Captchas and Human Readability - Discussion

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
agent00shoe

Re: Captchas and Human Readability - Discussion

Post by agent00shoe »

NeoThermic wrote: Just a small point, asking math questions isn't a good idea. A lazy bot writer doesn't have to parse much bar a google result page:

http://www.google.com/search?q=What%27s ... nus%201%3F" target="_blank


With a bit of programming, I'm very sure most of the questions you've put in as samples could be googled by a bot.

Secondly, the system suffers the flaw that is constant in all situations: the forum admin.
If the code ships without stock questions, few admins are going to take the time to add questions/answers to the system. If the code ships with some default questions, many admins will just use those, and since plain text on a page can be parsed as plain text, it won't take more than 30 seconds of programming to wirte a bot to read and lookup the answer.

NeoThermic

The math thing was just an example. I forgot about google solving simple math problems, but if a bot searches for simple word problems, how will it know which word(s) the answer is?

I also mentioned before that there shouldn't be a standard set of questions, it should be filled out by everyone who wants to use it. If not a replacement, I think it's a good alternative to the current system.
agent00shoe

Re: Captchas and Human Readability - Discussion

Post by agent00shoe »

Yawnster wrote: Agent00shoe you seem to think that administrators are smart people, that always care about security, I am sure that NeoThermic can vouch that this is never going to be the case. Admins will only care about security usually until its too late, and the attack has happened..

What about forum systems that cater for lots of different languages? Say a forum has 10 forums, each devoted to a language.. which one do you choose as the start language? And how many questions do you have to translate?

Your idea is good, but its not really viable for this situation as simply languages have too many variables to work in this way.. In opinion..

Yawnster

I don't think you have to be smart to make up preschool level questions and answers. You really think I'm giving people too much credit by assuming they know things like meow=cat? Well, maybe from some of the forums I've come across. :lol: But for the average person it's very easy. They also don't have to care about security any more than they do now. If they want to now, they can use captcha. If they wanted to, they could also use something like this. It's just another option, nobody is making them use it.

If you have a forum with different languages, you could easily create different sets of validation questions to go with different language templates. It's so painfully simple and easy to use/edit/integrate into a page, the down sides to using it really aren't worse than the current captchas IMO.
User avatar
VxJasonxV
Registered User
Posts: 341
Joined: Sun Mar 02, 2003 2:51 pm
Location: Castle Rock, CO
Contact:

Re: Captchas and Human Readability - Discussion

Post by VxJasonxV »

agent00shoe wrote: You really think I'm giving people too much credit by assuming they know things like meow=cat?
Nyaaaa? Neko?

(Think outside the english box...)
"If You Support It, They Will Come."
"Construction"
User avatar
Eelke
Registered User
Posts: 606
Joined: Thu Dec 20, 2001 8:00 am
Location: Bussum, NL
Contact:

Re: Captchas and Human Readability - Discussion

Post by Eelke »

agent00shoe wrote: You really think I'm giving people too much credit by assuming they know things like meow=cat?

No, but we do think you're giving people too much credit if you think most of them will take the time/effort (even if you and me feel it's not much time and not much effort) to actually create these questions on their board - heck, 80% of people installing the product probably won't even know about the feature.

What I do think though, is that if someone knows about this feature, and is interested enough to enable it, it isn't a far leap to assume they will also take the time to configure it (i.e., this is an argument not to enable it by default). Especially if it says in big red letters that the feature is useless if not configured with custom questions (not supplying a default question set would probably help enforcing that).

Maybe it's a good idea to make the CAPTCHA system pluggable (and not make any assumptions about the actual test; it could be the classic graphical CAPTCHA, this "intelligence" test, a sound-based test, or whatever else someone happens to come up with in the future), allowing people to plug in their own CAPTCHA modules. This could be just one of those custom solutions. The variety of possible CAPTCHA types alone would probably already go a long way in making individual phpBB boards less volnerable to spam.

One big risk I see with this approach is that if someone creates a crappy spambot test, phpBB will be blamed for being vulnerable to spam bots.
agent00shoe

Re: Captchas and Human Readability - Discussion

Post by agent00shoe »

I agree most people probably want something that's ready to use out of the box with as little set up as possible. This was just an idea I threw out there. I also agree a variety of captchas would be a nice change from just images. It's not just phpbb's, everyone's captchas seem to be getting worse and there's no way these visual systems can last forever. I'll definitely be using this simple thought validator on my own, though, regardless of whether it catches on.
agent00shoe

Re: Captchas and Human Readability - Discussion

Post by agent00shoe »

I found this wordpress plugin that basically does what I did. It will be interesting to see how effective it is once people start using it.
User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Captchas and Human Readability - Discussion

Post by Highway of Life »

VxJasonxV wrote:
agent00shoe wrote: You really think I'm giving people too much credit by assuming they know things like meow=cat?
Nyaaaa? Neko?

(Think outside the english box...)
That's not a valid argument.
If the word "Cat" is displayed... it's in English.

For example, Spanish: El Gato, well, what's do spanish use for the English equivilant of "meow"?

And AgentShoe is right, you could easily set a language selection if you have a forum that support multiple languages, or a language other than English.
Having an alternative to CAPTCHA is not all bad, come on now!
You know, perhaps an Admin would like three options... three different types of user validation.

Gosh, you guys show know this!!

Many commonly-used coding features usually start in WordPress before they are widely used...
Image
User avatar
-=ET=-
Registered User
Posts: 214
Joined: Mon May 26, 2003 1:35 pm
Location: France

Re: Captchas and Human Readability

Post by -=ET=- »

Hello all,

Just another option instead of using captchas.
A French bank asks to use a keyboard where the places of the keys change each time the page is displayed.

To see this tool, click here...
http://www.ca-sudrhonealpes.fr/" target="_blank

Then on the red button in the middle of the page called "ACCEDEZ A VOS COMPTES".

For the bank this tool is used for the password (in addition of the account number).
For us of course it will allow to control only security codes made with numbers but if bots can't pass this tool it's enough :)
Eternal newbie
Yawnster
Registered User
Posts: 342
Joined: Sat Jan 29, 2005 9:18 pm
Location: London, UK
Contact:

Re: Captchas and Human Readability

Post by Yawnster »

Now I like that idea, using images for each number/letter and produce an on-screen keyboard for users to use.. However im sure the arguement is that its not the input thats the problem, its the method of stopping bots.. This can be bypassed by sending the data as raw POST requests.. which although I am unsure of the method, can be done..

Its a nice idea and will stop a lot of spammers in the short term, in the longer term it will just prove harder for the rest of us after they cotton on to the idea of using artificial POST Requests.. Also this wouldnt really be accessible to all users as well I believe..

Just my views.. Its a smart idea, and one that definately has a future, perhaps in brute-force prevention, but not in registration spam prevention I believe..

Yawnster
Nylith
Registered User
Posts: 2
Joined: Thu Sep 21, 2006 6:21 pm

Re: Captchas and Human Readability

Post by Nylith »

That system is used to prevent keyloggers from capturing your password. Since your mouse will be going to a different location each time to enter the desired number, capturing keypresses, mouse locations, and clicks won't help someone determine your password. This has nothing to do with Captchas, since this is just an alternative input method - sending the data over POST (as a bot would do) avoids it.
Post Reply