ve been getting spammed. Some asshole up ther in spamland decided that emailing people junk mail was okay. Then, when that failed, he decided to hire a bunch of code monkeys to code something to write posts in a effort to boost up their pag…

Hi, Great hack, but im getting this errot

“Fatal error: Call to undefined function: showaialttext() in /home/co7784/public_html/beta/weblog/wp-comments-post.php on line 50″

http://www.7784.co.uk/beta/weblog/index.php?p=1#comments

any ideas?

What version of WordPress are you using? Did you turn on usage of the “my-hacks.php” file? Check the options. It seems it didn’t load the file properly.

i’m using WP1.2.1 and my-hacks is enabled. I’ve followed the instructions to the letter.

Comment 56 – My bad, I didn’t read the whole readme.txt

& yesterday I had the same problem with this site (and mine too) as described in comment # 59 n 61

You’ll get the phonetic-English translation of the code if you typed it wrong. I can only guess that you typed it wrong the first time or left it blank.

Authimage finally working!
Big thanks to Gudlyf for his WordPress hack Authimage! Initially, I had a bit of difficulty getting it to work. My biggest problem was that it would not recognize that I entered the correct code. I noticed other people had posted problems about this,…

Gudylf, I’ve gotten it working now. I followed the instructions that blog.stevenbrown.ca posted above. (Just had to modify them a bit to fit my specific directory structure). Thanks so much!

Scott

Freudige Bekanntgabe II
since this post trackbacks a (foreign) blogentry written in english, i will post a statement in English after the German crap here

Operation geglueckt – Patient tot lebt.
Das Spam-Problem kann als ‘eingekreist’ gelten. Nach ein bissel rumprobier…

I finally got it to work, although i had to re-install wordpress to do it. I also had to remove the leading ‘/’ from every path.

AuthImage implemented
Or what’s left of it (grab the original here). It started with PHP5 taking issue with the old code — the line that generated the $code to be used in the image — most likely due to the way strlen() or substr() or so is handled in PHP5, I’m guessing….

Fight against spam
Like many sites, I get the odd bit of spam commenting. Now, being the kind of lazy guy I am, instead of being content with deleting the 2 or 3 comments that appear every day, I’ve decided to throw software at the problem. I’ve just ‘hacked’ the s…

hi all. I have done some days ago a very similar plugin to stop the non-human spammers. you can find more information in the Esther Fuldauer’s blog and it is listed at WordPress plugins wiki
I think the yours one is very nice ! We have to stop these stupid spammers.

Begone, Comment Spam!
I’ve been having a tough time with comment spam lately. It’s mostly been invisible, since it gets moderated. But that means I have to read more spam, and I hate that.

I found a superb solution: AuthImage. Finally!

I’ve seen that others have had this problem, but I can’t find a solution (I don’t have access to reinstall my server, as someone above did). Please help! At first, I saw no image. Then, when I copied my-hacks.php from my blog directory into my root directory, I got a blank, gray image (no text/code). I checked with my server, and I have both freetype and GD installed:gd
GD Support enabled
GD Version 2.0 or higher
FreeType Support enabled
FreeType Linkage with freetype
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled. What could be the problem? Authimage.php and attomicclockradio.ttf are both in my root directory. I also tried it with a bitmap font (just uploading and replacing that in my-hacks). My temp directory has files in it….

Creamy hack! Thanks! Got it working in an hour – and most of that time was spent finding out how to implement my-hacks.php I also had the problem of lower case L looking like a 1 so I edited the error message to give the user more info – like “sometimes L looks like a 1 – code is case sensitive, etc. I will try to change the font to see if that helps. Rock on!

Just a comment on the idea for the visually impaired. I think it’s great that it occurred to you, but I’m not sure audio would be the best solution. All of the visually impaired people I’ve come into contact with use a refreshing Braille display as opposed to audio. This is mainly because of bandwidth issues and the problem that there is no standard for audio formats. There may be some kind of solution that could be done with xml and stylesheets for the visually impaired, but I’m not sure what it would be.

Check out: http://krijnen.com/archives/000322.shtml
Nor more spam! No More spam commenters!

I am not entirely sure, but if after patching in this hack and all you get is a blank grey image, it could be due to PHP5. The $code variable that’s set in the createAICode() function won’t have any value assigned to it. This is due to the way substr() works in PHP5. This line (in my-hacks.php):

$code = substr($tmp_fname, (strlen($tmp_code_loc) + strlen($tmp_code_prefix)), $code_length);

Essentially reads:start at the end of the filename and return 6 characters. I believe in PHP4 it would automagically search the string backwards, but PHP5 says no.
Try modifying the line to read:

$code = substr($tmp_fname, -1, $code_length);

or even just

$code = substr($tmp_fname, -6);

I haven’t tested this, since I don’t have access to a PHP4 server. For more info on this, read the php manual on substr().

Thanks Marcus; actually, I’m running 4.3.9. I decided to try your havk hack anyway, but to no avail. Any other thoughts? I appreciate your help!

Just updated the code — version 2.0 is now available, and it’s now a plugin! Minimal hacks needed. Give it a look.

Sound Generation in WP
Gudlyf’s blurb about sound generation in his AuthImage hack, or plugin now, made me want to look into actually implementing that.

I took the cheap way out, using Festival. It’s implemented, and it works now, but I’ve got a few gripes with it.

…

Here’s another (small) idea:

1. Have the code generated in wp-comments.php and stored in the
session.

2. Then have authimage.php just pull the code from the session.

This allows you to display the code in the ALT tag of the image in the
wp-comments.php file.

This should work, by the way, because sessions use a locking
mechanism. see here.

Anyway, having the alt tag with the code would allow lynx, links and w3m users to
post comments, too.

Yeah I dunno about the alt tag idea, as it makes it way too easy for bots to fool, unless you put the phonetic text in the alt tag.

That’s what I did. I convert the digits to strings and they show up as “seven nine three four seven”. It works great on IE. Firebird 0.9.3 however, apparently decides to cache the image anyway, even though the headers tell it not to. Took me a second to track that down, too. So much for that idea.

On a separate note, my wife’s web log is still getting spam. It’s “only” one guy spamming away for his casino. Pretty annoying. And her web log isn’t even popular or anything. Heck, it’s barely a week old. All spam is coming from different IPs, and *even* with AuthImage it’s still coming through. I’m wondering if they’re actually going out of their way to spam by hand. Really weird.

The only other explanation I have is that they open the page once, get the auth code, and then use bots to spam the site with the code included. If the bots don’t reload the image, no new code is generated. That’s why I also changed the checkAICode() function to create a new code — I don’t think I had that implemented before.

Who knows, maybe they’re employing indians for 5 cents a day to manually Spam The World™.

Nice work!

I successfully installed the plugin. Thanks for contributing this to the community. It would be good to note in the installation instructions that steps 9 and 10 (about the hacks) are no longer required on newer versions of WordPress. Also, a note about needing to change the URL in the IMG tag would have saved me some initial confusion. Thanks again.

I’m having troubles with the back button. If the commenter mistypes the code and then presses “back”, his comment is gone and he has to retype it. Worse, the page reloads and sets a new cookie, but the image doesn’t update, so his code will now fail.

I’m using Mozilla and this behavior seems to be browser dependant. IE refreshes neither the image nor the page, so it works fine. Looking at the code in wp-blog-header.php, WordPress marks the page as “always modified” in the headers, so Mozilla is actually doing the right thing (at least with respect to the text).

Sam Snow noticed the same problem with a similar plugin and suggests a crude workaround:

http://www.wellardsworld.com/archives/2004/10/30/imageauth-hack-for-wordpress/#comment-202

I’m not sure what to do to fix it more robustly. Perhaps I could modify the plugin so it also forces a reload of the image, possibly by changing the URL each time. Maybe one of the post preview plugins could be adapted to handle the error page, rather than forcing users to hit back at all. Best (and most involved), would be to fix WordPress so it doesn’t always force a reload. This problem also affect Mozilla commenters who didn’t fill out a required e-mail address. Another side-effect of the page reload is that the browser doesn’t return to the same place on the previous page when you hit “back”, which is a drag. Googling around, I’m surprised I don’t see more discussion on the page reload issue.

If anyone has any ideas, please post them here. Thanks.

IMHO, this is actually a typical form handling and, in a way, a WP business logic issue.

I have never been a fan of forms that post to new pages. My code typically looks like this:


# header include

# footer include


In the event the form validation fails, the form gets displayed again, with the fields already filled in.

However, this kind of logic would be easier to implement for the wp-comments-popup.php, than the wp-comments.php, unless a hack wraps ob_start(); and ob_end_flush(); around the whole WP logic. In which case wp-comments.php could submit to itself (i.e. the current url), if necessary (i.e. on form submission) call ob_clean_end(); and then redirect to the new page. However, the “new page” would be the same url. If there’s still people out there with NS4.0, they’ll get errors. NS4.0 tries to avoid infinite loops when pages redirect to themselves.

Just brainstorming here. Okay, different idea. Have wp-comments-post.php check to see whether there’s an error, and instead of just doing the studid die('hey, you forgot your name'); or whatever, have it display the wp-header and at least the comment form (i.e. the light gray box at the bottom of this page) again, giving users the chance to fix their missing name, email, correcting the code, or what have you.

Yay, got it implemented on my site. It’s quite a hackjob, not very portable either. For one, because I use threaded comments. It requires copying rather large portions of index.php and wp-comments.php. Ugly, I tell ya. But it works. Give it a shot.

Sweet! I’ve got it working as well – I noticed the same issues that Matthew and Marcus commented about above. I’m not so concerned about the text missing bit, only the fact that the image doesn’t refresh… buuuuuut – right now anything is better than deleting 20 “FREE TEXAS HOLDEM” comments a day.

Slight Blog update
A friend pointed out to me the other day that my blog didn’t have a style-sheet in Internet Explorer. When I looked into the problem, I realised it must have been that way since I updated from WordPress 1.0.2 to 1.2. Sorry!

This does give me a good…

Wordpress blog spam
I think I finally found something against the current spam attacks I’ve been getting.

I kept getting new comments offering various products, but similar enough to be from the same bot. As IP banning doesn’t help, the comment moderation queue has t…

Finnaly got this working by putting the absolute URL of the font into authimage.php (wasn’t seeing it for some reason). Hey Marcus: care to share your form handling code? Or Gudlyf: how come your page seems to have my forms filled in when I hit the back button, but mine doesn’t?

Actually I’m just testing the comment plugin to see how it works. Looks good!

I’ve tried installing this, but the image doesn’t show up for me, even when I put the absolutely path as what Nathaniel said. Is there anything that I can do? Thanks!

TEST

I just tried installing this plugin (version 2.0.1a) on a debian sarge apache2 based system running 1.2.1. I had a few issues. I wanted to detail them in case other people had the same problems.

First, I did have to install one more debian package to get gd support working, as well as restart apache2 after the install:


apt-get install php4-gd2
/etc/init.d/apache2 restart


The second change that I needed to make was in the code contained in step 5 of the install guide. There, in both the text and image versions of the code, I needed to remove leading / from the wp-content/plugins/authimage.php path.

The final change I had to make (this has been mentioned before) was to set the full Linux file system path to the .ttf file inside the wp-content/plugins/authimage.php file.

I hope that helps other people. I still need to look at the JavaScript code and see if that helps keep the “text lost on wrong-auth back” problem discussed above. The jury is still out with me…

Sam

I was thinking to edit this hack and make it annonymous only, which means that the registered users won’t have to enter the auth code. Right now its an extra step which everybody has to go through in order to submit comments. But am not sure if it will work or not as the spammers can also register automatically (may be add another auth code for registration?)

I’m sure you must be fed up of people commenting and asking for help so feel free to ignore me! The problem I’m having is that my web hosting doesn’t support FreeType. Someone on their web forums advised me to try monospaced fonts. If you wouldn’t mind letting me know how to alter the code so I can use a different font, it would be very much appreciated. I’ve only had my blog up a couple of days and I haven’t had any “real” comments yet, but the spam is already flooding in!

Great plugin!! I used to spend night after night cleaning out my MT comments for spam. Then I fell for Wordpress which is the best! This plugin really cashes in the reward for that switch over! Thanks for giving me no more hard headed spam bustin’ evenings!!

captcha for b2evolution revisted
I realize in looking at this that there is a well-known issue with this plugin– that is, that once an incorrect code has been entered, and you are sent back to the page to re-enter it .. the image doesn’t refresh. Consequently, even if you enter the …

1. Can you make it ignore caps?
2. There is a minor mistake in the README file, line 81 should be:
php -i | grep “FreeType Support”

Thanks for the great plugin. I also had to enter the full Linux path to the font file for it to work. Outside of that, no problems.

I am not getting this going. I have an error somewhere I am sure. Looked at all the above comments and in #89 noticed that my-hacks.php isnt required anymore. Is that correct? If anyone is willing to assist I will email you the error page I get. Just didnt want to put all that in here.

OK, I got it working now after adding the full server path to the font file as noted by others above.

Ever since attempting to install this hack, I get a strange list of errors. (Hac never functioned. WP 1.21) I completely ripped out the hack and STILL get the errors. What has screwed my blog? Anyone have a clue? Here’s the error codes:

Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1348

Warning: Unknown modifier ‘C’ in /home/omar/public_html/bullspeak/wp-includes/functions.php on line 1352

These repeat for each of the following…

Warning: Cannot modify header information – headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 89

Warning: Cannot modify header information – headers already sent by (output started at /home/omar/public_html/bullspeak/wp-includes/functions.php:1348) in /home/omar/public_html/bullspeak/wp-comments-post.php on line 101

I’m lost. I even re-installed clean copies of the files with no luck.

~Omar*

Follow-up:
The comment *is* being logged, but the page full of errors shows up regardless.

I hope someone can help.

~Omar*

I noticed the Readme file skips from Step 1 to Step 5, and I can’t get the plugin to work. Are there supposed to be steps 2-4 in the readme?
Thanks for the plugin. I look forward to implementing it.

Seems to work ok without the missing steps

Well, I’ve spent the last 40 hours attempting to get this hack to funtion as stated, and failing in that, to get my blog to function correctly after removal. No good there, either. Thinking I might have missed something, or failed to type in something correctly, I re-istalled it once again – this time with my wife checking my every move vs. the docs. Still does not function, still huge #’s of errors, still can’t bring blog back to before-install comment abilities. (kicks self for not doing a complete backup before starting…)
At least the error messages have changed with it installed, but no image – or any other sign of the hack – is evident.

Would still love some help from you Geek Gods out there. This redneck is lost fer sher….
LOL,
~Omar*

I cannot get this plugin to work no matter what I try! I’ve done the my-hacks thing and I’ve got all the libraries, I’ve followed every step, but every time I try to install this, it says only “enter this code: authimage”. No grey box, no text. This sucks too, cuz I get a lot of spam comments!

That’s all I could get out of it too, Mau.
Then, if you entered a comment, it would post, but be followed by a white page with the errors I listed above.

What happens if you guys turn off comment moderation? Does that fix things?

Mau — Are you sure you’re specifying the correct path to the authimage.php file?

Where would I go to specify the path? I don’t remember seeing anything like this so maybe that’s it…

Oh, wait, I’m assuming you mean: /wp-content/plugins/authimage.php…yes, it’s correct.

And what happens if you go directly to that URL?

Blank page!

And I do have gd and freetype libraries installed…

My issue has been resolved. It had NOTHING to do with Authimage, but rather spaces in my spam words list. I’m now gonna try to install Authimage again.

My apologies for wasting time and space.
~Omar*

Oops!
I spoke too soon. My error messages are gone, however I seem to be exactly where Mau it at….
It shows no image, just the alt “authimage”. Any entry, of course, just takes me to the ‘wrong code’ page.

~Omar*

I spent the night trying different things with no positive effect. I, too, get a blank screen when I go directly to the ‘/wp-content/plugins/authimage.php’ url. All libraries are properly installed.

No error messages, just won’t work.

The answer to comment spam: AuthImage
Last friday I spent some time to set up another personal weblog (entirely in Dutch, and not computer related, sort of. If you can understand Dutch, don’t be offended by the uri, it’s ment to be funny). But within 72 hours…Comment Spam!

Sigh…
…

Circle of Protection: Spam
As part of the ongoing battle against the spammer[BLEEP]s who keep trying to let all the Soul Cookie’s readers know about all-natural Viagra and online poker and whatever else strikes their small-[BLEEP]ed fancy, I’ve added a visual checksum, GudLyf…

great work. i was able to install it as a plug-in in less than 5 minutes on my profesor’s site. see it in action athttp://www.luisteodoro.com.

thanks a lot!

Turn on PHP error reporting and try it again. You should be seeing errors that indicate what’s wrong. Put this in your .htaccess file:

php_flag display_errors on

An end to comment spam??
So recently my weblog has been receiving an increasignly large number of spam comments. My previous method of forcing all those comments containing more than 1 link to be moderated was catching a fair few and resulting in many annoying e-mails to mysel…

And what if you go to:

/wp-content/plugins/authimage.php?type=text

It’s a white page that says: upper-zee upper-jay upper-ess one seven

I just set this up for someone on their site. I didn’t have any access to the admin section, just the FTP, so maybe that’s where I went wrong. Anyway, I found that with the phonetic iframed-text-mode, the string it generated was missing one letter, so taht when it went to validate, it was always wrong. I found that using a substr($_SESSION['AI-code'],0,5) fixed the problem. I also had to remove the if (strlen($code) < 6){$code = ”;} lines from the page, because the string was too short, and would be deleted by this code.

Just my 2 cents, in case anyone comes across the same problem.

It looks like my comment got chopped off. Essentially, the check to make sure the string was of the right length was blanking out the codes, because with a letter missing, they were too short. I got rid of the line completely, although maybe setting it to less than 5 would be more reasonable.
Just thought I’d submit this, in case anyone else was in the same boat.

I can’t do authimage (
Bugger, I can’t run the captcha authimage with WordPress because my hosting provider has only compliled GD and not freetype with PHP… sigh… any other solutions out there? I’ve posted this here, on the WP boards too.

Update… seems like the -h…

I’ve downloaded AuthImage. Works like a charm! Thanks so much!

I’ve upgrade my 1.4 to 2.0.2 version and it’s running well except one thing, all of my pages become not XHTML 1.0 strict when I’m validate it on W3C (my web previously validate as XHTML 1.0 strict with authimage 1.4), for now I’ve recently delete the session starter on my_hacks.php to fix this problem, anyone has any better solution for this problem? because the session_start function from authimage makes some links and form on my page not XHTML 1.0 strict compliant (the ampersand format etc.)

Well the latest i cannot get to word with 1.2 strange cause as earlyer i did the older version on 1.3 alfa4 and that worked well.
Now i only get a ‘non’ image. Followed the instructions as they are in the readme but there is no go.

If i call directly the athimage.php it gives a balnc page (ofcourse ) but then when i directly visit authimage.php?type=image then he gives me an 404

I’ve installed the plugin, but the comment page is displaying a text box with a 404 page inside of it. I went directly here: http://www.intricateart.com/journal/wp-content/plugins/authimage.php

and got this error message:

“Fatal error: Call to undefined function: add_filter() in /wp-content/plugins/authimage.php on line 185

On top of that, the box to enter comments is not even viewable (as it is on yours), it just stops after the plugin display. I’ve reinstalled it twice to no avail…help HUGELY appreciated!!!

Leanne — Did you enable the plugin?

thanks for a great plugin Gudlyf!
i got it up and running on my site with very little trouble at all!
not only should it prevent the dirty spammers, it looks cool too

Finally … sheesh.
For those who use Wordpress and who have been bombarded by fucking casino spam comments you can try installing the AuthImage plugin by Gudlyf

I spent the past thirty minutes trying to troubleshoot it (broken image file). I had to take a step back a…

Gotcha – CAPTCHA
My blog has only been active for a few days, and I’ve already experienced the first flood of porn spam comments.

But I knew what to look for to get it fixed without having to manually ban IP address Ad Nauseum, or permanently have to approve commen…

Gudlyf, yes I did enable it. I even deactivated it and reactivated it. :/

Thanks for the excellent plugin! I’ve tried others and this is by far the best. I, too, had the problem that Leanne was having. I found that in the README.txt file, I needed to make a change.

If you are using the image portion, then change line #116 of the README.txt file to read:
<img src="wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />

If you are using the phoenetic English portion, then change line #123 of the README.txt file to read:
<iframe src="wp-content/plugins/authimage.php?type=text" width="155" height="50" />

In each case, there is an unnecessary preceding forward slash that when removed allows the plugin to work perfectly… well at least on my site it works perfectly with that change.

Oops, looks like the CODE tag is NOT allowed in your comments! Here are the changes:

Line #116: <img src="wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />

Line #123: $lt;iframe src="wp-content/plugins/authimage.php?type=text" width="155" height="50" />

One more time:

#116: img src=”wp-content/plugins/authimage.php?type=image” width=”155″ height=”50″ alt=”authimage” /

#123: iframe src=”wp-content/plugins/authimage.php?type=text” width=”155″ height=”50″ /

BILL you are a GODSEND. THANK YOU THANK YOU THANK YOU!!!!!

psst…what is the code to change the error message for wrong/invalid/blank code entry to the lil popup message? Anyone wanna share?

Great stuff, thanks.

One minor correction to the docs: It says that shell access is required. This is not true. Instead you can check whether your PHP install has the required libraries by creating a file called info.php containing a single line

< ?php phpinfo(); ?>

Visit this page in your browser, and look in the output for GD and Freetype both enabled.

Oops, that should say:

< ?php phpinfo(); ?>

One more time:

<?php phpinfo(); ?>

FYI, to leave <code> comments, put the tags on their own line.

don’t forget to rewrite
#116: img src="wp-content/plugins/authimage.php?type=image” width="155″ height="50″ alt="authimage”
and
#123: iframe src="wp-content/plugins/authimage.php?type=text” width="155″ height="50″
to reflect your own w-p directory. it sounds stupid, but it stumped me for a good 5 mins!

Thanks for the great plugin!

Validation Code Added for Comments
Very sorry to have to do it but the spammers have forced me to set up a validation system.

When you go to post a comment you will have to enter the validation code displayed in the comment post area. Hopefully this will eliminate the flood of spam …

Validation Code Added for Comments
Very sorry to have to do it but the spammers have forced me to set up a validation system.

When you go to post a comment you will have to enter the validation code displayed in the comment post area. Hopefully this will eliminate the flood of spam …

Image not appearing on your comment page – but everything else is configured properly? Try removing the leading slash in front of the path to authimage, i.e.

img src=”wp-content/plugins/authimage.php?type=image” width=”155″ height=”50″ alt=”authimage”

in wp-comments.php at around line 74. Fixed everything for me!

Hi Gudlfy:

Thanks for such good plugin! I just use your idea and write a new plugin for pLog! Thanks!

http://blog.markplace.net/index.php?op=ViewArticle&articleId=189&blogId=1

Regards, Mark

having the same problem as post #140. Tried suggestion from #148. Didn’t work, I tried putting in real path to authimage.php and still get “enter this code: authimage” on my comments page. I would like to set up the text and not the image. Any suggestions?

got the image path resolved, but now my comment box, “say it” button and side bar are gone.

Mike — Do you have PHP error reporting turned on? Do you get any errors reported at all?

I’m desperately trying to get this thing to work, but all I get is a grey square with no text. The Images are created and left in the tmp-directory though. I’m trying out the version 1.4.1

Any suggestions?

the only error I did encounter was: “Fatal error: Call to undefined function: add_filter() in /wp-content/plugins/authimage.php on line 185″. It was resolved. After digging thru wp-comments.php, I can find the code(line 81 thru 91) for the missing comment box and “say it” button but it still won’t appear on my comment page. Where else should I look for the php error messages?

Mike — Can you try using the latest version of authimage instead?

WP Plugin: AuthImage
Say `bye bye` to spam comments on this blog since I’ve installed AuthImage plugin for wordpress. Beside entering your name and email it requires from you to enter some random text in order to your comment go through….

started over from scratch with v2.02 and stuck in same spot. Still no comment box or “say it” button or sidebar. If I put my saved original copy of wp-comments.php, everything back to normal minus authimage ofcoarse.

does it make a difference that I followed this post:

http://wordpress.org/docs/installation/different-address/

and have my blog files seperate from my index?

Really annoying
Well I decided to do a bit more about comment spamming when I was greeted by 195 comments that needed moderation due to being caught by the blacklist plugin, so I’ve added a very cool little plugin (which isn’t so cool to install) which may, with luc…

Mike — What happens when you go to the authimage.php file directly (i.e., http://www.yourblog.com/wp-content/plugins/authimage.php) ?

Well I finally managed to get the picture and code show up, but it gives me “Error: please enter the valid authorization code.” no matter if I enter the correct code or not…

Very weird indeed.

Any ideas?

Thanks man! I just added this to my blog, and I’m looking forward to seeing much less spam…

I get this error message:

Fatal error: Call to undefined function: add_filter() in /homepages/45/d89914993/htdocs/wordpress/wp-content/plugins/authimage.php on line 185

Mike — Sorry I should have said to try going to “authimage.php?type=image”. With the latest version, you need to add the type at the end of the url like that.

if I use =image, I get a grey box w/o letters and/or numbers. if I use =text I get phonetic-English of letters and/or numbers.

take that, spammers!
We’ve been getting tons of comment spam lately, so I installed the AuthImage plugin for Wordpress. This means anyone leaving a comment will have to enter a random code, which the spam-robots can’t do.

I did a little modification to show the comme…

Adventures with Comment Spam
In the past couple of weeks, comment spam turned into a real problem (100+/day), but a plugin seems to have solved the problem.

Hi there! First of all, excellent hack! This should save me bunches of time.

I did make a modification to correct for Mozilla’s bogus cache control. Basically, I added a randomized &nocache= in the image location causes Mozilla to think that it’s getting a new image each time it reloads the HTML for the page (as it should), which in turn causes it to reload the image and work like it should. Full details are in my blog posting, titled AuthImage Comment Validation. In any case, I hope you might include this fix in your next release of the plugin. Just want to contribute it back in the spirit of sharing with others what I’ve found to be helpful, just as you have done.

And thanks again for the great plugin!

Thank you so much! This is really, really helpfull!

This is a really good tool, almost exactly what I was looking for. I’ve just made a couple of mods to it to fit more with my site. I put the authentication as the last entry rather than under URI, to me it makes more sense. I changed the colours to match my site and used image/PNG rather than image/JPEG because the compression looked a bit messy. Finally, I removed “zero” and “oh” from the dictionary just to avoid confusion.

Cheers again for a really useful bit of code.

Adam

Anyone having the problem of spam appearing the moment you post a new item despite the fact you have Authimage running should have a look at: http://tamba2.org.uk/wordpress/spam/#imm

Basically a spammer has used a script to insert a bunch of comments into your database for articles that do not yet exist.

Authimage will prevent this happening again for you, but the damage was done before you set it up.

Love the plug in, Keith – nice work.

Captcha it is
I had been fighting comment spam well for awhile here. Not a lot of it, but enough to annoy me. Then I got about 200 in about 30 minutes and I went through the fucking roof on Friday.

It’s time for stronger measures. I didn’t even know this w…

Great plug-in! Suggestion: why not exempt users who have been validated and are logged-in from having to type in the code? That would be a nice addition, I think.

I just installed your plugin; it already seems wonderfully useful. I had to do somethings different from what you have in the README to get the phonetic text to work: instead of using only an opening < iframe > tag, I had to use an opening and closing, or else the remainder of the page after that wouldn’t be displayed (in IE 6 and Opera 7). More importantly, the display code in authimage.php only displays the first 5 chars of the 6 digit authentication scheme, so authentication always fails until that loop is fixed. Hope that helps others.

Spam smackdown
Well thanks to AuthImage my comment spam has gone from a minimum of 40 a day to nothing over night!

I am dead chuffed by this and hope that the spammers don’t find a way round this, or at least realise that the effort involved really isn’t worth i…

Can “AuthImage” be implemented on any form?

Ulysses — Like what?

Can AuthImage be implemented on any web form outside of WordPress? I have a contact form that I want protected from spam? Thanks.

Sure you’d just need to take a look at the code and it’s pretty easy to figure out how to adapt it.

Ok, took me a while to get it working, but I finally got it with WP 1.2.1 “Mingus.” For some reason, your instructions didn’t work for me until I fixed three problems that I did not see in the README. My steps were:

1. Copied authimage-hacks.php to the root dir of the WP installation as the filename “my-hacks.php”. With my-hacks.php installed, I had to enable it via Options->Miscellaneous-> and checked the box for “Use legacy my-hacks.php file support”. This was not clear in the readme and WP is deprecating my-hacks, so as a new user to WP, I had no idea what my-hacks.php was.
2. Changed the line in authimage.php that read “$font = ‘atomicclockradio.ttf’” to “$font = ‘/absolute/full/path/to/atomicclockradio.ttf’”
3. Followed all your directions for installation in the README.txt file.

Please add to your readme if possible to help out other 1.2.1 Mingus users.

Additionally, I tried doing the text only version and the <iframe … /> code didn’t work well at all for mozilla viewing. I changed <iframe … /> to <iframe … ></iframe> and it fixed it.

I also want to note that for Debian Linux users, installing the GD module for PHP is a breeze. Do an apt-get install php4-gd and it’ll install all the dependencies, including Freetype! and will change the php.ini file for you. Thanks for making this plugin!

what a fabulous plugin!

but i’m having trouble getting it working. I’m using the most recently generated code (downloaded this evening, 12/14).

Basically, the image code doesn’t generate. In safari, it displays a little box with a question mark; in firefox it generates the alt text (which is “authimage”).

If I try to pull up the authimage.php file by itself, http://lquilter.net/blog/wp-content/plugins/authimage.php, that generates a blank page. If I pull it up with type=image [http://lquilter.net/blog/wp-content/plugins/authimage.php?type=image] I get a lot of interesting error messages. Most saliently, I get:

Warning: imagettftext(): Could not find/open font in /home/lquilter/public_html/blog/wp-content/plugins/authimage.php on line 54

It seems like this is likely the same or similar path problem that many others have had. But I haven’t figured it out yet.

I’ve tried several different paths in the authimage.php file — absolute [unix true directory], absolute from the web path, a variety of relative paths — to no avail.

In wp-comments.php I’ve set the path to ./wp-content/plugins/authimage.php but tried other equivalent paths as well.

I’ve turned the my-hacks.php both on and off. [The readme still says to do it but recent comments make me think that's no longer necessary? Can you confirm this?]

Another possibility is the tmp directory — I don’t actually have a tmp directory, and everything else seems to work okay. But I’m happy to create a tmp directory if I only know where to put it … I tried creating a tmp directory, with permissions 777, in my root directory, blog directory, wp-content, and wp-content/plugins.

I ended up having to use the text display since my webhost doesnt have gd enabled. I found a couple things:

1. the loop code createAIAltText has incorrect bounds. It should be:
for($i = 0; $i < 6; $i++) { //total of 6 char code

2. I ended up changing the last return line in the same function to the following. Maybe there is a simplier way to do it, but I didnt like having an iframe that had to be scrolled simply to see the text. I also changed the size of the iframe to make sure all the text fit in..

$alt_code=”<html><style type=”text/css”>nbody{border:0;padding:0px;margin:
0px;background-color:#DDDDDD}</style><body>$alt_code</body></html>”;

Gudlyf — first of all, thank you for creating the simplest plugin to block spam bots. I have installed AuthImage 2.0.3 as instructed in my WP 1.2.1. The only problem I’m facing is an error regarding ob_start(“ob_gzhandler”) on line 452 in wp-includes/functions.php. This appears only for the first time a visitor accesses a page on the blog; after a refresh, it disappears. Close and reopen the browser, access the site and the error appears again. All your instructions were followed correctly, I double-checked and triple-checked. After some tinkering, I’ve discovered that turning off my-hacks.php solves the problem with no apparent side-effects. My question is — is it a problem for AuthImage or WP if I’m not using my-hacks.php ? Thanks in advance.

Hm, perhaps there’s already a “session_start()” in WP 1.2.1 that I’m unaware of. Really that’s the only thing that’s in the my-hacks.php that I’ve included. Starting the session for PHP is necessary to get the session variables to work, so I put it in the my-hacks.php file. If it’s already started elsewhere, there’s no need for it.

I had to tweak authimage.php to enable it to find the font file, as $plugins_dir is not defined:

@@ -45,8 +45,10 @@

$im = @imageCreate(155, 50) or die("Cannot Initialize new GD image stream");


Also, the patch code given in step 2 of README.txt is wrong: the second double-quote in the IMG element must be removed.

*dusts off the ol’ bloggy*
I’m mainly updating as an excuse to test the mexcellent captcha plugin I just installed.

CaptchaWHA?

A simplistic explanation is that it’s a test that a human can pass but a machine cannot.

So what are they good for?

In my case, it’s to …

Just a note to those using the “alt” update; if you want your authimage to not be case sensitive, add the two lines of code from the main plug-in that make the user’s entry upper

Well, I have been trying to get this to work on OS X Panther.

Seems I missed an important requirement:
Apache 1.3 or above running on Linux.

Does this mean that running this script locally on OS X is not possible, or could someone offer me a suggestion or 2. I am building my site and testing locally before uploading when my host is ready. Thanks

Found error in the README file: for the code to display images there is a ” in after the echo statment that is not required. This may cause errors for anyone who doesn’t remove it. It also will give newbies headacks is the code doesn’t work.
Other wise I would like to say that you have a very good script 5/stars!!!

Keep up the good work,
Marzar

I was wondering.. you made a sugestion for making the script generate cookies instead of temp files..
I think you could release two versions of the script. One using temp files and another using cookies.. So everyone would be happy
just a suggestion, besides, great script! I found the best for wordpress to stop spammers! congrats!

another thing.. i think you forgot to put the instructions for the cron job on the readme of the new release

Dong-Rocking!
The only thing that needs to be changed is the font. I get buttloads of comments about the font being unreadable. It looks like yours is all capitals, no numbers – so you must have been having the same problem. Make this the default. Thanks for the selfless gift to the WP community.

How do I make the authimage include only numbers and no letters? Do I just remove the ‘alpha’ from line 34? (I’m using 2.0.3.)

Is there a way to increase the font size and remove the rotation?

Thanks, Kate

For those of you wondering how to remove the rotation, I figured it out…
Go to line 56 of authimage.php and change the five to a zero so it reads like this:

ImageTTFText($im, 20, 0, 18, 38, $text_color, $font, $code);

If I understand it correctly, the number ‘20′ is the font size but I haven’t been willing to experiment with that just yet because the tag that calls authimage specifies a width and height and I don’t want to have illegible text.

Line 53 is where you can get rid of the grey box if that doesn’t suit you. Changing those 3 numbers to ‘255′ will give you white but you’ll only want to do this if you’re changing font. The gaps in that alien font make the grey box a necessity.

Sorry, I’ll stop spamming your forums gudlyf…

A couple of updates:

- New version out that fixes a few things recently mentioned (see the README)
- The font is somewhat obscure and tilted on purpose in hopes to better fool an OCR programs that may try to translate it.
- The old temp-files version is no longer supported — use the newest version if you’re having problems. The new version doesn’t use cookies, it uses session keys.

Take that Spambot
My original fix for the constant barrage of spam comments was to basically flag postings with certain key words and links for moderation. This caught 99% of the spam, but as of this posting I have nearly 100 posts in the moderation queue. But I think I…

After installing your great hack, I noticed that this warning is displayed when I enter http://www.kopis.de:


Warning: ob_start(): output handler 'ob_gzhandler' cannot be used after 'URL-Rewriter' in [...]/wp-includes/functions.php on line 452


When I use the ‘real’ address http://www.aikidoforum.de/kopis/ it doesn’t show. I think it relates to the ‘header’ function. Do you know about this error?

I’ve tried to use the alternative form of your plugin, but the javascript checking doesn’t seem to be working. The JS console in Firefox says that “Error: testValues is not defined”. What obvious thing am I missing?
Other than this, your plugin is excellent!! Thanks

Knapp 48 Stunden
Nach nicht ganz zwei Tagen schlagen hier die ersten Spammer ein. Alle 20 Minuten an die 10 Spams. Je Spam-Kommentar eine e-Mail von Wordpress. Neue e-Mails werden mit einem Piepsen von meinem Server signalisiert. So wie der Disconnect-Ton in McMail, fa…

Recommended change, use the phonetic string as the ‘alt’ of the image. This might be useful to people with vision limitations.

Trust me, I’ve tried to put that text as the alt tag info, but it’s just not possible the way I have this implemented. The code is sent to the server session variable which can’t be accessed until you hit the “Say It!” button.

It looks like nobody ever had my problem: i installed the hack, did what tought in readme as exactly as i can. right now the plug looks good in the blog, but it doesnt work good: u actually can enter every code or even no code and the comment is goint to be postet anyway….whats wrong? its main function is not working, it just looks alike right now.

what i did for shure:
i enabled my-hacks.php (its in the wordpress folder…thats what i guess is the root folder…the folder where all thouse folders like wp-images and other are stored)
i copied the content of authimage-hacks.php into my-hacks.php (its not much am i right?) under options/miscellaneus and i set it to “true” in options/general blog settings
i enabled the plugin
i did everything (twice) whats written in the readme file

is there help out there
(the looks so far is great…matches my style of the blog better than any other antispam plug….thx a lot allready bc i am shure somebody can help me)

bronco

OOps toooo early opened my mouth: for me, it was unclear, which of what is optional in the fourth point of the readme file. i wanted to install that the comments with no correct code are not going to be sent to the moderators desk, but get deleted automatically. found out about now…hat to insert some lines….now it works….and still looks good

thx
bronco

Just getting frustrated at my inability to figure this one out – and hoping there is a sage on here that can shed some light on my path.
I do not get any errors messages, just a broken link where the graphic should be.
My webhost says both GD and freetype are installed (perhaps they are wrong?). I do not have shell access to try the command line check (BTW, is it only me or are both command lines to check for freetype and GD the same?).

I did notice the installation steps jump from 1. to 5. ~~ did I miss a few steps and that’s my problem?
I tried inputting the “/absolute/file/path/for/automicclockradio.ttf” in the authimage.php.
nothing different.

Any help would **truly** be appreciated.
-Jonah

Based on the 5th comment by TREV, I make the corrections in the new code of this hacks, just change the TTF for the GDF codes. This is solve any problem for the servers that not support FreeType, but support GDF.

The steps are:
1. Download the attommicclock.gdf font from the site of Bitmap Fonts and put at the plugin directory

2. Put comments in the line about the font and change for the imageloadfont();

//$fontfile = "atomicclock.ttf";
//$font = $plugins_dir . $fontfile;
$font = imageloadfont("atommicclock.gdf");


3. Replace the ImageTTFtext for the imagestring();

//ImageTTFText($im, 20, 5, 18, 38, $text_color, $font, $code);
imagestring($im, $font, 10, 10, $code, $text_color);


Thanks the Gudlyf’s for this amazing plugin.

Hey – It works!!! Thanks Fernando! Apparently my webhost supported GD, but not FreeType.
My graphic doesn’t display on an angle, but I doubt that’s necessary.

Thanks again for the help!

And what is the use of starting to spam then yourself? Why do you send over 10 comments to my weblog boasting you hacked into the trencacode, which, if you had done this manual, you would have noticed, is not even put into effect on my log, only in its source.

How cool to be exactly like the enemy you pretend to fight. I do hope all those casino spammers manage to hack into your comments.

Seems the spamms for your script originate from the Netherlands. Anyways, it is a pain in the neck. Maybe we all find a solution – together – as a team?

Cheers and happy spam bashing!

Catweasel

I’ve also had similar comments on my blog, though this time the IP resolves to some bank in Japan! So clearly their is an idiot at work somewhere.

However the comments actually reccomend your plugin so maybe in some small way maybe you should be flattered! Though I think I’d be pisssed off, as people are bound to think too quick and assume it was you.

I’ll figure out how it’s being done. It’s not a chapka-reading script, so I’m sure it can be fixed. For now you can just try denying any comments with the link to this plugin in it

If you are not the one who is spamming everyone using Trencaspammers, you should clearly state so in a post, because I know a lot of people who don’t understand this kind of attitude. Spamming is not the way to promote an antispam plugin.

I also have a blog that uses trencaspammers that got hit by the spammer. While I’m not happy about it, I don’t think there’s any reason to blame Gudlyf. He’s done something for other people by making his plugin available to the public. Just because the spammer includes a link to his plugin, doesn’t mean he’s the one doing it. The spammer never identifies himself as Gudlyf or anyone else for that matter. All I ask is for everyone to think rationally not jump to any wild conclusions.

Gudlyf – Thanks for your plugin.

Gudlyf, I just wanted to say that I know you aren’t responsible for this recent mess. If anyone doesn’t believe me, read Gudlyf’s blog. He isn’t the type of guy that would do this sort of thing. Unless Gudlyf has taken a complete turn for the worse, he’s innocent.

Hi, a few people mentioned that this hack doesn’t seem to work no matter what code they enter, at least on the first go. I noticed that if I first browsed around, what happened was that I got a cached copy of the required code graphic, so I’d be entering a code that was no longer valid. This was really annoying, of course.

Here’s a fix, which I put into wp-comments right before the plugin code itself:

srand((double)microtime()*1000000);
for ($num=0; $num<15; $num++)
{
$check = rand (0,1);
$x = $check?chr(rand ( 97, 122)):rand ( 0, 9);
$sid .= $x;
}

Then replace authimage.php?type=image with authimage.php?type=image&ran=$sid .

This sid value has no purpose, but by providing a random string with each image, it forces the browser to go out and get a new Auth Image, no matter what the browser’s cache settings. Works for us, every time.

Yours,

Ken

Thank you Gudlyf for your great plugin, and thank you Ken for the fix! You guys got me squared away quickly!

This really is an excellent plugin. Thanks for your efforts!

Well after getting the old style hack to work (comments #64, 66 and 72) a while back i’ve decided to use this new fangled plugin one, but no matter what numbers i insert it’s giving me an error saying wrong code, any ideas?

I wonder if Ken or anyone could be more specific about the placement of the code for his fix? His code keeps showing up on my comments page as displayed text instead of working as it’s supposed to (sorry to be so clueless). I would appreciate any advice on how to insert this code so that it works properly. It seems like the code is suppoed to go in wp-comments.php right before the text that the readme tells users to insert in that file. So after inserting Ken’s fix, my wp-comments.php contains the following:

<label for="url">< ?php _e("<acronym title="Uniform Resource Identifier">URI"); ?></label>
(double)microtime()*1000000);
for ($num=0; $num<15; $num++)
{
$check = rand (0,1);
$x = $check?chr(rand ( 97, 122)):rand ( 0, 9);
$sid .= $x;
}

Hmm. The code I posted in the above post wouldn’t display properly here, I’m afraid. But perhaps someone can still offer some advice on my problem. Many thanks.

This is how im doing it washburn, works a treat for me

<?php
srand((double)microtime()*1000000);
for ($num=0; $num<15; $num++)
{
$check = rand (0,1);
$x = $check?chr(rand ( 97, 122)):rand ( 0, 9);
$sid .= $x;
}
?>

<div>
<input type="text" name="code" id="code" value="<?php echo ""; ?/>" size="28" tabindex="4" />
<label for="code">< ?php _e("Enter this code: "); ?></label>
<img src="<? echo get_settings('siteurl') ?/>/plugins/authimage.php?type=image&ran=<? echo $sid ?>" width="155" height="50" alt="authimage" />
</div>

hmmm, my code isn’t working either. I’ve uploaded a small txt file to show you how im using it – http://www.7784.co.uk/code.txt

Hrm. What I don’t understand is why the header alterations I made aren’t working for people. I thought the “Expires” and “Last-Modified” header changes would make the image expire, not requiring the random code you’re adding. Anyone know why that’s not working for some people, yet it works fine on this site?

Many thanks, James. That seems to have done the trick (I had to remove the div though).

But I have a new problem now, I’m afraid. I tried following Nathaniel’s sugestion in his comment #197, above, for making auth-image non-case sensitive. Following his (slightly vague) suggestion, I took three lines from the regular authimage file, to paste into my authimage.php file (which is the -alt version of the plugin). I first pasted the “un-casing” lines somewhere they made no difference (I dubmbly put them after the second session start in my authimage.php file), then I tried moving them to after the first session start.

Unfortunately, this second editing seemed to mess up wordpress. And when I restored my old authimage.php, file the problem remained! (very worrying). The problem is this:

When I submit a comment, wp displays the following:

Warning: Cannot modify header information – headers already sent by (output started at /home/thisdar/public_html/wp-content/plugins/authimage.php:190) in /home/thisdar/public_html/wp-comments-post.php on line 95

And it repeats this message, w/regards to lines 96, 97, 99, 100, 101, 102, and 107. The comments *do* post, but the error messages are displayed after each is entered. Similar errors appear now when I try to post a message or log-in etc.

I do hope there is a way to salvage my wp install…any help will be much appreciated.

p.s. Below is the anti-case sensitivity code I pasted into my authimage plug-in. I’ve put spaces between letters so that it will display here.

/ / C o m m e n t o u t f o l l o w i n g t w o lines to be case sensitive
$ c o d e = s t r t o u p p e r ( $ c o d e ) ;
$ e n t e r e d _ c o d e = s t r t o u p p e r ( $ _ SE SSION [ ' A I - c ode ' ] ) ;

Gudlyf-
When I entered message 233 above, I guess I typed the code incorrectly–when I hit the “back” button from the “you entered the wrong code page,” I did see the old cached code on my screen. So I think this problem can be seen here too. I’m using Firefox 1.0.

Thanks again for the great plug-in. It’s fantastic, even if non-programers like me tend to mess it up.

Found and fixed the problem producing my error message. Some blank spaces somehow got added to the end of my authimage.php file. With them gone, I now have no error messages, no problem with cached images, and no case-sensitivity. This plugin rocks.

Mine still isn’t working tried everything, changing the code so that the comments are sent to the moderating pool works, but that option kinda defeats the object of the script if i have to moderate all comments anyway.

Hi:
Can anybody help me? Thanks!
=================================
Fatal error: Call to undefined function: checkaicode() in f:\web\mt\sandra\wp-comments-post.php on line 60

Sorry, I forget to put what line 60 is:
===========================
if ( !checkAICode($code) )
die( __(‘Error: please enter the valid authorization code.’) );

I’ve installed the plugin, but the code validation fails no matter what. I’m even having a hard time posting on this blog.

DIE COMMENT SPAM!
I’m now swimming in comment spam. There is a bot providing a constant flood as I’m typing this. As I’ve already noted, in the last 24 hours there have been more than 500 spam comments. So now I’ve been forced to bring out bigger guns, WordPress …

Do you have instructions on how to install this on 1.3?

I like, but how do i make it all letters no numbers. Is there a way to get the audio to work?

I think this plugin is fantastic, I’ve installed it one blog and am installing on a new one now. However, the subject of my-hacks in the readme is completely confusing! The upgrade log says it is no longer required –> “2.0 — Minimal hacks now — no need for the ‘my-hacks.php’ file.” but then later in the install steps –> “6. Make sure your ‘my-hacks.php’ file contains what is in ‘authimage-hacks.php’. THIS IS STILL REQUIRED!” They contradict one another, which one is incorrect here?

The release notes are in order from bottom to top, so if I say something in a previous release then contradict it later, it means something changed that required me to put the functionality back. See the 2.0.1 note where I say it’s needed afterall. Sorry for the confusion.

Thanks a lot for this WP plugin !

And happy new year.

Hi Gudlyf,

I’m trying to install your plugin, and I’m having all kinds of problems. I’m sure it’s because I”m just not accustomed to code hacking, and I’m also not very familiar with site directory paths. Could I get some help? It’d be greatly appreciated. I’m having two different problems. I can either A) get the image to show up, but when I try to post a comment, it ALWAYS says the code is wrong… or B) no image shows up. It simply says “authimage” where the image is supposed to be.

Sigh. This is driving me crazy. I feel like I just keep breaking it over and over.

I hate being code stupid.

Installation went very well but I’m having an issue with the URL redirect after submitting the comment.
I’m using the popup comments and instead of the comment reloading in the open window the index is loading in the popup. If I close it out and refresh the main window the comment has been added.
Anyone else run across this problem with the popup comments?

I am using wordpress 1.5beta, I cannot find the line you stated in wp-comments-post.php…
Can you write a installation guide for 1.5?

Hi, the instructions are easy to follow yet I’m having problems. I can see the code but I’m not getting error messages if I type in the wrong code or no code. All comments are going though (I still have comments moderated because I’m having spamming problems). What have I done wrong?

I think it’s related to the my-hacks.php part of the instructions. When I went into options and checked the box, nothing seemed to happen. When I try to bring up the page in templates I get an error message. I don’t know how to fix this. Can I rename authimage-hacks.php to my-hacks.php and upload that? Would that work? If so, which directory do I put the file in?

Please help.

Karen — You need to take the authimage-hacks.php file and rename it to my-hacks.php, then move that to the top level directory (i.e., where your index.php file is). Make sure there’s not a my-hacks.php file already there. If so, just make sure the contents of authimage-hacks.php is in that file.

Thank you, I’ll try that.

Thank you, it works great now. What a relief!

Hello, I have just installed authimage to my blog site and it seems to not be working correctly. I can see the input box and the following message:

Enter this code: authimage

I do not see the image that has the distorted text to enter in the input box. Also, reading the directions, I became a little confused on what or how to use the authimage-hack.php file. I was thinking maybe the authimage-hack.php is the problem. I believe I have php version 1.2 or greater, but how do I check for sure?

Can you help?
Thanks

I am getting the following error:
checkaicode() in /home/…/public_html/wp-comments-post.php on line 48

I see this function in the authimage.php file. Do I need to somehow require the authimage.php file in the wp-comments-post.php file?

How do I get or install the GD library and the FreeType library?

Re-design!
I redesigned my website. Whoopty-shit.

Comments fixed! – AuthImage 2.0.4 breaks AuthImage addressing.
Well, it serves me right. After crowing about how good AuthImage is to everyone, I forgot to check it after getting my hosting company to “rebuild php with the required modules”. It was still broken on this site, meaning no-one could comment!

This…

I installed Authimage about 5 days ago. At first it worked fine, and I was thinking of turning off moderation this weekend but this morning I found 38 spam comments waiting for me in moderation. I used the option that if the code was not correct, then the message should be deleted without sending it through to moderation. I don’t want to see these spam comments any longer, it’s driving me insane.

Why is this happening? I’m thinking of dumping WordPress altogether because it’s taking over my spare time and causing too much stress, and I chose WordPress because it easy to use

Please help me solve this problem.

Comment Spam
I have hopefully bannished comment spam from this blog permanently. I hope…..

Comments now require you to add a special authorisation code generated in the form of a bitmap text image that should hopefully stop any automated spambots. If they star…

Getting rid of spam is becaming harder and harder, thank you for provinding this very usefull tool.
Installing was pretty straightforward however, text mode doesn’t worked just pasting from your instruction README.txt file, I had to do some tweaking.
Is it just me or a small forgotten glitch still waiting to be fixed?

More blog comment spam
It’s amazing: I have been running this blog for a few months, and while there are a few visitors, I don’t think anyone has mertner.com/allan as their home page

The people who visit the site the most are… spammers! I have tried to keep up wi…

It’s weird cuz on my server, authimage used to work, but after they upgraded to a newer version of php, and I upgraded to wordpress 1.2.2, it stopped working on safari (my browser of choice), even tho it still works on every other browser (at least on mac – haven’t tried PC yet). anyone have any thoughts about how to fix that? I’m using safari to leave this message right now, and it obviously worked….

I found out that you HAVE to make sure that the PHP delimiters are first and last in your authimage.php file, no blank lines above or below or the image is broken.

Picky Plugin Problems with WordPress 1.5-beta
Sigh. I was checking my WordPress plug-ins and discovered that GudLyf’s AuthImage does not directly work with the some of the more recent WordPress nightly builds. The comments code has changed significantly as they’ve moved most of the checking code…

AuthImage
The first step I’ve made with this blog was to install the captcha named AuthImage, a well regarded spam-bot blocker. AuthImage’s homepage is:
http://www.gudlyf.com/index.php?p=376

It occurred to me that maybe I should wait to get comment spam b…

AuthImage
Installation of the captcha named AuthImage

Loverly pluggin, thanks very much,

One small bug in the ‘phonetic test’ part of the plugin though (from the readme.txt)


<iframe src="< ? echo get_settings('siteurl')" ?>/wp-content/plugins/authimage.php?type=text" width="155" height="50"></iframe>


should be


<iframe src="< ? echo get_settings('siteurl'); ?>/wp-content/plugins/authimage.php?type=text" width="155" height="50"></iframe>


top job though!

Damn. sorry the code got stripped out by WP…

…basically, in the ‘phonetic text’ string, this:

('siteurl')"

should be this

('siteurl');

thanks again, sorry if someone else mentioned this, but i didnt read ALL of the posts above

spammers are getting around authimage somehow. I’ve had authimage running for a couple of months and recently I’ve been getting a ton of comment spam, they seem to be getting around authimage somehow. Is there anyway of figureing out how they’re getting around it?

Karl

I had authimage working fine with WordPress on MacOS X. Then I downloaded Apple’s security patch earlier this week that included a new PHP. Authimage doesn’t work now. Broken image link and when I go to ‘/wp-content/plugins/authimage.php?type=image’ I get a blank screen. The type=text works as expected, but I really want the image.

So, apparently something changed in my PHP but when I check for GD Support and FreeType Support it says they are both enabled. Is there anything else it could be?

Well, your plugin does a great job at our diary! Thanks a lot!

rumor has it that authimage doesn’t work with wordpress 1.5, so i’m checking it out! we’ll see now!

First I want to thank you for a wonderful plugin. I am enjoying spam free blogging now. Great job!

As for Karl (comment 270) I think in your case what you are seeing is trackback spam. AuthImage doesn’t handle it. One way to handle it is to enable the keyword filter which comes with WordPress.

Hi there!

This plugin is GREAT! However, when will it work under WP 1.5? The last nightly build broke it, even a fix that was available on another blog…

cheers,

oculos

As you can see, this plugin does work with WP 1.5, as this blog is using WP 1.5 now. However, I use the very latest CVS checkin, if that makes any difference. Also, there is one change you need to make that I need to add to the README:

In ‘wp-comments-post.php’, after this line:

$comment_content = $_POST['comment'];

Add:

$comment_code = $_POST['code'];

Then after this line:

if ( ” == $comment_content )
die( __(‘Error: please type a comment.’) );

Add:

if ( !checkAICode($comment_code) )
die( __(‘Error: please enter the valid authorization code.’) );

Also, make sure you Check the my-hacks.php legacy support under Options->Miscellaneous.

Gudlyf – my my-hacks has the sessions line, but Wordpress does not seem to like that, spitting out an error.

Well, what’s the error you’re getting?

Hrm. It seems spammers may be getting around authimage, but I’m not sure yet if it’s manually or somehow automatic. I’m testing it out and will report back when I find out how.

Typos in README.txt in step 4: missing semicolon after …siteurl’) in image edit; and double quote instead of semicolon after …siteurl’) in phoentic edit.

See, I’m running a version I downloaded yesterday, and it gives me this error:

Parse error: parse error, unexpected T_STRING in /home/mgateco/public_html/maneblog/wp-comments-post.php on line 36

Line 36 is

if ( !checkAICode($comment_code) )

Any hint?

See, I’m running a version I downloaded yesterday, and it gives me this error:

Parse error: parse error, unexpected T_STRING in /home/mgateco/public_html/maneblog/wp-comments-post.php on line 36

Line 36 is

if ( !checkAICode($comment_code) )

Any hint?

oculos — Did you make all the edits mentioned in Comment #276 above?

Spammers have just recently gotten around my auth-image 2.0.3 beginning the first of February, and are really starting to pile it on.

I don’t rightly know if it’s manual entry or a bot that has finally managed to decipher the images, so I think I’m going to mix up the code a little and see if the comment spam stops.

Hope you come out with an update to put these guys out again for everybody else

Gudlyf – yup, i did all the mods you suggested!

OK, I’d like someone who’s having spammers get by the authimage check to try something. Edit your authimage.php file and change any of the places that say “AI-code” to something of your own choosing and don’t let anyone know what you use. I’m guessing that spammers figured out the session key from looking at my code and are able to bypass it that way, but that’s only sort-of a guess. Try that and let me know the results. Thanks!

Dear Gudlyf,

See, I did again the steps. Now I always get the validation error inside the “die”, neverthless I typed the right code.

One thing that maybe is out of place is this:

3. Look for this in ‘wp-comments-post.php’:

if (strlen($url)

it works!!!!! The problem was that I was cutting and paste, so the ‘ character got pasted as ’. Now it works!

I didn’t add, though, this step from the README file:

3. Look for this in ‘wp-comments-post.php’:

if (strlen($url)

Er, there’s a problem with the cut and paste. Never mind, I just wonder if it’s necessary to follow that step 3 from the README file, as there’s no place to put it (I mean, there’s no if (strlen($url) there to add what you say is to be added.

Cool javascript to ask the code, btw!!!! How can I do that??

I just uploaded version 2.1. Enjoy.

This plug-in is a great idea! I have two questions:

1) When I uploaded all the files to my directory as instructed, there were three plug-ins in my WP plugin control panel, one of which was blank except for “Activate” in the far right column. Do I need all those plugins? If so, what’s the blank one?

2) When a comment is submitted without entering the code, isn’t there a way to remind the user the code must be entered before the comment is sent to moderation? If so, how?

Thanks!

thanks for the plugin!!
comment 215 did it for me after 2 night working

Just released version 2.1.1 after seeing my last “fix” didn’t work at all. Read my updated post above for more info.

I’m having the same problem as in #255 (no image, just the alt-tag text shows). Everything else is correct on the installation. Any solutions?

Also, the latest version of the readme states “…but you’ll need to use it in text mode. Read below on how to do that.”

There’s nothing below about that.

Gary — With what version are you having the problem? Try to go to the path of the image itself and see what errors appear.

It’s your latest version. Viewing source on the page shows NO img src path! src=”". Is there a variable somewhere to set for $authimage? I didn’t see anything in the readme.

You should see in ‘authimage.php’ there’s a variable $authimage at the top. That needs to point to the location of the file ‘image.veriword.php’.

Then, in your ‘comments.php’ file (or ‘wp-comments.php), you should have the line with global $authimage; ... in it. You have all that?

The line in comments.php is there, but there is not a variable line in authimage.php. I had downloaded the tar.gz package, and just went back to the plugin wiki and looked at the authimage.php single file there…no variable line in it either. Here’s what’s in the files I downloaded (before the function testValues):

ooops:

Well, can’t get the code to show up between and (without spaces).

ACK! Sorry about that. It’s fixed now if you re-download the package.

LOL…I hate it when that happens…
Works fine now. Thanks for the help (and for the plugin!).

Gudlyf, maybe I missed it, but I don’t see a response to my earlier comment (#291). Does your latest download solve what I addressed? Thanks!

Ken:

1) Make sure you only have an ‘authimage.php’ plugin in your plugins directory and get rid of ‘authimage-hacks.php’ and ‘authimage-alt.php’ if they are there.

2) Follow the directions in the README for enabling the JavaScript checking. It will popup a warning if someone leaves a blank code.

Thanks, Gudlyf. I decided to install your new version. After implementing the changes and went to my blog,. Instead of getting my blog, I got the following message:

Fatal error: Cannot redeclare testvalues() (previously declared in /hsphere/local/home/galen5/familywebwatch.com/blog/my-hacks.php:26) in /hsphere/local/home/galen5/familywebwatch.com/blog/wp-content/plugins/authimage.php on line 23

I don’t know if this is connected, but I never used the my-hacks.php file until I installed AuthImage. No problem there, but there’s quite a difference between the previous content you wanted copied in there and the latest content. So everything in the authimage.php file is now my-hacks.php file…nothing else because I don’t use my-hacks for anything else currently.

Your help is appreciated!

Ken — You need to only put what’s in the ‘authimage-hacks.php’ file into your ‘my-hacks.php’ file. That’s your problem.

Wow, version 3 of authimage is out already! Nice work.
I just upgraded my wife’s blog from a version 1.something.
Very simple upgrade with good instructions. Unfortunately, the stock captcha on the very first attempt is ABSOLUTELY illegible. I cannot make out a single letter. I wish you could see a screenshot it’s so funny. (All the letters hang off the bottom of the box.) Gonna take some tweaking to get this useable. Thanks for the amazing plug in. It’s a lifesaver. (At least a spam saver…)

It only took 10 minutes to get some legibility, rejoice!
Users, you can comment out wordart_angle and wordart_filter with double forward slashes in the file veriword.ini. Much better results. Now if I can just figure out how to make the letters straight. . . (i will report back…)

Silly me. Thanks!

A warning to those trying to get a more legible image — it will make spammers’ job all the more easier. See the link for “PWNtcha” in my post at the top to see what I mean.

Followed the directions about testing for the code being entered, but my form just accepts the comment without challenging the user to enter a code.

I’ll probably feel silly AGAIN, but feel compelled to ask because I think I’m following the directions correctly.

I had the same problem as Kate with the letters, but hacked the class.wordart.php file as well as the veriword.ini. You can get good results this way, but it’s largely a trial-and-terror approach!

Gudlyf, any suggestions to get around the problem mentioned in #183 above? My readers can post just fine, but I’m locked out of posting because I’m logged in, and the comment form info fields (including the code) don’t show on the page…and upon posting a comment I get the “wrong or missing security code” error. I suppose I could post from within the admin panel, but there should be a way to exempt logged-in users from requiring the code. I’ve tried to hack the comments template, but the code for logged-in users is pretty ingrained.

Regarding the problem with a logged in user not seeing the captcha fields (at least in 1.5), here’s an (inelegant, but effective) workaround:

Edit the comments.php template and insert a second copy of the code that shows the image/enter code field between
php if ( $user_ID )
…and…
php else
…that follows the section concerning a logged-in user.

In my case I’m the only one ever “logged in” so I’m the only one that sees this.

Never mind, Gudlyf. I found the part in the instructions I needed. Once I got to the “OR” part I bypassed the part I should have been looking for.

okay, spoke too soon.

I entered the modifications to wp-comments-post.php to make users enter a valid code, but now what’s happening is AuthImage is now making me enter a valid code even when I am entering a valid code. ???

Unless I missed a step in the README I have some concerns about how secure VeriWord is. First, the words.txt file can be read by any visitor since it’s uploaded to a web accessible directory. Second, the default word method is DictionaryWord with a default word length of 4. There are 218 words in the dictionary while only 48 have a length of 4. I would think this runs a good risk of a bruteforce attack especially since the dictionary file is in a web accessible directory.

I actually made my dictionary quite larger by doing this:

grep '^....$' /usr/share/dict/words > words.txt

That will give you roughly 2200 4-character words. Add one more dot to get 5-character words. This is on RedHat Linux, part of the words-2-21 rpm package.

Can I just tell you how cool AuthImage is? Now that I’ve configured things correctly, I haven’t received any spam since installing AuthImage.

Keep up the good work!

I tried using your hack and have followed all the instructions to the letter but am getting the error below:

Warning: checkaicode(authimage-inc/class.verificator.php): failed to open stream: No such file or directory in /www/htdocs/home-business-tips-newsletter/blog/wp-content/plugins/authimage.php on line 61

Fatal error: checkaicode(): Failed opening required ‘authimage-inc/class.verificator.php’ (include_path=”) in /www/htdocs/home-business-tips-newsletter/blog/wp-content/plugins/authimage.php on line 61

Can you please help. If possible send a solution to my email address.

Mal

Mal’s problem was with his .htaccess file not having the following line in it:

php_value include_path "."

Which can be in an .htaccess file within the plugins folder if you don’t want to override the setting elsewhere.

I’ve installed the latest version of AuthImage. Images are coming up broken and no temp files (I’m looking in /tmp) are being created. Help, please?

Cary — You obviously didn’t read the ‘README.txt’ file since upgrading. Please do that first. If you had read it you would’ve known authimage doesn’t use temp files anymore.

I did read the authimage’s README.txt, it doesn’t say anything about whether temp files are used or not.

Just to be sure I re-read and grep’d case insensitively for the words ‘temp’ and ‘tmp’, nothing about temp files.

So, temp images aside, I’m not getting an image displayed with the code input. I right-clicked and did a view image and get a white screen, no errors, no image.

Any help or suggestions you are willin g to give would be appreciated.

Cary — Did you turn on PHP error reporting? See comment #129 above.

Yeah, they’re on. I tested this by putting a short PHP file with some bogus code in it in wp-content/plugins and wp-content/plugins/authimage-inc and loading it directly.

Okay, I got it working. The problem revolved around a couple things: it wasn’t finding the fonts and the stock GD on fedora core 1 doesn’t have gif support (and all the noises are gif, d’oh).

I fixed the first by adding the full path to veriword.ini; and the second by hacking the extensions array to only contain ‘png’ and converting all the noises to png with ImageMagick’s convert.

So, the issues were all with veriword, not authimage itself.

Whew.

Oh, and the veriword authors made pervasive use of ‘@’ in front of most of their image calls, which resulted in many error messages being surpressed. :-p

I’ve got no code image displayed as well, only the alt-text. When I go directly to the image.veriword.php file it says this:
setConfiguration(); $vword->setCaptcha(); $vword->outputImage(); ?>

I have to mention that I deleted the session_start(); stuff from my-hacks.php as I got a huge bunch of errors with it in it.

Any ideas?

Ok, I fixed the problem in the meanwhile. I had set “short tags” off and so the file wasn’t parsed by PHP correctly.

But I found a little bug:
In the class.captcha.php file, line 78, the 2nd parameter should be long, not string, otherwise it can cause an error message (depending on the error behaviour settings of the server/PHP).
Here is how I fixed that line:
$imword->setTextAngle(rand(-$this->wordart['angle'],intval($this->wordart['angle'])));

I hate to be the one to say this, but the texas holdem and virtual poker spamments are already getting past my v3.0 installation. Any chance someone can post the extended word list Gudlyf was talking about?

The problem is that, as someone pointed out, it may still be possible to do brute-force attacks, especially if I post the list of words I use. Then all the spammers would have to do is run down the list trying every word. It would be a LOT of words to go through, but they may get the word. Another option is to turn on the randomizing feature of Veriword, which will display random letters like the old AuthImage. But then it may make it too hard for real people to post.

Try adding your own words to the list, too.

I also had to give the full path in the .ini files to get the text to show. Once I did that the words started to show up.

I have a little problem in finding the proper files to edit. I am using Wordpress 1.5 with a single design template (I was using these update instructions: http://codex.wordpress.org/Upgrade_1.2_to_1.5 ). So in my theme directory, there are only the index.php and the style.css. Where is now the comments.php located I have to edit?

I get the the background image but no text appears, am I doing something wrong?

I have the same problem – background image and no letters…and I checked via Putty and have Freetype and GD.

This is the second attempt to install this!

I don’t know if anyone else has had this problem, but I was stuck for ages because I upgraded from Wordpress 1.2 to 1.5 – made the changes to my comments.php file (changed the name etc.) according to Podz upgrade instructions, and my comments wouldn’t work at all. So I replaced those two files in my ‘MyTheme’ folder with the ones from the ‘Default’ folder. And then when I went to edit them to make them work with AuthImage, the lines of code that the AuthImage README file instructed me to edit or add to weren’t there. If anyone else is stuck with the same bafflement – I’ll post how I fixed it here. I am a newbie, so it was just sort of trial and error. It works now though!
;o)

Recently, a few spammers have been able to get around AuthImage in my blog. They’re ability to circumvent the system seems to be growing as I continue to get spam in increasing amounts.

Anybody else have this happen to them? Any ideas on what I should do or if I should consider using something in tandem with AuthImage? Maybe SpamAssassin or something else?

Are the spammers getting through the latest version of AuthImage? If so, they may be getting through via brute force (i.e., trying every word in the list I provided). You may want to add a few words of your own to the list or turn on the randomizing feature.

If you’re only getting a few comments here and there, it’s morelikely someone’s manually getting past and a person is entering the code. I’ve seen a few spams get through that way.

Gudlyf, I set Veriword to Random, rather than Dictionary, but I still get spamments. Certainly, it’s better than it was before (I get perhaps 20 in one go, as opposed to hundreds). I’m not sure if it’s a somewhat-effective reader or a manual entering.

Yes, it’s v3.0 I’m using. I’ll try adding a few words to the list, or maybe change the list all together and see if that stops them. Thanks for the tip!

no luck with this plugin on the new 1.5 version of wordpress. I have done everything to a T. When I test the plugin, it looks as though its working, but i’m still getting spamn now. Any ideas. I thought maybe it was because of the themes folder now. Maybe all the files in in all the themes folders need to be eddited??

I installed AuthImage 3.0 last night and woke up to 60 spams in my moderation queue. I don’t know what is going wrong! I will try setting it to ‘random’ and adding in some more words.
(

I just upgraded my Kubrick template to v1.2.6. When I tried adding the modifications you recommend to the wp-comments file, the file itself is just different enough to not make sense when tryiing to follow your instructions. The “X” that you want users to look for in the code no longer corresponds to what is seen in the file or at least its placement.

Since Kubrick is so widely used, I thought I’d point this out to you in case you could (hopefully?) provide an update with your instructions?

De como llegar a perder el tiempo sin ni siquiera proponerselo

Todo el mundo conoce que es el SPAM. Hoy d�a, s�lo hace falta que abramos nuestro buz�n de correo electr�nico y nos invada una ingente cantidad de basura (o mierda, como quiera llamarse) que hace que quien no tenga alguno de esos programitas especiales…

Also, the plugin seems to be invalidating my XHTML. Any chance of this getting fixed?

Heliologue — I’m not sure what would make it non-compliant. If you followed the README correctly, I think it should be fine. Let me know what specifically you think needs fixing.

I’m getting a lot of complains from my human friends after upgrading to wordpress 1.5 and the latest veriword based authimage. I’ve been trying to respond to these complains. I got rid of most of the more obnoxious backgrounds. I changed the config so it uses lower case. I hand edited the wavy filter to be less aggressively wavy. (It’s a real pain when it drops chunks of the text outside the box.) I doubt I’ve gotten the pain point low enough; but it’s a bit better.

In any case … thanks for doing the work!

I am also having troubles to get the image to show.
I get this error message when I try to load the authimage.php directly:

Fatal error: Call to undefined function: get_settings() in /home/t/tascha.ch/public_html/wordpress/wp-content/plugins/authimage.php on line 13
which means this line:
$authimage = get_settings(’siteurl’) . ‘/wp-content/plugins/authimage-inc/image.veriword.php’;

When I load the image.veriword.php directly I get a blank page and I am not sure if THAT is the problem (I am not very familiar with php so I woulnd’t know where to adjust the path to the image file if that is the problem).
I am using WP 1.5 and the latest authimage download.

I’m having the same problem many of you seem to be having with everything installed correctly, but no image showing up, just the alt text “authimage”. Here’s what I’ve found so far.

GD and FreeType are both enabled.
my-hacks.php is installed and turned on.
Installation instructions have been followed.

View source usually shows the tag to have a src=”" – which indicates that the
" width="155" height="50" alt="authima
ge" /> is not getting executed properly.

Browsing directly to authimage.php gives an error with get_settings(site_url).

Replacing that call with the full prefix (http://www.blah/wordpress/) then results in an error near the end of the file for the add_filter() function.

Commenting out the add_filter() function results in the page coming up blank. Passing in ?type=text or ?type=image on the url gives an error with createAICode() being undefined.

Browsing directly to wp-content/plugins/authimage-inc/image.veriword.php?width=200&height=80 gives the same blank page, no errors.

Browsing directly to wp-content/plugins/authimage-inc/test.wordart.php displays.

Browsing directly to /wp-content/plugins/authimage-inc/test.captcha.php displays.

Browsing directly to wp-content/plugins/authimage-inc/sample.php gives a broken image. Viewing the image directly results in a blank page, no errors.

This in on apache-2.0.53 with php-5.0.3, wordpress 1.5 and eaccelerator-0.9.2a, and a 16MB memory limit

Disabling eaccelerator had no effect. Increasing PHP’s max memory usage per script to 64MB had no effect.

Gudlyf: When activated, the plugin puts this in my HEAD:

function testValues (form) {
var author = form.author.value;
var email = form.email.value;
var code = form.code.value;
var comment = form.comment.value;

if (author.length

W3C complains that the ‘>’ in the if statements are delimiters but occur as data.

Er, all right, my comment didn’t display properly. Let’s try that again:

if (author.length

Amazing. I just read your comments about how easy to hack authimage. I think I should change my pLog authimage implementation, too.

Mark

Thanks for the cool plugin!

There is a problem somehow. It works great before clicking submit comment. By submitting it, WP 1.5 will say “Sorry, no posts matched your criteria.” It just won’t reload the previous post.

Everything in the README.txt has been done, and carefully treble checked.

Any suggestion?

Bye bye comment spam!

Finally I took the step to get rid of comment spam without time consuming moderation, which I have been doing so far.

My quest first started with a simple solution – moderation of all comments.

Recently I started getting over 600 spams daily! Thi…

Bye bye comment spam!

Finally I took the step to get rid of comment spam without time consuming moderation, which I have been doing so far.

My quest first started with a simple solution – moderation of all comments.

Recently I started getting over 600 spams daily! Thi…

Would anyone here be interested in converting (or using if I converted it!) a version of this plug in based on this … http://www.iross.net/csscaptcha … I might be the only one that thinks it but it looks like a pretty good way to me

Ross — Hm, that is an interesting idea. I do wonder though how easy a bot could defeat it. It may be a good idea for someone to try it out and see if any spam gets through.

it can be easily processed with OCR, but it would have to render it first, it would certainly involve a new breed of bot – one with a rendering engine…so it would work for a while at least (and so long as it wasnt used on anything too high profile – it would probably be more hassle than its worth for the bot developers. My intention is to add a abit more randomisation into the css stuff so that it could never be decoded just by learning the markup for each character

nice plugin, but unfortunately it isn’t XHTML strict. the javascript in the head doesn’t validate (it does when the validator is set to ‘transitional’, but not if it is set to ’strict’).
too bad, but keep up the good work! :-/

I have read every comment and cannot find a simple answer. I keep getting the error message that I am not entering the correct auth code when in fact I am. I have followed the read me exactly (several times to the point of reinstalling my blog to before authimage and starting over) and nothing works. I always get the message that the code is incorrect. This is version 3 of authimage and version 1.2.2 of word press. Help will be greatly appreciated.

Kleine Updates

So eine kleine Änderung am Kommentarsystem, ich benutze nun Authimage in der Version 3.0 und hoffe es läuft alles. Bitte testet die Kommentarfunktion!

Nach Berlin gehts jetzt doch nicht vor Mittwoch, so is das halt mit den Spontanbaustellen

Plugin looks fantastic, but…I don’t seem to have a wp-comments.php file. Is that a problem?

I figured out my problem with the non-displaying images. Turns out my gd was pre-2.0.26, which is when gif support was added back in. The scripts assume that gif support is available.

If you can’t recompile php+gd, it’s pretty simple to alter the 2 class files to eliminate calls to gifs.

Authimage was working fine on my old server but since I changed to Cpanel I cannot see the image in spite of the path being correct.

After turning on php errors per post above I am getting this error when I go to image path:
Fatal error: Call to undefined function: imagettfbbox() in /home/homebu31/homebu31-www/blog/wp-content/plugins/authimage-inc/class.wordart.php on line 128

Please help, I can be contacted by email, mal @ freeadvertz.com

I notice strong anti-aliasing artefacts around the letters. Between the background and the letter there is a dotted line of white pixels that could help crack-programs to guess the letter.

I’m using v 3.0, logged-in users can not post comment because it says:
Error: please enter the valid authorization code.
Where did I go wrong?

Those aren’t anti-aliasing artifacts. That’s an intentional border around the words (deformed just like the words are) that allow the text to be read even when the background color is very close to the text color.

wordpress authimage captcha tips

You may have noticed the images that appear on the comments form that contains a code that you must enter (in addition to being registered), for your comment to be successfully saved. This is called a “captcha”, and it’s a method of blocking automa…

The free host I’m using now provides PLENTY of space and bandwith, non-intrusive ads, php… the whole nine yeards.. well maybe only 5 yards: there is no GD installed, no image manipulation package, and no plans to rectify the situation.

Is there a PHP application one can install into shared hosting WITHOUT root access, and no shell access to provide image handling features for WordPress plugins to generate CAPTCHA images?

your instructions fail to provide directions on how to insert the image code into the (theme) comments document. Trial and error, and peeking at the source of THIS page sorted it out, but you might consider adding it to the readme.

Anyone still getting comment spam? I am still getting well over 100 comments a day with authimage. Any ideas out there. They are all in the moderation que but I would like to be able to stop them if possible. Anyone else have this problem and a solution?

Are you sure it’s not trackback spam you’re getting? AuthImage doesn’t prevent that.

I appreciate your help. I never even considered that. I am so new to this and am still pretty clueless with programing. I installed a trackback spam plugin just to be sure. It should help nonetheless. Thanks. I always get the help I need here.

[...]

Spam protection
May 4th, 2005

I’ve just installed AuthImage, a nice wordpress-plugin to prevent spam comments. From now on you’ll have to enter a rando [...]

[...] ton appears on the tool bar in all editing screens. Very cool. The last one I updated was AuthImage. AuthImage is the plugin that generates the little images with the security code [...]

I tried v3 on my freshly re-installed wp1.5.

However, I can’t see the authorization images but pressing submit will tell me that I’m supposed to enter it.

I’m using the default theme based on kubrick

I’m the same guy above.

The error message is “Error: please enter the valid authorization code.”

But I don’t see the authorization code.

[bonks myself in the head]

I forgot to enable comments in WP.

urghk. now i see the authorization code but i still gets “Error: please enter the valid authorization code.”

And if I’m logged in, I still can’t see the authorization code at all.

Only users can see them.

[...] mmer, die anscheinend ihre neuen Spam-Skripte testen. In Wordpress hei�en die Plugins z.B. AuthImage oder Trencaspamer. Bei mir habe ich Trencaspamer ein [...]

http://www.adams.com.bs/captcha/authimage-inc/sample.php

See the above link. I have installed ver3 in the captcha directory. Please tell me what I have to do next to get a working contact page like yours. Thanks so much for your assistance. I think this is by far the best captcha implementation available and looking forward to using it.

Jason Adams

[...] er. Instructions in the readme file were clear and concise. AuthImage’s homepage is: http://www.gudlyf.com/index.php?p=376 What the program does is load an image with graphically embedded cha [...]

My authimage install to WP1.5 seems to have problems. Neither the entry-form nor the code appear on the comments page. I wonder if the problem derives from a problem with the Authimage “ReadMe,” which says in step 2 that I should insert some code after a line in my theme’s comments.php file. The ReadMe asks me to insert code after the line:

URI”); ?>

But my template (and WP’s default template) don’t include such a line in comments.php. The line I find in my comments.php is rather:

Website

Should this make a difference? Am I looking at the wrong file? Or is there some other reason the code and enry box won’t appear on my comments screen? Thanks for any help.

I just realized that the box and code are only hidden for logged in users. Perhaps the code discrepency I noted in 385 is to blame, or maybe its that I have post-level plugin installed (though disabling it doesn’t seem to help). I do see however that some others here have also had trouble with this.

Authimage is a fantatic plugin, and I do hope this small problem can be fixed.

[...] t ein neuer Spam Kommentar in meinem Blog ein. Um diesen Unsinn zu stoppen, habe ich jetzt AuthImage installiert. Wenn ihr in Zukunft Kommentare schreiben wollt, muesst ihr mittels eines Captchas be [...]

[...] ey out of doing this. Update: Ha ha ha! Take that, spammer bastards! I’ve installed Gudlyf’s WordPress Hack, which requires users to input a code before leaving a comment. This means 15 [...]

[...] p://ryanduff.net/projects/wp-contactform/ http://ryanduff.net/wp-plugins/wp-contactform/ AuthImage http://www.gudlyf.com/index.php?p=376 Content show/hide more http://www.scriptygoddess.com/archives/2004/05/20/show-hide-more-with-wordpress/ Auto-Clo [...]

[...] p://ryanduff.net/projects/wp-contactform/ http://ryanduff.net/wp-plugins/wp-contactform/ AuthImage http://www.gudlyf.com/index.php?p=376 Content show/hide more http://www.scriptygoddess.com/archives/2004/05/20/show-hide-more-with-wordpress/ Auto-Clo [...]

[...] he post. See them in action at the end of every post on this page. Lastly, have added the WP AuthImage Hack. Creates an authentication image (or phon [...]

[...] rribly difficult to do, but it’s still a pain and certainly annoys. There’s a WordPress plugin for CAPTCHAs that I should look into. (CAPTCHAs are the wei [...]

It’s a Unix gzip’ed tar file, which I believe should open in WinZip, but I haven’t tested the code on Windows. Perhaps if you try downloading without the accelerator?

[...] I also added the AuthImage hack, which generates some random text in an image and requires the user to enter it to post a comment. It’s not “accessibility-friendly” but for now it’ll have to do. 05 November 2004 Tags: General Tags: comment spam, wordpress [...]

Noticed a warning at the top of my pages after installing and activating AuthImage. The plugin is working fine (a refresh removes the warning), but on each initial page load I receive the following:
Warning: ob_start():
output handler ‘ob_gzhandler’ cannot be used after ‘URL-Rewriter
in /wp-includes/functions.php

A temp fix has been to disable gzipping of output, but I haven’t been able to figure out a perm fix.

Hello – excellent plug-in, if it wasn’t for AuthImage, comment moderation would suck. Would only move the javascript into an external file for validation purposes. Thanks again!

[...] AuthImage Creates an authentication image to help combat spam in comments. [...]

[...] Mal sehen was es für tools dafür gibt, ich dachte an etwas wie AuthImage (Captcha) es hat aber sehr uncoole Farben. Mal sehen ob Spam Karma etwas taucht. [...]

[...] Nu is er echter een geschifte computernerd die het in z’n hoofd heeft gehaald ook deze hack te hacken en alle WordPress blogs die gebruik maken van deze plugin te spammen met reclame voor zijn WP-plugin tegen comment-spam! [...]

The plugin works absolutely great. Thanks a lot, Gudlyf!rnI have one question though: Is it possible to enable the CAPTCHA for logged in users as well? Or perhaps use it in the user registration form – just two days after I installed Wordpress I’ve already gotten one automatic registration.

My users are complaining that ppl who are “recognized”, aka, they just left a comment, do not see the Authimage box when they go to enter another one. I will test that here.

[...] I was getting so much SPAM in my blog (sometimes more than 100 spam-comments in a day) that I had to install AuthImage. I recommend it to everybody with spam-problems in wordpress blogs. [...]

[...] De vez en cuando recibo un mail de alguien preguntándome cómo he conseguido que WordPress haga tal o cual cosa. Y la respuesta suele ser la misma: los plugins. Es decir, esos pequeños añadidos que se pueden acoplar a WP y que crecen como champiñones gracias a la dedicación de programadores y aficionados de todo el mundo. Pues bien, los que yo utilizo son los siguientes:Spam Karma 2 WebSi hay algo indispensable en cualquier instalación de WordPress, se trata de esta extensión. El antispam por excelencia. Combina varios sistemas de filtros, captcha y listas negras para detectar los molestos comentarios basura. Y lo consigue. Es cierto que en ocasiones da falsos positivos, pero con la versión 2 estos son menos frecuentes que con la anterior y, además, es mucho más sencillo recuperarlos. Requiere WordPress 1.5.1Backup Restore Web Otro plugin obligatorio. De instalación muy sencilla, nos da la opción de hacer copias de seguridad de nuestra base de datos y de todos los archivos que se encuentren en el directorio de nuestro WordPress. Es algo que todos los que usamos este CMS deberíamos tener instalado.WYSIWYG II Web El tercer plugin con el que toda instalación de WP debería contar. Suple la gran carencia de nuestro gestor de contenidos: una ventana de edición gráfica, es decir, en la que escribamos como si fuese un procesador de textos, y no el bloc de notas. Incluye un excelente gestor de imágenes. Aunque funciona correctamente con Firefox, en el navegador de Mozilla tiene algunos comportamientos extraños en el tratamiento de las imágenes, sobre todo.WeatherIcon Web Lo que hace es recoger la información que publican las estaciones meteorológicas de todo el mundo y traducirla a una imagen y a lenguaje ordinario. Lo uso para mostrar en mi barra lateral el tiempo que hace en la Bahía de Cádiz, según la estación de Rota. Aunque las instrucciones de instalación sólo vienen en inglés, la configuración y el interface traen traducción al español.AuthImage WebEs el captcha, o codigo de verificación, que aparece en el formulario de comentarios. Lo instalé antes de usar SpamKarma y por pereza nunca he llegado a quitarlo. Vosotro podréis decir mejor que yo qué tal funciona a nivel de usuario. Por mi parte diré que tanto su instalación como su uso son complicados, pero que funciona bastante bien. Se le escapan muy pocos spams, y éstos son siempre detectados por SpamKarma. Sin embargo, creo que dificulta innecesariamente la labor a los lectores. Incluye una completa guía en pdf y permite añadir tramas y fuentes. Todo ello, si uno sabe inglés, claro.monthchunks WebEl archivo mensual de un blog es tan necesario como molesto. En mi opinión pocas cosas son tan antiestéticas en una bitácora como una barra lateral llena de meses y años. Para solucionarlo, este plugin. Fijáos en mi página de inicio y veréis el resultado. La instalación no es complicada si se domina la lengua de Sherlock Holmes.Show recent comments V2 WebIgual que antes, podéis ver el resultado en mi barra lateral. Muestra los últimos comentarios de nuestros visitantes.Related Posts WebElabora una lista de artículos relacionados según concordancia del título, contenido y palabras claves elegidas por el administrador. Los resultados se pueden insertar al final de cada post. Es muy útil, sobre todo, para los lectores, y también ayuda a fidelizar a los visitantes casuales.Spoiler Plugin WebAñade una funcionalidad de la que WordPress carece, pero que es muy necesaria para los que escribimos sobre cine o literatura. La de poder ocultar un determinado texto y permitir que el lector lo descubra a voluntad. Podéis ver un ejemplo aquí.Los siguientes no son plugins que use aquí, pero sí en Planet Blogaditas.FeedWordPress WebCovierte tu blog en un sindicador de contenido, o reblog. Lee automáticamente los feeds RSS y Atom que tú le indiques y publica su contenido como posts de tu blog. Es muy útil para hacer los famosos planets, en los que se recopilan todos los posts sobre una determinada materia o, sobre todo, pertenecientes a un ámbito geográfico. Como ejemplo, podéis ver el citado Planet Blogaditas. Permite crear identidades de usuario para cada blog, crear categorías automáticamente… y va creciendo.RSS Fetched Link List WebReproduce los titulares y las primeras palabras del contenido del feed RSS de tu elección. No los almacena como posts, simplemente los muestra donde tú le pidas, y los va actualizando automáticamente. Como ejemplo, también en Planet Blogaditas, fijáos en las noticias locales de la barra lateral.Para terminar, un par de plugins que no logro que me funcionen, pero que estoy seguro de que lo harán algún día:WP-ContactForm WebTeóricamente, permite crear un formulario de contacto. Lo he visto en otras webs y les va muy bien. Pero yo no logro que termine de ir… Seguiremos intentándolo.Sidney’s Google Sitemap Generator WebDebería generar un feed con el que informar a Google Sitemaps de las actualizaciones de nuestro blog. ¿Lograré que lo haga de verdad algún día?Pues eso es todo por ahora. Mantendré este post actualizado de las nuevas incorporaciones a mi lista de plugins. Mientras tanto, os invito a que añadáis los que penséis que pueden ser interesantes mediante los comentarios. Si queréis probar más, sabed que todos estos y muchos más los podéis encontrar en WP Plugins.Alberto Alvarez-Perea [...]

[...] I just found this plugin that provides CAPTCHA support for commenting in WP. Don’t know if I’ll install it or not. [...]

I like AuthImage, but I’m having two problems with it.

1. When I (an admin) am logged in to my blog, the image doesn’t display, but if I try to post a comment it throws an error that I didn’t enter the code.

2. The codes are often unreadable. The codes on http://www.trinitas-in-unitate.org/ (perhaps an earlier version?) are much easier to read.

[...] AuthImage Creates an authentication image to help combat spam in comments. [...]

[...] I managed to break the comments system on this blog yesterday too. I’ve been get shed loads of comment spam, so at least it put a stop to that for a bit. I was trying to get Gudlyf’s Authimage thing working, but there seems to be a problem with it. No time to find out what the issue was though. Maybe I’ll have a chance this week. [...]

[...] AuthImage [...]

Just installed the plugin on my Wordpress (v. 1.5.2). A few comments on the installation file:

In Step Two:

This is listed for a search parameter:

<label for=”url”><?php _e(“<acronym title=”Uniform Resource Identifier”>URI</acronym>”); ?></label>

However, since WP 1.5+ has the code in each theme’s setting, rather than a global setting, the text between the labels may be different if you’re using a non-standard theme. Perhaps a comment recognizing this would be helpful for those of us users who are slower on the uptake.

In Step Three:

This is listed for a search parameter for WordPress 1.5+:

$comment_content = $_POST['comment'];

However, in v. 1.5.2, it is actually this:

$comment_content = trim($_POST['comment']);

Small difference to the eye, large difference to a search program.

In Step Four:

This is listed for the addition in WordPress 1.5+:

if ( !checkAICode($comment_code) )
die( __(‘Error: please enter the valid authorization code.’) );

but it should be:

if ( !checkAICode($comment_code) && !$user_ID )
die( __(‘Error: please enter the valid authorization code.’) );

Otherwise the code wants an authorization code you aren’t prompted for when you’re a registered user.

Anyway, now that the plugin is installed it seems to be working great. I recently got listed as a link on a popular blog, and I was literally getting 5-10 pieces of spam an hour. Since installing AuthImage, I haven’t gotten one piece. So, great job and thanks for the plugin!

[...] Now as an extra line of defence I’ve added a captcha to the comments form. I used the AuthImage plugin for WordPress with a couple of treaks to the veriword.ini to make the image a little more readable. I’m still not 100% happy with it, it still generates unreadable images at times, but most of the imges are very readable so that will have to do for the moment. [...]

After months of using authimage with no spam I have actually started getting some the past week. I have tried moving the fonts/noises/words stuff out of the plugins area to make it so they are not downloadable. I have added a new words.txt with more words, increased the number of characters, changed settings in the veriword.ini, and they are still able to spam me. Any suggestions, or has authimage been cracked?

I’ve finally got it working, V3.0 with Wordpress 1.5.2, great plugin, THANK YOU.

I don’t know how this happened, but the authimage.php file that I downloaded did not contain the line that sets the value of $authimage; after some searching around I discovered that. I downloaded the .gz version and that had the line in authimage.php file

You know, the scary thing for me, is that while I’ve had this installed for a while and it worked great, now it appears that captcha decoding software seems to be able to get through the captcha and I’m sifting every day through sea of comment spam that gets caught in my “Comments to Moderate” in 1.5.2.

Anyhow, got any better ideas on how to fight back ? I already have the captcha set at 8 letters but I’m still getting about 2-3 spam comments per hour I need to moderate out of existence (though they never seem to hit the main site).

Would love some advice. I’ve got a post talking about the problem at :
http://www.wakatara.com/blog/archives/2005/09/28/the-comment-spammers-strike-back-again/

[...] Då finns det ingen risk att de når sina mål att bli listade på Google genom min försorg i alla fall. Men nu börjar jag tröttna på att sitta och radera dem också. Tog bort 17 stycken igår! Gör därför ett försök med ett plugin, AuthImage, som innebär att man måste fylla i en antispamkod när man postar. Det är emellanåt väldigt svårt att se orden som består av slumpmässiga engelska ord mellan 3-10 bokstäver. Dessutom var bakgrunderna väldigt mörka, och det gjorde inte saken lättare Har nu ändrat på intesiteten/kontrasten på bakgrunden. Under dagen?? kommer jag att ersätta den engelska listan mot svenska ord för att förenkla tolkningen ytterligare. Så posta gärna kommentarer, om du klarar av att gissa det engelska ordet förstås [...]

I get lots of complaints about the image being unreadable (I must have a lot of color-blind commenters?). Can I just replace the noise images with other images on which the words will show up better? Will I screw up anything by doing so?

Hi,
you destroy your PHP-Session completely. This is not very nice if somebody wants to use own session-data. Instead of this I would recommend to replace this in checkAICode:
[code] session_unset();
session_destroy();
session_start();
[/code]

with this:

[code] unset($_SESSION[$sess_key_name]);
[/code]

This should only reset your own session variable and will leave other’s variables alone.

Regards Marian

[...] WordPress Hack: AuthImage [...]

[...] AuthImage [...]

Hi all,

Is there some working instructions for installing in 1.5.2? I’m sorry, I’m really a noob at this and its driving me nuts. 152help[atsign]trashmail[dot]net

There are way too many confusing notes in the readme for authimage for non-coders. If you have time would you consider updating the directions for those using the current wordpress build? Or break the directions into one set per version of wordpress addressed? thanks.

[...] El plug-in se llama AuthImage, basado en Veriword, un script CAPTCHA, para evitar los bots haciendo introducir una palabra. Según me he estado informando no valdria una imágen cualquiera ya que puede ser facilmente averiguable por los mismos spamers. Para instalarte un plug-in de estos necesitas las librerias GD y FreeType, que los responsables de mi hosting amablemente me ha instalado en pocos minutos. [...]

[...] Although wordpress does a good job out of the box keeping spam off my blog, I still get an email every time someone tries to post a comment (spam or not). Lately the spammers have been more active so I installed the AuthImage wordpress plugin and things seem better already. [...]

[...] A good friend of mine pointed me in the direction of AuthImage, a neat plug-in for WordPress that makes the person commenting on a blog entry manually enter a code generated as an image. Whilst this should deter automated spamming systems, people can still post junk to your blog – although the volume should hopefully be lower. AuthImage requires some hacking of your WordPress install to get it working, so it’s not recommended for complete beginners. Another flaw of the system is that the image of the code is impossible to read, but refreshing the comment page usually rectifies this. [...]

Thanx for taking the time developing this plugin. I installed everything and got it working on my server. But not without a little bit of confusion.

Initially I set everything up, went to a comments page, and didn’t see any field at all.

Then I realized that the
“Users must be logged in to comment” option must be disabled for this plugin to work.

It would be nice if in your installation you included instructions on how to install this if the user IS using the option “user must be logged in to comment” to further enhance security.

Just my two cents…

Thanx again for the plugin.

I follow all the instructions given and been able to install the plugin successfully.Great feeling!

[...] AuthImage [...]

[...] 02/02/2005: Installed captcha to help solve comment spam problem. [...]

[...] Last July, to combat comment spam, I setup image authentication for commenting using the authimage plugin. It has been working quite well. I haven’t gotten any comment spam, except for maybe this one. [...]

In my Authimage-form I can type any word and the comment will posted.
What is wrong sir?

Sorry I was to fast – work fine!

since i updated to wp2.0 authimage is useless. it is shown, but it seems that it would no longer be cheked if it’s entered or not.
is it just my prob or r there other with same prob?

[...] AuthImage 產生驗證圖片，留言前必須要輸入正確的驗證碼。在WP 2.0中依然可以順利使用，安裝方式也是一樣與WP1.5不變。 [...]

Great relief because of this plugin. I would like to see more readable captchas though.

If logged in users bugged by the fact that they are not presented with CAPTCHA but still are given errors about missing code while posting comments, can rectify the problem with this small fix:

Look for the following lines in wp-comments-post.php:

if ( !checkAICode($comment_code) )
die( __(‘Error: please enter the valid authorization code.’) );

and change them to:

if (!$user_ID && !checkAICode($comment_code))
die( __(‘Error: please enter the valid authorization code.’) );

Disco: Yeah, I encountered the same problem until I realized that I had to remodify the code in the WP files.

Follow the instructions in the README file, but with a few modifications (see my comment here).

That was for WP 1.5.2, here are a few more modifications for WP 2.0.

Step Three:

The spacing in my comment seems off, so I’m going to try to do it right this time. If you still have problems locating it, just search for $comment_content.

$comment_content      = trim($_POST['comment']);

Replace it with the same code as in the README file. Also, do NOT copy/paste anything from my comment into the WP file; copy it from the README and modify it by hand (there are few formatting issues caused by the blog here).

My code works perfectly now. Good luck!

thx, now it works. maybe you can edit your readme’s. one for wp1.5 and one for WP2.0 where this issue is underlined ^^

[...] Fields gives you extra info on your posts. – Live statistics shows you stats on your visitors Trackback· [...]

[...] Kembali ke masalah plugins AuthCSS ini, sama kayak activate plugin AuthImage bikinan Keith McDuffee, ada yang harus diubah pada templetnyah. di antaranya adalah, nambahin textbox untuk input value authentication code-nyah di comments.php dan validasi input di wp-comments-post.php. [...]

[...] Still one or two were getting through. On the offchance that this would increase again, I installed Gudfly’s Authimage. This is a Wordpress plug-in which displays an image with some random text that the commenter has to enter in order for their comment to be submitted successfully. [...]

[...] And I found this really impressive spam prevention : Akismet. Not the slightest clue what this word means, but oh, do I LIKE it! It filters spam greatly – though it still needs your attention if you want to ensure no good comment slips into the pot. For this reason I again installed AuthImage which will reduce automated spam all by itself by at least 95%. [...]

[...] Gudlyf’s World » WordPress Plugin: AuthImage [...]

[...] I’ve added CAPTCHA to the site using Bot Check. Although it does a less thorough job of scrambling the image than the AuthImage plugin, I was uncomfortable with the number of changes I had to make to WordPress to make AuthImage work. (If you install Bot Check, be sure to read down in the comments for a change you need to make to it for Wordpress 2.0 and later.) [...]

[...] Hasta hará cosa de una semana el spam en forma de comentarios, trackbacks, pingbacks y demás métodos era prácticamente nulo en UnBlogMas. La poca basura que iba llegando era filtrada perfectamente por el plugin de Wordpress AuthImage que instalé y que generaba una pequeña imagen con una palabra que se tenía que escribir en un campo del formulario para demostrar que era un humano el que había escrito el comentario y no una máquina. Es decir, un sistema CAPTCHA. Eran tiempos de paz. [...]

Hi. I get a lot of spam too, and I have tried to install this utilty, with no luck sadly :O( .
I have read most of the comments, where I can see that the README.txt hasn’t been made for my version af WP (1.5.2), I don’t seem to be able to edit it the right way, does anyone have a modified README.txt for WP 1.5.2 that I can get a copy of, please…?
I would appreciate it very much..

[...] UPDATE: Unfortunately, Spam Karma does not play well with this plugin. For those seeking an alternative, I recommend AuthImage. *crossing-fingers* I have never been spammed with it–ever. [...]

[...] OK, I’m trying to uninstall this Authimg (captcha) plugin and I’m getting errors. (YES, I deactivated the plugin when I did it.) Anyone know how to get rid of it completely without screwing anything up? Don’t tell me to work backwards from the installation, because 1) I didn’t do the installation, and 2) that’s exactly what I did–worked from the installation instructions (which I understand now) to back out of it. No good. Sorry, y’all, it’s still an active plugin until I can get rid of it and find something a little easier for human eyes to read. I know, I know…everyone hates it. So I’ve heard, about a thousand times. Believe me, I hate it more than y’all do now. :sigh: [...]

Great plugin! I’d like to see an accessible version (giving an option to play a word perhaps) someday so blind readers can still comment.

Hi…I try to install this plugin.
but this plugin can’t make right verification, i don’t know why.

if i see the code verification ABCF and I put the code AAAA or XXXX or YYYY what ever, the comment passed to database/comment system.

tried to look source code. and I found this :
function testValues (form) {
var author = form.author.value;
var email = form.email.value;
var code = form.code.value;
var comment = form.comment.value;

if (author.length

I saw big different here…
at this blog I saw :
if (code.length

[...] In an effort to keep improving SporTech Matter I am always looking for new scripts and plugins to implement on the blog. I decided to disable my Spam Karma plugin in honor of Word Verification. I know some of you probably hate it but I have found it works much better and also works nicely with my new Ajax Commenting script. You will notice now when you make a comment your comment is neatly inserted Ajax style without and page refreshing. It will show you a nice progress meter and insert your comment ajax style. The plugin is taken from Gudlyf’s World so check it out yourself. [...]

[...] It turns out that the authimage hack for WordPress requires the GD Library and Freetype Library installations to create the dynamic image. I may just come up with a simpler solution for this than doing all kinds of modifications to the server. It would certainly be useful to have those installations anyway, but I think creating a hack for WP on my own would be an interesting project. [...]

[...] best when moderation is off (seems more real-time) and AuthImage is installed (self-moderation is the best moderation) [...]

[...] Gudlyf’s AuthImage Plugin [...]

Does this work with WP 2.0?

Is this still working?

[...] 而 WordPress 的 Plugin AuthImage, MovableType 的 Plugin SCode, PWNtcha 都有 100% 的偵測率. 雖說 Image Spam (aka Content Spam) 可能情況複雜點, 不過應該還是有一定規則才是. [...]

The necessary plugin (:
It is established easily and perfectly works.
Thank u so much!

[...] AuthImage Web Es el captcha, o codigo de verificación, que aparece en el formulario de comentarios. Lo instalé antes de usar SpamKarma y por pereza nunca he llegado a quitarlo. Vosotro podréis decir mejor que yo qué tal funciona a nivel de usuario. Por mi parte diré que tanto su instalación como su uso son complicados, pero que funciona bastante bien. Se le escapan muy pocos spams, y éstos son siempre detectados por SpamKarma. Sin embargo, creo que dificulta innecesariamente la labor a los lectores. Incluye una completa guía en pdf y permite añadir tramas y fuentes. Todo ello, si uno sabe inglés, claro. [...]

[...] I installed AJAX Comments which is a plug-in by Mike Smullin that allows one to post comments quickly without having to leave or refresh the page. Along with this I installed AuthImage which is a plug-in by Keith McDuffee that creates an authorization image to help combat spam in comments. AJAX Comments comes pre-coded and with clear instructions on using AuthImage with it. [...]

I think it’s a good idea, but it doesen’t solutiont my problem, because a lote of spammer every day they are sending spam… I thinks that it’s imposible, with this we can stop the robots, but the people that do spam manualy?

Well! Thanks for all, i’ll use it and i’ll tell my experience.

Pd. Good work

This plugin DOES work with WP 2.0 — you need to follow the directions for WP 1.5 to implement the check in wp-comments-post.php.

The README should be modified to say “WP 1.5 and above” rather than “WP 2.0.”

[...] I used this plugin with the hack to make it use bitmap images because the server I am on seems to not be capable of generating them from the default Truetype fonts. I won’t request TrueType support on Twistybot seeing as it works with the hack anyway but I’ll make sure it gets onto a google search so other people on Twistybot know what to do too. [...]

[...] Yes, you heard right. You can comment on my entries again from this point onwards. I’m using AuthImage which is a nice little hack for Wordpress. That should keep those spammers away from my site again…Now I can rest again. Phew!View this post on my blog [...]

[...] authimage原始作者的網站：http://www.gudlyf.com/index.php?p=376 authimage下載點：http://dev.wp-plugins.org/wiki/AuthImage 本站備份的authimage下載點 (3.0版)：http://blog.mashow.tw/wp-download/authimage30.rar [...]

[...] 安装Gudlyf’s AuthImage Plugin 着实浪费了我不少时间，最后发现竟然是地址问题，晕。   « 现在可以下载《iText in Action》的第一章了 |   [...]

I am using WordPress 2.0.4 and cannot get this to work. Whether I put the code in or leave it out, the comment still passes. I have added $comment_code = trim($_POST[’code’]); // AuthImage after $comment_content = trim($_POST['comment']); as well as // AuthImage
if ( !checkAICode($comment_code) && !$user_ID )
die( __('Error: please enter the valid authorization code.') ); after if ( '' == $comment_content )
die( __('Error: please type a comment.') ); in the wp-comments-post.php file. I have also added everything to my theme’s comments.php template, but it still does not seem to matter if I type something in or leave it blank. If someone could send me their working copy of their comments template as well as their wp-comments-post file I would greatly appreciate it.

Maßnahmen gegen Spam in WordPress…

Ich hatte es bereits in einem anderen Beitrag geschrieben: Das HNA-Blog wird derzeit von Kommentar- und Trackbackspam geradezu überflutet. Was also tun? Kommentare nicht zuzulassen ist keine Lösung (muss ich nicht erklären, oder?). Manche gehen so…

I am not able to dowbload the ver 3.0 from teh link you have posted at teh top of this page. That page fails to load.

Pls help.

Thanks

Raj, i use ie7 and can view this page without problems.

[...] This is a review of AuthImage, a WordPress Plugin which I use on my site. [...]

[...] You can find AuthImage here if you are interested. It is free to download and install, and with a bit of tweaking you can get captcha images that look just the way you want. The instructions are really easy to follow too. [...]

[...] Deswegen hab ich mir gestern nen CAPTCHA-Plugin für Wordpress installiert. AuthImage heißt das gute Stück. War etwas Fummelei das zu installieren, läuft aber scheinbar dennoch ganz gut. [...]

[...] AuthImage Med denne plugin kan man ikke efterlade kommentarer uden enten at være logget ind, eller have indtastet et ord, der bliver vist som et billede. Denne løsning skulle reducere sansynligheden for blog-spam. [...]

[...] There are really much implementations in different languages, but here’s a selection. WordPress Plugin: AuthImage (PHP) PEAR: Text_Captcha (PHP) freeCap (PHP) Calculator-CAPTCHA (PHP) JCaptcha (JAVA) [...]

[...] 此外，我特别要提一下AuthImage这款插件的插件。它提供的设置选项丰富，调试起来相当有趣。具体显示可以看本页面最下方的Demo。它的优点在于，可以动态刷新验证图片；缺点在于，默认设置下的验证图片是在很丑，甚至很难辨认（真人很难辨认… orz）。我选择的是背景图片模式，去掉了大部分花里胡哨的背景图片，只留下来了两张，而且用Photoshop去掉了颜色变成灰度，并且调整了亮度对比度。虽然，相对来说防机器识别能力下降了，但可读性好多了。想来我这样的小站犯不着有人用机器识别来对付我吧？我还调整了字体变形的算法。因为单靠设置还不能达到要求，所以对于源代码略为有些小的改动。 [...]

[...] Anti Spam Image (this is the number thing by the comments, and the plugin’s home page disappeared, but the program is still working even after an update of Wordpress software. Here is a link to a similar plugin, though there are so many, no one would have a problem finding one: AuthImage) [...]

[...] Gudlyf’s AuthImage Plugin (http://www.gudlyf.com/index.php?p=376)  [...]

[...] AuthImage : This plugin displays an image with some random text that the commenter has to enter in order for their comment to go through. This should cut down on any bots out there from spamming your comments area and perhaps remove the need for comment moderation. [...]

Great Hack!

re: w3c NHTML compliance:
I find that if you modify the code in the authimage.php like this:

//


the page will then properly validate and still allow the plugin to function.

Ok, so the code doesn’t post properly, but here’s a .txt file snippet of my modified authimage.php code.

http://www.castellcomputers.com/files/authimage_xhtml.txt

My page now validates as XHTML transitional — It’s never validated as strict anyway. Now, however, when checking strict in the validator, the authimage stuff doesn’t get flagged as a problem any more.

the first captcha shows without the bottom.. so i cant figure it out is a E or F. so this is the refreshed page.. and i would like to try whether comment can be posted or not. this no spam, pls dont get piss off ..

[...] potrete integrare AuthImage in modo da prevenire lo spam! Per integrarlo seguire questi 2 semplici [...]

[...] AuthImage [...]

[...] activation. Note: Spam Karma does not work well with this plugin. Mike suggests that you use the Authimage plugin instead of Spam [...]

[...] I set up the AuthImage plugin for WordPress to stop it once and for all. Now you have to fill out one of those annoying [...]

Just checking this system to see of it’s working with AJAX

Oops, I was still using version 1.1 – but it (still) does a good job of keeping most of the simple spammers out
I’ve just installed the new 3.0 version on another blog (my brother’s blog). Just follow the instructions and 20 sec’s later it all worked.

Thanks for the good job!

Exellent, it works very well ! thkx u

I need to recognize a text in a captcha image before I can sign in,the space provided is blank showing no text.What should I do to complete the application,help.

I’m finding it very difficult to read which letters there are!! Could I for example change the background color and the font?!

[...] AuthImage This plugin displays an image with some random text that the commenter has to enter in order for their comment to go through. This should cut down on any bots out there from spamming your comments area and perhaps remove the need for comment moderation. [...]

hi can you please help me and tell me where to find the “my-hacks.php” file?

Hi,

When i want to insert an image, i’ve got this code error:

Fatal error: Call to undefined function: createaicode() in …/wp-content/plugins/authimage/authimage.php on line 19

Can you help me, please ?

John

I got this problem too.

gnfgg mt asetrjhrtj srkzsjtr srjtsrtjs. asetjt a, aejh etajetajetj.

test