As far as a general-purpose solution, yours is probably best since it probably wouldn't require retraining for each target site, as mine would.
However, I have a suspicion that most sites using Q&A have only one question, and once you've got the answer to that question... it's bombs away.
[RFC] stop distributing worthless CAPTCHAS in 3.1
- A_Jelly_Doughnut
- Registered User
- Posts: 1780
- Joined: Wed Jun 04, 2003 4:23 pm
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
The image CAPTCHAs included in phpBB are not "worthless".
There are a wide variety of spam tools out there, and they are constantly evolving. But when the "cube" captcha from phpBB3 was first broken a couple of years ago, it was successfully solved only about 25% of the time. I would guess that now that number is in the 50% range.
Even the 10 year old phpBB2 "grayscale" captcha is 39% effective against some modern spam tools.
Would an installer step to set up a captcha be a bad idea? No, not at all. But it is better to include some default image-based captcha otherwise.
There are a wide variety of spam tools out there, and they are constantly evolving. But when the "cube" captcha from phpBB3 was first broken a couple of years ago, it was successfully solved only about 25% of the time. I would guess that now that number is in the 50% range.
Even the 10 year old phpBB2 "grayscale" captcha is 39% effective against some modern spam tools.
Would an installer step to set up a captcha be a bad idea? No, not at all. But it is better to include some default image-based captcha otherwise.
A_Jelly_Doughnut
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Perhaps, and that's one reason that I proposed keeping ReCAPTCHA. Google at least seems to be actively maintaining it.
Steve
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Please write suitable UI to configure Q&A captcha during installation, then we'll set it as default and the problem will be solved.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
In this regard: .com thread: hammered by newly registered members
Not that I have a better solution than the current countermeasures, but it might be good the keep thinking about that.
Not that I have a better solution than the current countermeasures, but it might be good the keep thinking about that.
Last edited by MichaelC on Sat Nov 17, 2012 12:08 pm, edited 1 time in total.
Reason: Fixed unclosed URL tag
Reason: Fixed unclosed URL tag
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
NOTE: Fixed broken link due to unclosed URL tag.Ger wrote:In this regard: .com thread: hammered by newly registered members
Not that I have a better solution than the current countermeasures, but it might be good the keep thinking about that.
It sounds like Xrumer now has a database of phpBB Q&As. If they aren't actually parsing the question and calculating the answer, that makes my randomly-generated Q&A per registration suggestion even better. Xrumer would add the question to their database, but that exact question would be unlikely to come up on many boards.
Even with a great static question, once it got added to the database, the bots would have free run of your board until you noticed it and came up with a new question.
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
-
- Registered User
- Posts: 523
- Joined: Sat Apr 22, 2006 10:29 pm
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Just thought I would share this link... It's a different way of defeating bots (using games):
http://areyouahuman.com
http://areyouahuman.com
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Hum... It relies on js and, for the sounds, it relies on flash player... I think it will be rejected...
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
JS is fine, flash player certianly not.brunoais wrote:Hum... It relies on js and, for the sounds, it relies on flash player... I think it will be rejected...
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
- Jessica.
- Registered User
- Posts: 144
- Joined: Wed Feb 09, 2011 8:17 pm
- Location: Pennsylvania, USA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
This is what I use. It's really good.keith10456 wrote:Just thought I would share this link... It's a different way of defeating bots (using games):
http://areyouahuman.com