[RFC] stop distributing worthless CAPTCHAS in 3.1
-
- Support Team
- Posts: 40
- Joined: Sat Aug 30, 2008 12:44 am
[RFC] stop distributing worthless CAPTCHAS in 3.1
It is beyond argument that all the Spambot countermeasures currently included in 3.0.x, and apparently intended to be continued in 3.1, are worthless except for Q&A. Why do we want to keep including these broken CAPTCHAS and thus give users a false sense of security while they are innundated with spam? And then explain to the user why the "Spambot countermeasure" we provided, isn't.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Related: https://area51.phpbb.com/phpBB/viewtopi ... 08&t=42745
I agree - the amount of people installnig phpBB3, leaving the default CAPTCHA in place, and then complaining about spam is too high to ingore this problem.
I agree - the amount of people installnig phpBB3, leaving the default CAPTCHA in place, and then complaining about spam is too high to ingore this problem.
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
I'm sure we spoke about this before. One of the problems with making Q&A the default is that when installing phpBB you'd then have to include as part of the installation wizard a step to set the question and answer. I mean it's not really a "problem" per say but it is something that needs to be thought about and handled appropriately. Also I don't think we should do away completely with the current CAPTCHAS. They are still useful for some things.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
In my opinion, the question is how many spambots get through this worthless captchas.
If you get 10 spambots a day and the captchas stop 2 a day, then I would get rid of them, because in that case the false sense of security provided would prevent people from implementing a real and effective spambot countermeasure.
If Q&A is the best, a new installation step with a skip button would be the way to go for me.
If you get 10 spambots a day and the captchas stop 2 a day, then I would get rid of them, because in that case the false sense of security provided would prevent people from implementing a real and effective spambot countermeasure.
If Q&A is the best, a new installation step with a skip button would be the way to go for me.
-
- Support Team
- Posts: 40
- Joined: Sat Aug 30, 2008 12:44 am
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Q&A doesn't have to be the default. Make nothing the default and tell users after installation there is no captcha and recommend q& a. Like we do with removing /install.
- imkingdavid
- Registered User
- Posts: 1050
- Joined: Thu Jul 30, 2009 12:06 pm
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
That, except unlike the /install message, make it temporary.stevemaury wrote:Q&A doesn't have to be the default. Make nothing the default and tell users after installation there is no captcha and recommend q& a. Like we do with removing /install.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
That's not a good argument in my opinion. If we are already telling users to setup Q&A in the support forums (and we are), why not make it a step so that they don't have to worry about it once the installation process is complete? Hell, you can even make a "skip" button for those who are not worried about completing that step.DavidIQ wrote:One of the problems with making Q&A the default is that when installing phpBB you'd then have to include as part of the installation wizard a step to set the question and answer.
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
I agree with Tabitha and Steve. However, I'm not sure why this topic exists -- I suggested removing useless CAPTCHAs in the topic that Tabitha linked to (and Steve had posted in, too ).
I even proposed a scheme to generate default questions and answers so that no extra user step was required at installation.
Maybe we should merge these topics.
Steve
I even proposed a scheme to generate default questions and answers so that no extra user step was required at installation.
Maybe we should merge these topics.
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
As I said, it's not a "problem" necessarily it just needs proper handling during installation. But if we don't force the user to set up a CAPTCHA then we're going to have a bigger support problem Is it worse to have these "useless" CAPTCHAS than have no CAPTCHA at all?t_backoff wrote:That's not a good argument in my opinion. If we are already telling users to setup Q&A in the support forums (and we are), why not make it a step so that they don't have to worry about it once the installation process is complete? Hell, you can even make a "skip" button for those who are not worried about completing that step.DavidIQ wrote:One of the problems with making Q&A the default is that when installing phpBB you'd then have to include as part of the installation wizard a step to set the question and answer.
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
And as was mentioned there and I'll repeat here, assigning default Q&A answers from a set of questions and answers is going to be very easily breakable, more so than the current CAPTCHA that comes on by default. No matter how random you select the question/answer pair the list would still be available to SPAM bot developers at which point it would be a matter of adding them to their bots. At least with an image CAPTCHA the bots have to actually do some work to solve. In your proposal we're just giving them the answers.Pony99CA wrote:I agree with Tabitha and Steve. However, I'm not sure why this topic exists -- I suggested removing useless CAPTCHAs in the topic that Tabitha linked to (and Steve had posted in, too ).
I even proposed a scheme to generate default questions and answers so that no extra user step was required at installation.
Maybe we should merge these topics.
Steve
I'll let the dev team decide if this should be merged to that other topic or not.