Development Discussion Board

[MISIIM]

Try adding a simple math problem in the image (or a harder one possibly).

[ElbertF]

Aren't those easier for computers to crack then for humans?

[Cheater512]

Aren't those easier for computers to crack then for humans?

If the bot can read them then yeah it makes no difference.

[jriemerm]

I know the hope is for an effective method of spam prevention that is automated, and requires no work on the administrator's part. However, I wonder if there are sufficient efforts to make it easier for administrators to manually approve based on direct communication with registrants.

For preventing *registration* by spammers, one method would be to require registrants to answer one or a few questions specific to the forum, which would be emailed to the administrator (or posted on an easy-to-use administrator's response page). E.g. Please tell us a little about your background and interest in the subject of this forum. If the nature of the answer isn't coherent or relevant enough to convince the administrator they are legit, they could either simply disapprove, or send a follow-up question by e-mail if they're not sure.

The follow-up message to the registrant could be from a "do-not-reply" address to prevent being added to an e-mail spam list, with an embedded link to a form where they need to respond.

There could also be an option for an administrator's policy, such as I've seen on some blogs: Moderate every new registrants first post (or first several, a number chosen by administrator). Once it's been established their posts are not irrelevant, machine-generated posts, they are no longer moderated.

[gutterballk7]

There could also be an option for an administrator's policy, such as I've seen on some blogs: Moderate every new registrants first post (or first several, a number chosen by administrator). Once it's been established their posts are not irrelevant, machine-generated posts, they are no longer moderated.

This somewhat reminds me of another forum (either IPB or SMF, which I dislike both of course because phpBB is the best!) but it could be done some sort of cheap way with phpBB...erm. Well on other boards, you can set the user to be upgraded to a different usergroup depending on the amount of posts they have. So, you could have the default user group have their posts moderated in forums, then, once they reach xx posts, they are bumped up to a normal member which does not have moderated posts....

... the only problem with this is phpBB lacks an automatic upgrade on user groups. At the same time, I think it is a bad feature that could allow someone to gain power when you don't want them too. ... and it is just plain old confusing in general.

My one comment about the visual confirmation is that I tried registering a test account on my own phpBB3 test board, and I couldn't sign up without turning off the confirmation because I had a horrible time reading the dumb letters and numbers and figuring out what is what.

[regcodeSUCKS]

Hi, I am a human from the planet earth.
The visual confirmation images are way too hard to read for me. When do I know what the font's 'small letter' or 'big letter' is when they seem to change size randomly sometimes? It's made to fool the scripts isn't it, but then why did I have to spend 16 attempts including cookie resets to register? (which you can probably get scripts to do for you anyways? Macro? Something?)

I don't have any problem with my eyes, don't wear glasses or contacts and I'm able to read stuff even when it's small and far away. If I upgrade to this when it comes out I'll think all the users will be suffering the same hassle, and what if they don't know how to reset their cookies?

These are some problems from me, I don't like it and registration wasn't comfortable at all for me because of this :/
I just wanted to say.

[ElbertF]

Some suggestions:

• Read this to find out why
  
• Turn off Visual Confirmation
  
• Make your own

Either way, since this is the development board you can expect changes before the final release.

[okiem]

May I suggest three nice and easy option for prevent automatic captcha passing:

1. Make background with characters (but almost not visible). For automates it will be recognizable but human will read only those strong. To making this more complicated you can make two layers of captcha file - background (with very gray characters), and foreground (with black or color)

2. Post two captcha on one page and ask to put right cod in first, and FALSE in second. You can put even more captcha with randomizing order. You can also use randomize text for explanation (like: write FALSE, write Mistake, write nut True ...etc)

3. Use fonts which add small characters to some of them. F.e. G___Ta__ H___ Su__Z - this is only 5 characters with two odd.

[Highway of Life]

1. Make background with characters (but almost not visible). For automates it will be recognizable but human will read only those strong. To making this more complicated you can make two layers of captcha file - background (with very gray characters), and foreground (with black or color)

The problem is that most CAPTCHA's that are readable by humans can be readable by bots. The more difficult you make the CAPTCHA for a bot, the more difficult it will be for the human. There are many "tricks" being used by phpBB to make the CAPTCHA very difficult to crack, but it is always a matter of time before the bot script creators eventually figure out a way to read that particular CAPTCHA, it is then necessary to come up with a new method that will fool the bot scripts until they figure that one out.
The only "sure" way to prevent spam registrations is for each board owner to implement a truly unique spam prevention method on their board.

2. Post two captcha on one page and ask to put right cod in first, and FALSE in second. You can put even more captcha with randomizing order. You can also use randomize text for explanation (like: write FALSE, write Mistake, write nut True ...etc)

This is extremely easy for bots to figure out and will only add annoyance for users.

3. Use fonts which add small characters to some of them. F.e. G___Ta__ H___ Su__Z - this is only 5 characters with two odd.

Logic puzzles are never a good idea because there are humans that will have problems figuring those out.

[EXreaction]

People need to stop relying on captchas to prevent spam. They only work for so long and make things much more difficult for end users. Don't want someone posting xxx.com in your board? Well just use a mod that blocks certain words from being posted and put in xxx.com as a flag word. Now spammers can only spam a website once, after they do you just add the domain to the blocked list and you'll never get that again.

All you do by making harder captchas is make people work harder to register on your site. Isn't the goal usually to get more members? Why would they register at your site when they have to work harder to do it? If you make it too hard you just won't get any new registrations.