[RFC] stop distributing worthless CAPTCHAS in 3.1

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Kamahl19 » Tue Jan 07, 2014 10:39 pm

In my opinion, we should remove all picture based captchas because most of them are useless and the rest will be useless in time of 3.1 release date. phpBB could come with Q&A plugin and JS based captcha plugin. Q&A would be the default plugin and there would be a warning for administrator when he will want to choose the JS based plugin. phpBB default installation would still work without JS and admin with knowledge about JS requirement could choose better captcha without installing the MOD.

leschek
Registered User
Posts: 163
Joined: Tue Aug 28, 2012 1:30 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by leschek » Wed Jan 08, 2014 1:29 am

Kamahl19 wrote:Q&A would be the default plugin
I'm not developer, but I don't think this is best idea. You would have to add setting for QaA into installation page (and force users to fill this setting) or provide default question and answer and somehow explain to administrators that they have to change it. And if they don't change it their boards would be unprotected. I guess it's better to have not so good working picture captcha than one on all boards same default question.

User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Kamahl19 » Wed Jan 08, 2014 2:42 am

Not so good working captcha = broken captcha = no problem for bots but annoying for real users. So yea, I would rather have no captcha then bad captcha. Moreover, I dont see a problem in setting the Q&A in installation process.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Pony99CA » Wed Jan 08, 2014 2:56 am

leschek wrote:
Kamahl19 wrote:Q&A would be the default plugin
I'm not developer, but I don't think this is best idea. You would have to add setting for QaA into installation page (and force users to fill this setting) or provide default question and answer and somehow explain to administrators that they have to change it. And if they don't change it their boards would be unprotected. I guess it's better to have not so good working picture captcha than one on all boards same default question.
There's already an RFC discussing making Q&A the default CAPTCHA, and I proposed a simple way to avoid every board having the same question. So let's not rehash that in this topic.

This topic should be about what CAPTCHAs should be kept and what the default CAPTCHA would be. If we agree on Q&A, we can discuss that in the linked topic; if we decide on something else, we can discuss that here and mark that topic as Rejected.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Master_Cylinder » Wed Jan 08, 2014 7:32 am

Rehashing that isn't a bad thing since there wasn't agreement whether the random Q&A would be solvable by bots. When you ask for "odd," "even" or "first, third and sixth characters" some bots can figure that out, imho. The biggest problem with Q&A (even if it's forced at install) is that there is NO way to force admins to write *good* questions so you KNOW some admin will use "what's my favorite color?" or "what is my favorite car?"
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Kamahl19 » Wed Jan 08, 2014 11:35 am

Agree, those random Q can be broken. Admin should find out Q related to his forum. For example I was working on forum for citizens of one British town and I proposed to use the questions like "In what district is our town" and "What is the full name of our town". They have no spam now. Or I have been working on a forum about old books etc, so I suggested something like "Who ate the Little red raiding hood", again no spam since then.

So maybe good examples for admins would be better then randomly generated Q.

leschek
Registered User
Posts: 163
Joined: Tue Aug 28, 2012 1:30 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by leschek » Wed Jan 08, 2014 1:24 pm

Pony99CA wrote:This topic should be about what CAPTCHAs should be kept and what the default CAPTCHA would be. If we agree on Q&A, we can discuss that in the linked topic; if we decide on something else, we can discuss that here and mark that topic as Rejected.
Then I would keep QaA, reCaptcha and as default the for bots most difficult picture captcha.

User avatar
Mess
Registered User
Posts: 198
Joined: Wed Jun 13, 2012 10:14 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Mess » Wed Jan 08, 2014 2:46 pm

Kamahl19 wrote:"Who ate the Little red raiding hood"
Interesting. Googling that question gives the answer in the first 3 hits. If you spell it correct "Who ate the little red riding hood".
Maybe its because the answer is complex enough that is not easily cracked.

Other questions which can be easily googled are cracked. Like "What is 7 x 5" or "what is the capital of algeria"

User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Kamahl19 » Wed Jan 08, 2014 7:26 pm

leschek, most difficult picture captcha is also able to broke and it is very annoying for people. Even I with good sight am not able to read many captchas. And reCaptcha is broken, so why should we keep it? I had reCaptcha on 2 my boards and I had 100 bots per day. Totally useless.

Mess, the Q was in Slovak language. Moreover, I dont think that compures understand this question and can find the A via google. I see it is in third article, but bot does not know that wolf is the answer, because the word wolf is in sentence.

Yes 7 x 5 is not good idea. We need more "board specific" Q.

User avatar
Master_Cylinder
Registered User
Posts: 361
Joined: Wed Jul 31, 2013 9:54 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Master_Cylinder » Wed Jan 08, 2014 8:01 pm

Nobody ate Red, the wolf ate grandma and tried to eat Red but the woodsman saved her with his ax. ;)

Something needs to be done about captcha but what should replace it is a bit complicated.
These kids today...
Buy them books, send them to school and what do they do?

They eat the paste. :lol:

Post Reply