Goggles noCaptcha reCAPTCHA

These requests for comments/change have lead to an implemented feature that has been successfully merged into the 3.2/Rhea branch. Everything listed in this forum will be available in phpBB 3.2.

Use noCAPTCHA reCAPTCHA

Yes the core code should change
37
84%
Yes but as an extension
7
16%
No I like spammers
0
No votes
 
Total votes: 44

User avatar
RMcGirr83
Registered User
Posts: 357
Joined: Fri Mar 09, 2007 1:51 am
Contact:

Goggles noCaptcha reCAPTCHA

Post by RMcGirr83 » Mon Mar 30, 2015 5:50 pm

I have not started a ticket for this just looking for feedback. Google has implemented a new sort of Captcha that they are referring to as the "nocaptcha recaptcha".

Thought is to replace the current reCaptcha with this version. I have mocked up my test forum to see how it works and have attached some pics for discussion.

So here's the question. Should this be incorporated to change the core code of the software to use it instead of the current iteration or as an extension. Pretty sure everyone is aware that the current implementation of reCAPTCHA has been broken for quite a while now.
Attachments
Initial_registration.png
Initial_registration_passed.png
registration_session_expired.png
registration_session_expired_challenge.png
sucess.png
Do not hire Christian Bullock he won't finish the job and will keep your money

User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

Re: [RFC] Goggles noCaptcha reCAPTCHA

Post by VSE » Mon Mar 30, 2015 9:26 pm

Since this is Google replacing reCaptcha with a new captcha, I do think the core should be updated to replace the old with the new.

1. It means people don't have to make the extra effort to find, download and install it as an extension, provided they even know to look for it.
2. I bet it probably looks better if we can keep up to date with the available security measures we offer, out of the box.
Has an irascible disposition.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Goggles noCaptcha reCAPTCHA

Post by Pony99CA » Mon Mar 30, 2015 9:52 pm

Is this replacing the old reCAPTCHA or is it something new in addition to reCAPTCHA (the linked site says that it's a new API)? If it's new, we should probably support both -- unless we're finally going to remove all of the useless CAPTCHA plug-ins (why those broken CAPTCHAs weren't removed in 3.1 is beyond me. :().

So I'm leaning toward adding a new plug-in to the core.

Steve

P.S. While I appreciate the effort, those screen captures didn't really help at all, IMHO. I couldn't tell what was supposed to happen there and shots 2 and 5 seem the same. The linked site was much more useful to understand what was going on.
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
RMcGirr83
Registered User
Posts: 357
Joined: Fri Mar 09, 2007 1:51 am
Contact:

Re: [RFC] Goggles noCaptcha reCAPTCHA

Post by RMcGirr83 » Tue Mar 31, 2015 1:05 am

Concerning the screen shots. #2 is from simply checking the box, number 5 is from the session timing out (seems there is some sort of time out even after checking the box originlly) which then causes the orginalish recaptcha to display once the box is clicked on again. Once answered correctly the box gets a green check mark again.

Pretty sure Google decided to keep the original reCAPTCHA so that it didn't break those that currently have it in use. I wouldn't doubt it will go the way of the dodo bird similar to how OAuth 1.0 is being replaced by OAuth 2.0.
Do not hire Christian Bullock he won't finish the job and will keep your money

User avatar
hanakin
Infrastructure Team
Infrastructure Team
Posts: 788
Joined: Sat Dec 25, 2010 9:02 pm
Contact:

Re: [RFC] Goggles noCaptcha reCAPTCHA

Post by hanakin » Sun Apr 05, 2015 8:28 am

I say make it an extension but one that's easily plugged into core when the time comes that way we can push it out now.

User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

Re: [RFC] Goggles noCaptcha reCAPTCHA

Post by VSE » Sun Apr 05, 2015 4:27 pm

hanakin wrote:I say make it an extension but one that's easily plugged into core when the time comes that way we can push it out now.
+1 to that too
Has an irascible disposition.

User avatar
Mess
Registered User
Posts: 197
Joined: Wed Jun 13, 2012 10:14 am

Re: Goggles noCaptcha reCAPTCHA

Post by Mess » Tue Apr 07, 2015 7:30 am

This should be in the core.
And the worthless once should be removed. They do a better job at keeping real humans from registering than bots.

A catcha plugin system would be nice. But right now I'm more concerned about having a working anti spam system out of the box.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: Goggles noCaptcha reCAPTCHA

Post by Pony99CA » Wed Apr 08, 2015 4:05 am

Mess wrote: A catcha plugin system would be nice.
Unless 3.1 removed it, there's been a CAPTCHA plug-in system since 3.0.6 (I think). If that still works in 3.1, there's really nothing to add to the core code. All that's needed is creating a NoCAPTCHA plug-in and adding it to the phpBB installer. (Removing the outdated CAPTCHAs should be done at this time, too.)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Elsensee
Development Team
Development Team
Posts: 36
Joined: Sun Mar 16, 2014 1:08 pm
Location: Hamburg, Germany
Contact:

Re: Goggles noCaptcha reCAPTCHA

Post by Elsensee » Wed Apr 08, 2015 1:59 pm

I really think we should add this to the core. Would be really stupid if security has to be an extension.

But if we decide to remove the old and broken CAPTCHAs as well we would only have two working CAPTCHAs in the core. I don't like that idea. Of course it is no better idea to leave the broken ones in, but having just two CAPTCHAs would look bad to me.
Are there any other not-broken CAPTCHAs out there in the www? :mrgreen:

User avatar
M.Gaetan89
Registered User
Posts: 64
Joined: Tue Jan 28, 2014 7:17 pm
Location: Divonne-les-Bains, France
Contact:

Re: Goggles noCaptcha reCAPTCHA

Post by M.Gaetan89 » Wed Apr 08, 2015 5:56 pm

Isn't it better to have "only" 2 working captchas (for the end-user) instead of more with some broken ones?
More captchas can be added with extensions (I guess?) anyway.

Post Reply