Development Discussion Board

[Dog Cow]

Because when captchas are broken or you cant solve them (blind) you still need to be able to contact the admin, to tell him captcha is broken or you are blind and cant solve?

So then you're going to have to whois the domain and pray that the contact email address is valid and monitored.

[callumacrae]

I can't remember whether I have already said this, but the two main captchas (QA and recaptcha) are fine for blind people.

[MichaelC]

If you have a problem with the CAPTCHA (one of the bigger reasons on why to have a contact form) how do you contact the board admin if its on the contact form?

[Ger]

Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?

[doktornotor]

Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?

Yeah exactly... works a treat. Also has the captcha completely configurable (always on, for guests only, disable altogether.)

[keith10456]

Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?

+1

I use this mod and it's great!

[brunoais]

Well... there are anti bot systems that might work without captcha.

Make a tree thingy in the form tag.
Make CSS so that the last div inside the form tag is not displayed (no inline @class or @style)
Put that div inside the form (it's the last child of the form)
Inside that div:
Place 2 inputs.
1 input has a default value
The system chooses some characters from a list randomly to place in the @value
The system saves which one was in the $_SESSION variable.
When the form is submitted it compares. If they are different, an error is returned (just make up an error, don't push yourself)

The other input is empty. If it contains any text in it, then this is a bot.

For a cherry in the cake, place a selectbox. The user just need to say (between some options) if he's a bot or not.
The correct answer (option tag) is not always the one with the same @value but it's the one with the same text content (I need to investigate if <span> is allowed inside <option> to see if we can add random text invisible to the user).


Well... I think this way the bot must be really smart to get though. It must know CSS and know how to process CSS properly to decide about those two inputs. As an icing in the cake the select would also create quite a challenge to the thing to decide what to do with a selectbox.

[naderman]

That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.

[brunoais]

That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.

That's because there's that randomizer for the <select>. If we're able to do it ok we possibly can do that so that a bot cannot discover it.
We can also use an extra field for a simple question that is randomly selected and setted by the forum admin.
We can make things to make the process hard for the bots but, it's not possible to make it impossible for them because their makers have access to the source code.

[MartinTruckenbrodt]

Hello,
very good discussion! BTW: For me it's a little bit strange to see people posting for Akismet which have been posting against other blacklists in past very often. Sorry, for this tiny off-topic. Okay, now back to this discussion.

For the very good Contact Board Administration MOD IMO only one feature is missing: Different recipients for different subjects or tasks.

My strategy:
1. Block spam posts and spam user account registrations done by spambots and human spammers!!! with blacklists. Redirect the very rare false positives to the contact page.
2. Protect the contact page with CAPTCHAs (or with another good different feature(s)).

If a contact page would been added to phpBB core so then please add an impress page, too!

Bye Martin