New CAPTCHA

[eviL<3]

My idea is to be sure that no spammer or bot could log in is to create a system with a question and 3 or 4 answers linked to images, all customizable by users to have a very large number of possibility. Exemple :

Select the animal which can fly :
[ ]
[ ]
[ ]

Problem is, that this is even less secure than captcha in some ways, as the bot has a 25% chance. But he has to guess, of course...

[actarus]

My idea is to be sure that no spammer or bot could log in is to create a system with a question and 3 or 4 answers linked to images, all customizable by users to have a very large number of possibility. Exemple :

Select the animal which can fly :
[ ]
[ ]
[ ]

Problem is, that this is even less secure than captcha in some ways, as the bot has a 25% chance. But he has to guess, of course...

Increase the num ber of picture (5 = 20 %) and ask 3 question (.2*.2*.2= 0.008) which is pretty good enough ! Even with 3 questions, this is fastest for the user than type a captcha.

[Sebastian R.]

I don't think that math questions are the best ones for a bot. As you know these questions are plaintext and no problem for a math parser.

[Yawnster]

The problem with that is that the pictures wont change.. Thus its very easy to write a bot for it. You can combat this by asking administrators to upload different images, but how many of them will actually do it? Maybe at most 10%, thus its virtually useless.

Good Idea. But in practice doesnt work with a software package like phpBB.. Yawnster

[Fountain of Apples]

Of course, remember, if you have a board with lots of spam registrations, you could just require admin activation on your board.

[Martin Blank]

I'm actually nearing exactly that. It would also help deal with the users who have trouble spelling their e-mail addresses.

[Fountain of Apples]

I'm actually nearing exactly that. It would also help deal with the users who have trouble spelling their e-mail addresses.

Ohhhh kaaaay...

If they can't spell their own e-mail address, they don't deserve to register.

[APTX]

You have to re-type your email... if people copy&paste them then they relly don't deserve to register.

[Captain Kirk]

I voted for that as well... but alas, it was shot down.
I still would like a more readable option, per reasons already posted by FOA

Yes, it would be alot better to have the choice for the older ones or the newer ones.
some of the newer ones are difficult.

[Lieutenant Clone]

Hmm, well the practice I have seen poping up on most large boards theses days (as an example, steampowered.com), is no CAPTCHA at all, and a moderator must approve your account. After account creation, you can login but cannot post until approved, but if you get "unnaproved" then your account is deleted.

Mabey it should be an option like

Resgistration Security:
[ ] Moderator Approval
[ ] Visual Confirmation
[ ] Both
[ ] None

Id go for that. For any board where a mod/admin is on atleast once a day, moderator approval works great. But for those smaller boards that dont have such moderation power, they could opt for the CAPTCHA to keep users from waiting. And the small boards are less likely to be target for spam registrations.

And honestly, even if they do spam registrations, its allot easier to just dump them off an approval queue, instead of the usual hunt through the member list.

(please note I think registration approval is already in PHPBB3, im just saying, the security options should be presented in the manner above)