Wednesday, May 9, 2007

Cracking WaterCap CAPTCHA In 24 Hours

It didn’t take long for one of our guys at to break the WaterCap CAPTCHA... 24 hours to be exact.
Elbertf, our resident "hacker" (not cracker) gave Pavel Simakov some information on how he broke the CAPTCHA and tips to how it can be improved.
Although the CAPTCHA is still unique to any previous method, it can still be cracked. But the key is if each board incorporates a unique method of spambot blocking, it can defeat the spambots. So don’t discount this CAPTCHA, it is still very much a good one, and I believe with just a little improvement in the code, it can become extremely difficult for spambots to crack.

read more | digg story

Monday, May 7, 2007

MAMP and MAMP Pro 1.6 released! - Apache, PHP, MySQL Package for Mac

living-e AG released a new version of their Mac OS X Apache bundle on April 27th.
This release marks only the second release of the MAMP Pro bundle, and the first with both MAMP and MAMP pro combined.

The MAMP is a free, open source utility that enables Mac OS X users to install Apache server, MySQL, PHP, eAccelerator and PHPMyAdmin with ease. Mac OS X users can download the MAMP, and with just a few clicks, install the software bundle in a folder, making it easier than ever (in typical Mac fashion) for users to host applications on their local server with MAMP, or remote server using MAMP Pro. The process takes about a minute to complete.

  • Mac OS X 10.4 or higher (Universal binary)
MAMP 1.6 is designed to run on the following operating systems:
  • Mac OS X 10.4 PPC
  • Mac OS X 10.4 Intel
  • Mac OS X 10.5 PPC
  • Mac OS X 10.5 Intel

Earlier versions of Mac OS X can still download older versions of MAMP from the Sourceforge file releases.

The new version carries some new upgrades including: Apache 2.0.59, PHP 5.2.1 (and PHP4), MySQL 5.0.37, support now for
the new XCache from lighttpd as an alternative to eAccelerator, which is still included in the default MAMP package, and APC support.

MAMP Pro is ideal for running on a OS X based server, as upgrading is simply drag-and-drop into the applications folder.
Since the databases are contained in the /Library/Application\ Support/MAMP\ Pro/db/ directory. And the preferences within MAMP Pro allow you to choose a localhost directory outside of the default /htdocs/ location within the MAMP package, making upgrades only seconds long.

You can download the latest distribution of MAMP from the official website: or from Sourceforge

I’ll post some tutorials and tips for setting up the httpd.conf and php.ini configuration files for both localhost testing of your PHP applications, and secure use on a remote server later.


WaterCap Strong PHP CAPTCHA With Negative Spaces And Shadows

Most of you are aware of the weak CAPTCHA that is used on phpBB2, and the basic version on phpBB3.
Recently, phpBB3 revamped their advanced CAPTCHA, giving the user more options with the x/y axis of noise levels.
The problem is, the CAPTCHA can be fairly un-readable.
Some users are saying nobody over the age of 55 (or under if you wear glasses) is going to be able to decipher the CAPTCHA image.
The solution, is of course to turn the x/y values up quite high, decreasing the amount of noise and making it easier to see.
But if you don’t have freetype enabled on your server, you’re stuck with the default (breakable) CAPTCHA.
Although you usually can persuade your host to enable CAPTCHA with your PHP installation, there are other methods of CAPTCHA as well... the WaterCap method uses the background color inside the letters themselves, making it extremely difficult for bots to pick out the definable boundaries of the characters. But our minds automatically make out the shapes and we "see" the letters, even though it is an optical illusion.
It’s only using shadows to give our brains a hint of what letter it is.
So the question is, will this work for phpBB3?
Perhaps, but only time will tell... if the phpBB team implements something like this by default, the spam world is going to work very hard to come up with a way to crack it... and we know it’s only a matter of time, they eventually will.
The alternative is to use it as a MOD on your board.
We (the Star Trek Guide Group) will create a MOD from this idea if it is not implemented in phpBB3 by default.
But I would like to hear your thoughts on it.

read more | digg story

Installing and using phpBB3 on your localhost

This tutorial has instructions for installing an apache package and installing and running phpBB3 on your localhost

Using phpBB on your localhost is a very simple process and a much faster way to test it then waiting for FTP to upload everything for you.

When installing a localhost, the first thing you will need is one of the following Apache packages. Although most of these packages contain both PHP4 and PHP5, only the latest version of PHP5 is shown below. All of the following packages are free except for MAMP Pro, which enables you to use it in a live (non-localhost) environment. Other packages require some adjustments (for security purposes) for use within a server (live) environment.

Download LAMP/XAMPP/WAMP/MAMP package

  • EasyPHP Apache 2.2.3 - PHP 5.2.0 - MySQL 5.0.27
    for Windows Win9x/Me/NT/2000/XP -- should work on Vista as well

  • WAMP server Apache 2.2.4 - PHP 5.2.1 - MySQL 5.0.27
    For Windows NT/XP and Vista

  • MAMP and MAMP Pro Apache 2.0.59 - PHP 5.2.1 - MySQL 5.0.37
    For Mac OS X 10.3, 10.4+, PPC and Intel

  • XAMP for Linux Apache 2.2.4 - PHP 5.2.1 - MySQL 5.0.37
    For Linux SuSE, RedHat, Mandrake and Debian (other versions untested)

  • XAMPP for Windows Apache 2.2.4 - PHP 5.2.1 - MySQL 5.0.37
    For Windows 98, NT, 2000 and XP (should work on Vista as well)

  • XAMPP for Mac OS X Apache 2.2.4 - PHP 5.2.1 - MySQL 5.0.33
    For Mac OS X (intel ONLY) -- version 0.6.1 (at print time) is still in development

  • XAMPP for Solaris Apache 2.2.0 - PHP 5.1.1 - MySQL 5.0.18
    For Solaris 8 and 9 (other versions untested) -- version 0.8.1 (at print time) is still in development.

Install Apache Package

Once Downloaded, install one of the above packages, making sure to follow the instructions. Be sure to remember what directory it uses for it’s "webroot". Average time needed to install an Apache package: 15 minutes

Be sure to consult the documentation regarding your Apache Package for configuration. Each package (except for MAMP Pro) requires special configuration for use on a live server. Check to make sure the Apache/MySQL ports are set to 80/3306 -- some may be set to 8888/8889 (for example). For Mac OS X: Make sure Web Sharing is turned OFF in System Preferences. The preferences/options allow you to pick which PHP version to run. In This tutorial, we will assume you are running PHP5 Although you can test either version, you should choose the version that your server is using.

Start localhost Apache/MySQL Services/Server

Once installed, start your servers (or "services" on Windows). MAMP -- 10.4+: Use the MAMP Widget or to Start Servers; 10.3+: Use the; WAMP -- XP: Click the services icon in the lower right-hand corner, and select "start all services"
Everytime you start up your computer, you’ll have to start your localhost services/server to run "localhost" on your computer.
Some packages may contain details on how to setup startup files to start the servers/services on computer startup. -- Consult the documentation for details.

Any changes that you manually make to the php.ini or httpd.conf files will require you to restart (stop and start) your Servers/Services.
In MAMP pro, it contains it’s own server config templates located in /Applications/MAMP\ Most other packages they are located within a conf/ directory or within their own php/php.ini and apache2/conf/ directories. In the php.ini file, set error_reporting to error_reporting = E_ALL and display_errors to display_errors = On Be sure to note the location of the error log files... error_log Which you’ll need for debugging any errors you find in phpBB3.

Create new Database for phpBB

Now that you have your Apache package all setup and running, test it by going to http://localhost it should Go to your Database Manager, in this tutorial, we will be using MySQL, as it is the most common database. You can use the pre-installed phpMyAdmin (an alias is located in each package, or try browsing to http://localhost/phpmyadmin or http://localhost/phpMyAdmin depending on your package), it is recommended that you grab a copy of Navicat or another GUI database administration tool. (highly recommended, as it will speed up your development/testing time by 400%-500%)

Create a new Database, in this example, we’ll name it phpBB3. -- Consult the documentation for the database admin tool on how to create a new Database. -- in Navicat, go to menu > Connection > New Database; or in phpMyAdmin just type in the name of the new database.
Now create a new user (and unique password) and give that user permission (privileges) to access all aspects of the database. (Select, Insert, Update, Delete, Create, Drop, References, Index, Alter, etc) -- use full permission as this is your localhost user, and it cannot be accessed through the internet. If you want to test multiple versions of phpBB3, such as a Beta version, an RC version, varius CVS versions, etc... you can give each one it’s own unique database name. e.g.: phpBB2_CVS (CVS), phpBB2 (patch tests), phpBB3 (Beta or RC), forum (live), area51 (MOD testing), etc. You will also be able to use several phpBB installations with just one database if you prefer.
To keep things as simple as possible, use the same user for each of your databases.

Download phpBB3

Download a fresh copy of the development package of phpBB3 by going to phpBB Downloads or go to area51 to download a daily snapshot -- We’ll be using the daily snapshot in this tutorial. If you are not comfortable with or feel frightened by manual database edits, it is recommended that you not install a CVS version -- use the more stable Beta or RC download instead.

Drag your phpBB download package to your webroot directory
WAMP: C:/wamp/www/;
MAMP: /Applications/MAMP/htdocs/;
XAMPP (win): C:\program files\xampp\htdocs
It’s usually www, htdocs or public_html -- If you are unsure where it is located, consult your package documentation.

Unzip/unpack your phpBB package. -- If you have a CVS download, it will be called phpBB2, don’t be alarmed, it really is phpBB3.x.x-dev.
If you download a Beta or RC package, it will be called phpBB3 Keep in mind that if you want to test multiple phpBB installations, you will want to rename them accordingly. e.g.: phpBB3 (Beta or RC), forum (live), area51 (MOD testing), phpBB2_CVS (CVS), phpBB2 (patch tests), etc... This will be important later on when we reach updating your phpBB3 installation using CVS. From here forward, we are going to assume you downloaded the CVS version, and will be calling the package "phpBB2".

Install phpBB

Open your browser (recommended to use Firefox, as it has more testing capabilities and is faster) and browse to http://localhost/phpBB2
Since the config.php file is empty, you will be redirected to the install/ directory. You will be presented with options and instructions to install phpBB3. Keep in mind that while you can test any Database schema available from your Apache package (and we encourage you to test multiple versions), you should primarily test the same version as what you will be using live on your server. Use the database connection information you specified for the user earlier. Make sure to use a simple password for your Founder/Admin login information, you’ll be typing it in a lot. -- and this is localhost, so nobody else will be using it.

Once installation is complete, rename your install directory to _install (for example) so that it does not interfere with your testing.
You have now successfully installed phpBB3 on your localhost.

AJAX powered vBulletin, phpBB2 and phpBB3 style changer

This is the best thing since sliced cheese.
CyberAlien from created a dynamic, AJAX powered style changer for popular vBulletin and phpBB2 styles (skins), he’s just recently added prosilver and subSilver2 from phpBB3 and will be adding more in the near future. -- Currently in beta stage, you can choose a color that exists on the style, and choose what color you want to change it to.
Pick up to four layers, see how your phpBB3 forum prosilver could look in Green! or Red! or Pink!
Live preview of your changes, and you can even download your new style, and install it on your vBulletin, phpBB2, or phpBB3 board in minutes.
Give it a try!
CyberAlien says release is scheduled for May or June if life™ gets in the way.