[RFC] stop distributing worthless CAPTCHAS in 3.1

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Master_Cylinder » Sat Jan 11, 2014 8:34 pm

If bots can't push buttons then maybe that would work but they can "submit" so maybe they can sort CAPTCHA with buttons too. I don't know about that one...
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

User avatar
Un1matr1x
Registered User
Posts: 48
Joined: Mon Sep 07, 2009 10:18 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Un1matr1x » Sun Jan 12, 2014 1:17 am

DavidIQ wrote:... Since we love giving people choices perhaps the admin can be presented with the option to use a different CAPTCHA at that point and we just reuse the entire CAPTCHA ACP area for that. Right now we do nothing of the sort. We simply set the default broken image CAPTCHA and continue on our merry way so a change there is really needed. ...
I guess this would be a great first step, fore admins to choose at installation and even on updates if broken captcha is used and might be removed on updates too.
emosbat wrote:this is just an idea. an image captacha should use logic questions within image. a bot can not easily read an scrambled question and then find its answer. this can be very difficult for a bot.
Image
I like this idea, even if Kamahl19 is right and bots will be adapped. You can force bots to use a lot cpu-time for OCR, colour & forms recognition.

At least if you stop distributing worthless CAPTCHAS, you might want to add some more captchas to the core, for a better choice. To achieve this you might want to start a second Best Captcha Plugin Competition with some kine of rewards - a easy reward would be the inclusion into core phpBB or even material rewards (f.e. just ask for donations @ phpbb.com-news for this topic - since most admins have to deal with bots/spammers/...)

User avatar
BTRFISHING
Registered User
Posts: 8
Joined: Fri Dec 20, 2013 3:13 pm
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by BTRFISHING » Thu Jan 16, 2014 5:11 pm

Master_Cylinder wrote:Couldn't the Sortable CAPTCHA that was mentioned earlier be adapted to use AJAX instead of javascript? I know there is talk of drag and drop re-ordering of forums, custom profile fields and other "sortable" fields so maybe that would work with CAPTCHA too. I don't think that spambots can drag things with a mouse. I can make a "Sortable AJAX CAPTCHA" RFC, if we need to.

Or maybe even just left/right buttons to move the selections if drag and drop can't be done?
I think that would be great idea.

Alternative could be, as mentioned earlier, if Javascript is not enabled to load a fall-back CAPTCHA that doesn't require javascript.

I'm just a huge fan of Sortables CAPTCHA because I haven't had even a single spam request since I installed it. Very impressive seeing that I would get 5-6 spam members registering prior to this.

User avatar
Ger
Registered User
Posts: 287
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Ger » Tue Jan 21, 2014 8:04 am

A fall-back CAPTCHA would need to be as good as the JS based CAPTCHA that it's replacing. If it isn't, bots would simply try to register with JS disabled, wouldn't they?
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

User avatar
Mess
Registered User
Posts: 197
Joined: Wed Jun 13, 2012 10:14 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Mess » Tue Jan 21, 2014 11:08 am

Ger wrote:A fall-back CAPTCHA would need to be as good as the JS based CAPTCHA that it's replacing. If it isn't, bots would simply try to register with JS disabled, wouldn't they?
My thoughts exactly.

User avatar
BTRFISHING
Registered User
Posts: 8
Joined: Fri Dec 20, 2013 3:13 pm
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by BTRFISHING » Wed Jan 22, 2014 5:05 pm

Ger wrote:A fall-back CAPTCHA would need to be as good as the JS based CAPTCHA that it's replacing. If it isn't, bots would simply try to register with JS disabled, wouldn't they?
Yeah that's a very good point.

Is there a way to have the form require particular check boxes be marked ? So when registering you would have like 5 check boxes for example and two of them have next to it "Check me if not a spam bot!" ... then require these two of five boxes be checked to submit form. Of course if a third is checked, or any box besides the particular two asking to be checked, the form would have to fail. I think this can be done with html only. Just thinking out-loud here!

Of course not sure if this would even prevent spam bots... I'm unsure how they function. In other words I don't know if they can detect this.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Pony99CA » Fri Jan 24, 2014 2:53 am

BTRFISHING wrote:Is there a way to have the form require particular check boxes be marked ? So when registering you would have like 5 check boxes for example and two of them have next to it "Check me if not a spam bot!" ... then require these two of five boxes be checked to submit form. Of course if a third is checked, or any box besides the particular two asking to be checked, the form would have to fail. I think this can be done with html only. Just thinking out-loud here!
You can do that sort of thing with required Custom Profile Fields. Of course, that would likely annoy users trying to register.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Mess
Registered User
Posts: 197
Joined: Wed Jun 13, 2012 10:14 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Mess » Fri Jan 24, 2014 7:29 pm

Pony99CA wrote:You can do that sort of thing with required Custom Profile Fields. Of course, that would likely annoy users trying to register.
It would be an excellent Captchas then. ;)

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Master_Cylinder » Fri Jan 24, 2014 8:53 pm

Mess wrote:
Pony99CA wrote:You can do that sort of thing with required Custom Profile Fields. Of course, that would likely annoy users trying to register.
It would be an excellent Captchas then. ;)
That would be a typical captcha then... ;)
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

Post Reply