preventing automated form submissions by spambots.

[moustic027]

Hello,

Sorry for my english but I'm French.
I'm a new user of OTRS and I have a question:

How to protect from spamrobots, the form of automatic creation of the new users on the customer.pl ?

Thanks by advance,

[risker]

You might add a captcha to registration form

[crythias]

viewtopic.php?f=60&t=5941

[moustic027]

Thanks for yout help.

The problem is I'm on Windows...
How to enable recaptcha on OTRS in Windows Mode ?

Thanks,

[crythias]

It's all the same. You may want to read up how to install perl modules in Windows, but otherwise, the recipe is the same.

[moustic027]

Hello,

I tried to do these commands.
But now, I cannot restart the apache server.
I have an error message wich says "Can't locate Captcha/reCAPTCHA.pm in @INC....."
I cannot install the captcha modul in "PERL AREA" and i don't know how to modify the @INC.

What can I do ?

Thanks,

[crythias]

try (from a command prompt)
cpan Captcha::reCAPTCHA
or
ppm Captcha::reCAPTCHA

[moustic027]

It is a little better
Non error for captcha...

Now :


[Fri Aug 17 14:02:50 2012] [error] syntax error at C:/PROGRA~2/OTRS/OTRS//Kernel/Output/HTML/Layout.pm line 3221, near ")\n\t\t#begin recaptcha\n my "\nGlobal symbol "$rc" requires explicit package name at C:/PROGRA~2/OTRS/OTRS//Kernel/Output/HTML/Layout.pm line 3221.\nGlobal symbol "$rc" requires explicit package name at C:/PROGRA~2/OTRS/OTRS//Kernel/Output/HTML/Layout.pm line 3227.\nCompilation failed in require at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Web/InterfaceAgent.pm line 32.\nBEGIN failed--compilation aborted at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Web/InterfaceAgent.pm line 32.\nCompilation failed in require at C:/PROGRA~2/OTRS/OTRS/scripts/apache2-perl-startup.pl line 67.\nBEGIN failed--compilation aborted at C:/PROGRA~2/OTRS/OTRS/scripts/apache2-perl-startup.pl line 67.\nCompilation failed in require at (eval 7) line 1.\n

!?!?!?!?

Thanks thank thanks....

[crythias]

please post a snippet of code containing the lines you modified in Layout.pm around line 3221

[moustic027]

Thanks,

Code: Select all

    # get lost password output
    if (
        $Self->{ConfigObject}->Get('CustomerPanelCreateAccount')
        && $Self->{ConfigObject}->Get('Customer::AuthModule') eq
        'Kernel::System::CustomerAuth::DB'
        )
		#begin recaptcha
        my $rc = Captcha::reCAPTCHA->new;
        my $rccustom = "<script type= \"text/javascript\">\n
var RecaptchaOptions = {\n
   lang : 'en',
};\n
</script>\n";
        $Param{reCAPTCHA} = $rccustom . $rc->get_html("6LezV9USAAAAAC0LP66NwQiqBWBuw5XvF9slv6-1 ");
        #end recaptcha
    {
        $Self->Block(
            Name => 'CreateAccountLink',
            Data => \%Param,
        );
        $Self->Block(
            Name => 'CreateAccount',
            Data => \%Param,
        );
    }

[crythias]

Did you include "use Captcha::reCAPTCHA;" at the top of Layout.pm?

[moustic027]

yes I did,

Code: Select all

use Mail::Address;
use URI::Escape qw();

use Captcha::reCAPTCHA;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.381.2.10 $) [1];

[crythias]

I know what's wrong.
The scope.

You're missing an open brace before my $rc

By default, perl will allow an "if" to not use brace if the next command after close parenthesis is the only command relevant.

That would be "my $rc" in your submitted code. Since "my" is only for the scope it's called, it would only be relevant inside the "if". But it's the only command, so its scope doesn't go to the next line.
see this:

Code: Select all

        'Kernel::System::CustomerAuth::DB'
        )
      #begin recaptcha
        my $rc = Captcha::reCAPTCHA->new;

and the original:

Code: Select all

        'Kernel::System::CustomerAuth::DB'
        )
    {
        #begin recaptcha
        my $rc = Captcha::reCAPTCHA->new;

You have the opening brace { after #end recaptcha. move it up (delete it, put it before #begin)

[moustic027]

you're awesome !!!!!!!!!!!!!!

Now I can connect to otrs.
But when i try to creat a new customer:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@somenet.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Where can i find any logs for this error ?

[crythias]

There are apache error logs buried somewhere (apache/logs?) and you may want to just restart apache anyway. On the other hand, the error may be related to the module parsing code in Kernel/System/Web/InterfaceCustomer.pm (see otrs/var/log/otrs.log?) and I would guess you're encountering a similar syntax error.

[brianm]

Adding a CAPTCHA is one solution as described above. I've followed the instructions given elsewhere and had success adding Google's reCAPTCHA solution to the self-registration form. However adding this is not for the faint of heart. You really have to hack deep in OTRS code in order to do it.

Another solution to preventing automated form submissions by spambots (at least when it comes to the self-registration form) is this idea. Please give it a vote if you agree.

[moustic027]

Hello everybody,

Sorry for long time of answer but I was on holidays.
Thanks for you idea biranm,I shall test her but I want to manage to implement rcaptcha.
But I have a new error when I want to start APACHE service.
Global symbol "$result" requires explicit package name at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Web/InterfaceCustomer.pm line 653.\nCompilation failed in require at C:/PROGRA~2/OTRS/OTRS/scripts/apache2-perl-startup.pl line 68.\nBEGIN failed--compilation aborted at C:/PROGRA~2/OTRS/OTRS/scripts/apache2-perl-startup.pl line 68.\nCompilation failed in require at (eval 7) line 1.\n

Find the code here :

Code: Select all

# check reCAPTCHA
		{
        my $rc = Captcha::reCAPTCHA->new;
        my $challenge = $Self->{ParamObject}->GetParam( Param => 'recaptcha_challenge_field' )  || '';
        my $response = $Self->{ParamObject}->GetParam( Param => 'recaptcha_response_field' )  || '';
        my $result = $rc->check_answer("your_private_recaptcha_key", $ENV{'REMOTE_ADDR'},
           $challenge, $response
           );
		}   
        if ( !$result->{is_valid} ){ 
            my $Output = $Self->{LayoutObject}->CustomerHeader( Area => 'Core', Title => 'Error' );
            $Output .= $Self->{LayoutObject}->CustomerWarning(
                Message => 'reCAPTCHA entry failed.',
                Comment => 'Please press Back and try again.'
            );
            $Output .= $Self->{LayoutObject}->CustomerFooter();
            $Self->{LayoutObject}->Print( Output => \$Output );
            exit 0;
        }
        #end recaptcha

Thanks by advance

[crythias]

moustic027:
If this is verbatim from your code, you didn't follow all the instructions. You are supposed to replace "your_private_recaptcha_key" with the API Private key from step zero.

You also placed the code in the wrong place. Watch the placement of curly braces {} around your code versus what was presented.

[moustic027]

Ok Thanks that's works.
But now the same error "Internal Server...."
Whan I connect to the customer windows (to test Rcaptcha), no rcaptch is visible...problem ?

Thanks,

[crythias]

Probably the same thing. Make sure you've replaced placeholder with a valid API code and check placement of the code.
Also, my crystal ball seems to indicate "Circumstances are unclear. Make something up."

[moustic027]

I verified and everything seems to be OK
Just one diffirence.
In your tuto you ask to add:
<tr>
<td>&nbsp;</td>
<td>$Data{"reCAPTCHA"}</td>
</tr>

But fo me, the code is int DIV tags.

Thanks,

[moustic027]

I think the problem is here:

Code: Select all

my $result = $rc->check_answer("xxxxxxxxxxxxxxxxx", $ENV{'REMOTE_ADDR'},

What do I have to write on 'REMOTE_ADDR' ?
Do I have to put thr " " ?

Thanks,

[crythias]

What do I have to write on 'REMOTE_ADDR' ?
Do I have to put thr " " ?

don't touch REMOTE ADDR.

Remember you have to change both the private and public API entries.

[moustic027]

ok ok....
I noticed that in WIndows I have two path for CustonerLogin.dtl
C:\Program Files (x86)\OTRS\OTRS\Kernel\Output\HTML\Standard and C:\Program Files (x86)\OTRS\OTRS\Kernel\System\Web
Modification only appear if I modify the file here : C:\Program Files (x86)\OTRS\OTRS\Kernel\Output\HTML\Standard

But the rcaptcha do not appear.
The code of my CustomerLogin.dtl file
I think the problem is I do not have <table> tag..only <div> tag...

Code: Select all

<!-- dtl:block:CreateAccount -->
            <div id="Signup">
                <a href="#Login" class="InlineNavigation">&larr; $Text{"Back"}</a>
                <h2>$Text{"Create Account"}</h2>
                <p>$Text{"Please fill out this form to receive login credentials bla bla bla."}</p>
                <form class="Floating Validate" action="$Env{"CGIHandle"}" method="post" enctype="application/x-www-form-urlencoded">
                    <input type="hidden" name="Action" value="CustomerCreateAccount"/>
                    <input type="hidden" name="Lang" value="$Env{"UserLanguage"}"/>
                    <div>
                        <label for="Title">$Text{"Title{CustomerUser}"}</label>
                        <input title="$Text{"How we should address you"}" type="text" name="Title"  id="Title" maxlength="50" value="$QData{"UserTitle"}"/>
                    </div>
                    <div class="NewLine">
                        <label class="Mandatory" for="FirstName"><span class="Marker">*</span> $Text{"Firstname{CustomerUser}"}</label>
                        <input title="$Text{"Your First Name"}" name="Firstname" type="text" id="FirstName" maxlength="100" value="$QData{"UserFirstname"}" class="W50pc Validate_Required"/>
                        <div id="FirstNameError" class="TooltipErrorMessage"><p>$Text{"Please supply a first name"}</p></div>
                    </div>
                    <div class="NewLine">
                        <label class="Mandatory" for="LastName"><span class="Marker">*</span> $Text{"Lastname{CustomerUser}"}</label>
                        <input title="$Text{"Your Last Name"}" name="Lastname" type="text" id="LastName" maxlength="100" value="$QData{"UserLastname"}" class="W50pc Validate_Required"/>
                        <div id="LastNameError" class="TooltipErrorMessage"><p>$Text{"Please supply a last name"}</p></div>
                    </div>
                    <div class="NewLine">
                        <label class="Mandatory" for="Email"><span class="Marker">*</span> $Text{"Email{CustomerUser}"}</label>
                        <input title="$Text{"Your email address (this will become your username)"}" name="Email" type="text" id="Email" maxlength="150" value="$QData{"UserEmail"}" class="W100pc Validate_Required Validate_Email"/>
                        <div id="EmailError" class="TooltipErrorMessage"><p>$Text{"Please supply a"} $Text{"Email{CustomerUser}"}</p></div>
                    </div>
					<div class="NewLine">
						&nbsp;
						$Data{"reCAPTCHA"}
					</div>
                    <div class="NewLine">
                        <button id="CreateAccount" type="submit" value="$Text{"Create"}">$Text{"Create"}</button>
                    </div>
                    <div class="Clear"></div>
                </form>
            </div>

[crythias]

Did you modify Layout.pm as described?
Edit: Did you fix the problems in Layout.pm with the curly braces?

If this is too difficult to follow, (and even this thread is difficult for me to follow after a time), please don't consider this method, revert to stock files and accept that there will be spam accounts.

[moustic027]

yes I did...I Hop

The code :

Code: Select all

#begin recaptcha
        my $rc = Captcha::reCAPTCHA->new;
        my $rccustom = "<script type= \"text/javascript\">\n
var RecaptchaOptions = {\n
   lang : 'en',
};\n
</script>\n";
        $Param{reCAPTCHA} = $rccustom . $rc->get_html("6LcgYdUSAxxxxxxxxxxxxxxxx");
        #end recaptcha
		}
        $Self->Block(
            Name => 'CreateAccount',
            Data => \%Param,
        );
    }