Suspecting RC1 very soon!

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Locked
User avatar
Skeetergirl
Posts: 20
Joined: Tue Aug 22, 2006 4:11 pm

Re: Suspecting RC1 very soon!

Post by Skeetergirl »

WhiteWolfSix wrote: Is this post nr. 1000 in this topic? :lol:


Nope, but I think this one is. :lol:

User avatar
WhiteWolfSix
Registered User
Posts: 210
Joined: Fri Jan 21, 2005 9:05 am
Location: 48°43′N, 19°08′E

Re: Suspecting RC1 very soon!

Post by WhiteWolfSix »

Sorry, Skeetegirl, you have 1000th reply, not post. :P
Image
WhiteWolfSix (WW6)

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: Suspecting RC1 very soon!

Post by code reader »

first and foremost, i want to express my belief that flawed captcha should not hold back rc.
the captcha is a pretty well isolated part of the package, and can be replaced in its entirety without much side-effects on the rest of the package.
i don't think anyone seriously believes that rc1 will be eventually release "as is". it's well understood that there will be several RC cycles, and even possibly minor patches within each major RC (not sure about this part).
a well isolated part like the captcha can be easily replaced between RC stages, or even going from RC to gold, and even during the life of the product, eg. between 3.0.6 and 3.0.7.
if this is truly the only thing holding back the RC, i think rc should be released today.
Kevin Clark wrote: I'd like to hope they're going to include something along the lines of the VIP MOD which is extremely effective in phpBB2. Something where you can configure a question with a very specific answer and where you can change the wording very easily meaning the bots don't get the same 'question' so they can't learn how to 'answer' it.

this was discussed many times, and should have been done long ago.
i am not familiar with the vip mod, but i've written and used this "question and answer" thing for my site. in my implementation it is simple and hard-coded, because i was too lazy to do all the work required to edit and store the answer/question from the ACP, so i added it directly to the code.
if i would have written a full fledged mod, i think the following features should be considered (probably some/all of them exist in one mod or another):
  1. if guest posting is enabled at any forum, optionally this question/answer should be used to validate the guest poster (same as exists today with the captcha)
  2. the ability to define more than one such question, and have the registration page display one of them, either randomly or by some rule (say day-of-year % #of questions or always use one until it scrapped), so bots designers will have harder time preparing the "correct answer per site" database.
  3. store in the user's record in the database the registration question this user answered, so when a user is identified as spambot, we will know it was "cracked", and this question can be removed from the list. if there's only one such question, you know it's time to change it.
  4. add "mark as spambot" button to the mcp and/or quick-tools. this will perform the following actions:
    • remove this user
    • remove all the posts made by this user
    • ban the username, the email address, and the ip address
    • scrap the registration question this user have answered

-- i believe that the captcha-breakers have reached the level where any captcha they can't decipher will be too difficult for most humans, so the current way captcha is perceived (i.e., string of distorted characters) is no longer viable.

-- using questions is especially effective for real communities.
for instance, a bbs used by a school can expect all legit users to know the name of the principal or the exceptionally hot spanish teacher. it will also make all non-english boards almost 100% safe, at least for a long while.

-- for huge boards used by the general public this may not be good enough, but for the vast majority of the boards, i believe this method might be good for good.

thespirit
Registered User
Posts: 7
Joined: Mon Jan 29, 2007 4:16 pm

Re: Suspecting RC1 very soon!

Post by thespirit »

I highly agree with the simple question method. We had captcha turned on for a while and the only people it kept out was the people who couldn't read the text very well. Spam bots still got in. I took it out, hardcoded in the question "What is 5+2?" and I haven't had one spam bot since.

matthewf
Registered User
Posts: 147
Joined: Sat Feb 24, 2007 2:01 pm
Location: England

Re: Suspecting RC1 very soon!

Post by matthewf »

I think also that a question answer thing would be miles better, and able to add and remove the questions and answers yourself, even if its not a maths question, it could be simply like, "are you a spam bot?" or something similar I doubt any captcha will really last long, even IPB on one board I know, its captcha has been broken, so nothing lasts forever, and if you do try to improve the captcha, you may only make it so hard that humans won't be able to read it, just like the captcha mod that was in beta 1 and 2, (i think) and it had to be removed as it most were too difficult to read, so yeah, a a question and answer module is the way forward now

NeilUK
Registered User
Posts: 88
Joined: Mon May 01, 2006 7:55 pm
Contact:

Re: Suspecting RC1 very soon!

Post by NeilUK »

I only meant the VIP mod would be a good idea along with the improvements in the captcha, no harm in too much protection! I'm sure the improvements in the captcha are needed aswell otherwise they wouldn't be doing it. But the VIP mod is an amazingly simple and effective addition they could include
"Life Is What Happens To You When You Are Busy Making Other Plans" - John Lennon

Gumfuzi
Registered User
Posts: 232
Joined: Wed Apr 26, 2006 7:04 pm

Re: Suspecting RC1 very soon!

Post by Gumfuzi »

yes, those question-things are IMO best: i have installed the "anti bot question mod" and no bots anymore since then... :D

User avatar
Skeetergirl
Posts: 20
Joined: Tue Aug 22, 2006 4:11 pm

Re: Suspecting RC1 very soon!

Post by Skeetergirl »

I have also implemented the question/answer thingie and not one bot since! It has saved me lots of time and anger management! LOL

TimJBart
Registered User
Posts: 90
Joined: Mon Jan 28, 2002 8:24 pm

Re: Suspecting RC1 very soon!

Post by TimJBart »

Yeh these are all good suggestions.

It is not good enough to simply minimize the amount of bots registering to a board, they need to be permanently defeated. I agree that no CAPTCHA will work 100% as it will be broken in the future and we'll have the same bot problems as we do with phpbb2 now.

Seeing as we are about to have a brand new phpbb, it'd be good if they had a brand new approach to bots. We'll have to see what happens.

Interesting developments though, and I am pleased they decided to update us.
In vino veritas

User avatar
Kevin Clark
Support Team
Support Team
Posts: 751
Joined: Thu Feb 10, 2005 5:34 pm
Location: UK
Contact:

Re: Suspecting RC1 very soon!

Post by Kevin Clark »

The beauty of a question/answer is that it can be completely configurable through the admin panel

What is 3+2?
Which one of these is a colour? House, blue, car, hat
Type in the first word in this sentence?
Type 'join' into the box on the right

All very simple.

We already have the ability to add custom registration fields but they do not allow you to define a specific acceptable answer. I wouldn't have thought that was too tricky to add. And more importantly, everyone can write their own wording so there isn't a standard format which the bots could learn.
Type 'join' into the box on the right
Write the word 'join' into the box on the right
Type in 'join' here

Spambots have learnt how to read most of these bendy pixelated letters in captchas so they next line of defence must be something only a human can read and, crucially, understand.
Image

Locked