So then you're going to have to whois the domain and pray that the contact email address is valid and monitored.nickvergessen wrote:Because when captchas are broken or you cant solve them (blind) you still need to be able to contact the admin, to tell him captcha is broken or you are blind and cant solve?
[RFC] Contact Page
Re: [RFC] Contact Page
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: [RFC] Contact Page
I can't remember whether I have already said this, but the two main captchas (QA and recaptcha) are fine for blind people.
Re: [RFC] Contact Page
If you have a problem with the CAPTCHA (one of the bigger reasons on why to have a contact form) how do you contact the board admin if its on the contact form?
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
Re: [RFC] Contact Page
Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.
-
- Registered User
- Posts: 27
- Joined: Wed Dec 21, 2011 5:34 pm
Re: [RFC] Contact Page
Yeah exactly... works a treat. Also has the captcha completely configurable (always on, for guests only, disable altogether.)Ger wrote:Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
-
- Registered User
- Posts: 523
- Joined: Sat Apr 22, 2006 10:29 pm
- Contact:
Re: [RFC] Contact Page
+1Ger wrote:Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
I use this mod and it's great!
Re: [RFC] Contact Page
Well... there are anti bot systems that might work without captcha.
Make a tree thingy in the form tag.
Make CSS so that the last div inside the form tag is not displayed (no inline @class or @style)
Put that div inside the form (it's the last child of the form)
Inside that div:
Place 2 inputs.
1 input has a default value
The system chooses some characters from a list randomly to place in the @value
The system saves which one was in the $_SESSION variable.
When the form is submitted it compares. If they are different, an error is returned (just make up an error, don't push yourself)
The other input is empty. If it contains any text in it, then this is a bot.
For a cherry in the cake, place a selectbox. The user just need to say (between some options) if he's a bot or not.
The correct answer (option tag) is not always the one with the same @value but it's the one with the same text content (I need to investigate if <span> is allowed inside <option> to see if we can add random text invisible to the user).
Well... I think this way the bot must be really smart to get though. It must know CSS and know how to process CSS properly to decide about those two inputs. As an icing in the cake the select would also create quite a challenge to the thing to decide what to do with a selectbox.
Make a tree thingy in the form tag.
Make CSS so that the last div inside the form tag is not displayed (no inline @class or @style)
Put that div inside the form (it's the last child of the form)
Inside that div:
Place 2 inputs.
1 input has a default value
The system chooses some characters from a list randomly to place in the @value
The system saves which one was in the $_SESSION variable.
When the form is submitted it compares. If they are different, an error is returned (just make up an error, don't push yourself)
The other input is empty. If it contains any text in it, then this is a bot.
For a cherry in the cake, place a selectbox. The user just need to say (between some options) if he's a bot or not.
The correct answer (option tag) is not always the one with the same @value but it's the one with the same text content (I need to investigate if <span> is allowed inside <option> to see if we can add random text invisible to the user).
Well... I think this way the bot must be really smart to get though. It must know CSS and know how to process CSS properly to decide about those two inputs. As an icing in the cake the select would also create quite a challenge to the thing to decide what to do with a selectbox.
Re: [RFC] Contact Page
That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.
Re: [RFC] Contact Page
That's because there's that randomizer for the <select>. If we're able to do it ok we possibly can do that so that a bot cannot discover it.naderman wrote:That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.
We can also use an extra field for a simple question that is randomly selected and setted by the forum admin.
We can make things to make the process hard for the bots but, it's not possible to make it impossible for them because their makers have access to the source code.
-
- Posts: 171
- Joined: Sun Jan 29, 2006 1:00 pm
- Location: Germany
- Contact:
Re: [RFC] Contact Page
Hello,
very good discussion! BTW: For me it's a little bit strange to see people posting for Akismet which have been posting against other blacklists in past very often. Sorry, for this tiny off-topic. Okay, now back to this discussion.
For the very good Contact Board Administration MOD IMO only one feature is missing: Different recipients for different subjects or tasks.
My strategy:
1. Block spam posts and spam user account registrations done by spambots and human spammers!!! with blacklists. Redirect the very rare false positives to the contact page.
2. Protect the contact page with CAPTCHAs (or with another good different feature(s)).
If a contact page would been added to phpBB core so then please add an impress page, too!
Bye Martin
very good discussion! BTW: For me it's a little bit strange to see people posting for Akismet which have been posting against other blacklists in past very often. Sorry, for this tiny off-topic. Okay, now back to this discussion.
For the very good Contact Board Administration MOD IMO only one feature is missing: Different recipients for different subjects or tasks.
My strategy:
1. Block spam posts and spam user account registrations done by spambots and human spammers!!! with blacklists. Redirect the very rare false positives to the contact page.
2. Protect the contact page with CAPTCHAs (or with another good different feature(s)).
If a contact page would been added to phpBB core so then please add an impress page, too!
Bye Martin
Last edited by MartinTruckenbrodt on Fri Mar 16, 2012 9:02 pm, edited 1 time in total.
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs