Visual Confirmation

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
MISIIM
Registered User
Posts: 4
Joined: Sun Apr 30, 2006 12:02 pm
Contact:

Re: Visual Confirmation

Post by MISIIM »

Try adding a simple math problem in the image (or a harder one possibly).

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Visual Confirmation

Post by ElbertF »

Aren't those easier for computers to crack then for humans?

User avatar
Cheater512
Registered User
Posts: 245
Joined: Thu Mar 23, 2006 1:29 am
Location: Brisbane, Australia
Contact:

Re: Visual Confirmation

Post by Cheater512 »

spambot wrote: Aren't those easier for computers to crack then for humans?
If the bot can read them then yeah it makes no difference.

jriemerm
Registered User
Posts: 2
Joined: Tue May 02, 2006 12:43 am

Re: Visual Confirmation

Post by jriemerm »

I know the hope is for an effective method of spam prevention that is automated, and requires no work on the administrator's part. However, I wonder if there are sufficient efforts to make it easier for administrators to manually approve based on direct communication with registrants.

For preventing *registration* by spammers, one method would be to require registrants to answer one or a few questions specific to the forum, which would be emailed to the administrator (or posted on an easy-to-use administrator's response page). E.g. Please tell us a little about your background and interest in the subject of this forum. If the nature of the answer isn't coherent or relevant enough to convince the administrator they are legit, they could either simply disapprove, or send a follow-up question by e-mail if they're not sure.

The follow-up message to the registrant could be from a "do-not-reply" address to prevent being added to an e-mail spam list, with an embedded link to a form where they need to respond.

There could also be an option for an administrator's policy, such as I've seen on some blogs: Moderate every new registrants first post (or first several, a number chosen by administrator). Once it's been established their posts are not irrelevant, machine-generated posts, they are no longer moderated.

gutterballk7
Registered User
Posts: 30
Joined: Fri Oct 07, 2005 1:37 am

Re: Visual Confirmation

Post by gutterballk7 »

There could also be an option for an administrator's policy, such as I've seen on some blogs: Moderate every new registrants first post (or first several, a number chosen by administrator). Once it's been established their posts are not irrelevant, machine-generated posts, they are no longer moderated.
This somewhat reminds me of another forum (either IPB or SMF, which I dislike both of course because phpBB is the best!) but it could be done some sort of cheap way with phpBB...erm. Well on other boards, you can set the user to be upgraded to a different usergroup depending on the amount of posts they have. So, you could have the default user group have their posts moderated in forums, then, once they reach xx posts, they are bumped up to a normal member which does not have moderated posts....

... the only problem with this is phpBB lacks an automatic upgrade on user groups. At the same time, I think it is a bad feature that could allow someone to gain power when you don't want them too. ... and it is just plain old confusing in general.

My one comment about the visual confirmation is that I tried registering a test account on my own phpBB3 test board, and I couldn't sign up without turning off the confirmation because I had a horrible time reading the dumb letters and numbers and figuring out what is what.

regcodeSUCKS
Registered User
Posts: 1
Joined: Sun May 14, 2006 3:26 pm

Re: Visual Confirmation

Post by regcodeSUCKS »

Hi, I am a human from the planet earth.
The visual confirmation images are way too hard to read for me. When do I know what the font's 'small letter' or 'big letter' is when they seem to change size randomly sometimes? It's made to fool the scripts isn't it, but then why did I have to spend 16 attempts including cookie resets to register? (which you can probably get scripts to do for you anyways? Macro? Something?)

I don't have any problem with my eyes, don't wear glasses or contacts and I'm able to read stuff even when it's small and far away. If I upgrade to this when it comes out I'll think all the users will be suffering the same hassle, and what if they don't know how to reset their cookies?

These are some problems from me, I don't like it and registration wasn't comfortable at all for me because of this :/
I just wanted to say.

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Visual Confirmation

Post by ElbertF »

Some suggestions:
  • Read this to find out why
  • Turn off Visual Confirmation
  • Make your own
Either way, since this is the development board you can expect changes before the final release.

User avatar
okiem
Registered User
Posts: 1
Joined: Fri Feb 06, 2009 2:10 pm

Re: Visual Confirmation

Post by okiem »

May I suggest three nice and easy option for prevent automatic captcha passing:

1. Make background with characters (but almost not visible). For automates it will be recognizable but human will read only those strong. To making this more complicated you can make two layers of captcha file - background (with very gray characters), and foreground (with black or color)

2. Post two captcha on one page and ask to put right cod in first, and FALSE in second. You can put even more captcha with randomizing order. You can also use randomize text for explanation (like: write FALSE, write Mistake, write nut True ...etc)

3. Use fonts which add small characters to some of them. F.e. G___Ta__ H___ Su__Z - this is only 5 characters with two odd.
http://www.genealogia.okiem.pl - Polish genealogical site

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Visual Confirmation

Post by Highway of Life »

okiem wrote:1. Make background with characters (but almost not visible). For automates it will be recognizable but human will read only those strong. To making this more complicated you can make two layers of captcha file - background (with very gray characters), and foreground (with black or color)
The problem is that most CAPTCHA's that are readable by humans can be readable by bots. The more difficult you make the CAPTCHA for a bot, the more difficult it will be for the human. There are many "tricks" being used by phpBB to make the CAPTCHA very difficult to crack, but it is always a matter of time before the bot script creators eventually figure out a way to read that particular CAPTCHA, it is then necessary to come up with a new method that will fool the bot scripts until they figure that one out.
The only "sure" way to prevent spam registrations is for each board owner to implement a truly unique spam prevention method on their board.
okiem wrote:2. Post two captcha on one page and ask to put right cod in first, and FALSE in second. You can put even more captcha with randomizing order. You can also use randomize text for explanation (like: write FALSE, write Mistake, write nut True ...etc)
This is extremely easy for bots to figure out and will only add annoyance for users.
okiem wrote:3. Use fonts which add small characters to some of them. F.e. G___Ta__ H___ Su__Z - this is only 5 characters with two odd.
Logic puzzles are never a good idea because there are humans that will have problems figuring those out. :)
Image

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: Visual Confirmation

Post by EXreaction »

People need to stop relying on captchas to prevent spam. They only work for so long and make things much more difficult for end users. Don't want someone posting xxx.com in your board? Well just use a mod that blocks certain words from being posted and put in xxx.com as a flag word. Now spammers can only spam a website once, after they do you just add the domain to the blocked list and you'll never get that again.

All you do by making harder captchas is make people work harder to register on your site. Isn't the goal usually to get more members? Why would they register at your site when they have to work harder to do it? If you make it too hard you just won't get any new registrations.

Post Reply