[RFC] stop distributing worthless CAPTCHAS in 3.1

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
User avatar
Dog Cow
Registered User
Posts: 271
Joined: Wed May 25, 2005 2:14 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Dog Cow » Wed Nov 14, 2012 7:28 pm

As far as a general-purpose solution, yours is probably best since it probably wouldn't require retraining for each target site, as mine would.

However, I have a suspicion that most sites using Q&A have only one question, and once you've got the answer to that question... it's bombs away.

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by A_Jelly_Doughnut » Thu Nov 15, 2012 1:25 am

The image CAPTCHAs included in phpBB are not "worthless".

There are a wide variety of spam tools out there, and they are constantly evolving. But when the "cube" captcha from phpBB3 was first broken a couple of years ago, it was successfully solved only about 25% of the time. I would guess that now that number is in the 50% range.

Even the 10 year old phpBB2 "grayscale" captcha is 39% effective against some modern spam tools.

Would an installer step to set up a captcha be a bad idea? No, not at all. But it is better to include some default image-based captcha otherwise.
A_Jelly_Doughnut

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Pony99CA » Thu Nov 15, 2012 2:06 am

Perhaps, and that's one reason that I proposed keeping ReCAPTCHA. Google at least seems to be actively maintaining it.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Oleg » Fri Nov 16, 2012 12:55 am

Please write suitable UI to configure Q&A captcha during installation, then we'll set it as default and the problem will be solved.

User avatar
Ger
Registered User
Posts: 284
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Ger » Fri Nov 16, 2012 9:20 pm

In this regard: .com thread: hammered by newly registered members
Not that I have a better solution than the current countermeasures, but it might be good the keep thinking about that.
Last edited by MichaelC on Sat Nov 17, 2012 12:08 pm, edited 1 time in total.
Reason: Fixed unclosed URL tag
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Pony99CA » Sat Nov 17, 2012 2:50 am

Ger wrote:In this regard: .com thread: hammered by newly registered members
Not that I have a better solution than the current countermeasures, but it might be good the keep thinking about that.
NOTE: Fixed broken link due to unclosed URL tag.

It sounds like Xrumer now has a database of phpBB Q&As. If they aren't actually parsing the question and calculating the answer, that makes my randomly-generated Q&A per registration suggestion even better. Xrumer would add the question to their database, but that exact question would be unlikely to come up on many boards.

Even with a great static question, once it got added to the database, the bots would have free run of your board until you noticed it and came up with a new question.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by keith10456 » Wed Nov 21, 2012 4:31 pm

Just thought I would share this link... It's a different way of defeating bots (using games):

http://areyouahuman.com

User avatar
brunoais
Registered User
Posts: 964
Joined: Fri Dec 18, 2009 3:55 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by brunoais » Wed Nov 21, 2012 5:46 pm

Hum... It relies on js and, for the sounds, it relies on flash player... I think it will be rejected...

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by MichaelC » Wed Nov 21, 2012 9:59 pm

brunoais wrote:Hum... It relies on js and, for the sounds, it relies on flash player... I think it will be rejected...
JS is fine, flash player certianly not.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

User avatar
Jessica.
Registered User
Posts: 144
Joined: Wed Feb 09, 2011 8:17 pm
Location: Pennsylvania, USA
Contact:

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Post by Jessica. » Thu Nov 22, 2012 2:16 am

keith10456 wrote:Just thought I would share this link... It's a different way of defeating bots (using games):

http://areyouahuman.com
This is what I use. It's really good.

Post Reply