| Author |
 Topic  |
|
AnonJr
Moderator
United States
5768 Posts |
 Posted - 10 March 2008 : 15:44:01
|
As more and more stories like this [linkage] pop up, I'm wondering how much longer people will cling to the idea that they are (in their current incarnation) the best way to secure a site. I will agree that the did provide a measure of security (if properly coded ... up 'till now), but I never really liked them as they were frustrating enough to use for non-handicapped people, let alone someone with a disability that kept them from being able to read the text.
I guess the real question is what's next? I like the idea of the Gateway question, but I think its too hard to keep the question simple enough to be answered by a person and yet not repetitive enough to be libraried. Not to mention that there's always someone who looks at your question differently than you ever thought possible...
KittyAuth seems like a step in the right direction, but its also not a viable solution if you need to deal with disabled persons.
Seeing as the spammers don't seem to be going away any time soon, I wonder what the next step is... |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 10 March 2008 : 16:34:04
|
I don't think that this form of Captcha will survive either ; for one it requires a user to know something that may be trivial ("Is that a fox, or is that a Welsh Corgy?", "Is that a puppy fox or a kitten?"), and for two, it's a bit large don't you think?
Keeping real human spammers out is impossible I think ; you can block them after they do the damage, but that's it, and even that is mostly only temporary.
Keeping the automated posters out is doable, and does not require that much effort to be honoust.
Oxle is still spam and spammer-free ; this due to several systems:
- disallowed certain e-mail domains from registering. (Yes, it's cruel but seems effective)
- hidden encrypted field checks on post and post_info page, to prevent offsite forms being used.
- a different mandatory field in the registration page
- bots/crawlers/non recognized user agents and false ua's are redirected to themselves (http redirect)
That's it...
And, best thing ; I have even opened up guest posting at my site ; everyone can post using 'Guest' with password 'Guest', and even that is not being abused.  |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 10 March 2008 16:37:24 |
 |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 10 March 2008 : 16:50:16
|
So far the e-mail validation and a few other items have kept the spammers from blasting the Hope Fellowship forum as well, but there are an awful lot of people out there who look at CAPTCHA's as the be-all, end-all solution to spamming.
Add to that the increasing efficiency in which the current iterations are being broken, I was wondering if its time for a paradigm shift.
I should also add that making a different mandatory field required only stopped them from even getting to the pending members for a while. They seemed determined to pick on our little church site.  |
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 11 March 2008 : 08:18:51
|
quote:
Originally posted by AnonJr
. . . I like the idea of the Gateway question, but I think its too hard to keep the question simple enough to be answered by a person and yet not repetitive enough to be libraried. . .
I like the idea of a Gateway question too. . .but I think that there are bunches of simple questions.
What number comes after two?
What number comes after 101?
A hand has four fingers and one:
A hand has one ???? and four:
What color is the night sky?
The opposite direction of up is:
These are simple riddles.
And what intelligence level do you want on your forum anyway?
We could have a running topic on simple riddles and, I would imagine, get hundreds, if not thousands of gateway questions.
(Especially the number questions)
 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 11 March 2008 : 08:43:32
|
But there lies part of my point: Its relatively easy to build up a library of the simple riddles. (or at least the simple ones worth implementing - we all know where asking "what color is grass" got us...)
And yes, I often wonder if forums wouldn't be better served with a bit of an IQ test... the only problem is I know a lot of intelligent idiots.  |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 11 March 2008 : 09:27:05
|
What number comes after two?
What number comes after 101?
A hand has four fingers and one:
these questions have more than one answer just depends how you look at them, for example seven comes after two, and a hand has four fingers and one palm , but I'm sure those aren't the answers you meant. |
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 11 March 2008 : 10:31:37
|
quote:
Originally posted by HuwR
What number comes after two?
What number comes after 101?
A hand has four fingers and one:
these questions have more than one answer just depends how you look at them, for example seven comes after two, and a hand has four fingers and one palm , but I'm sure those aren't the answers you meant.
If you can't figure it out then. . .
But yes, and there's always two ways to spell a word.
Groveling to the lowest common denominator. . .
A random number generator to produce a number followed by plus two, or three, or four. . .
I won't spell it out anymore than that.
There's a lot bright minds, some of them very positive, that could adapt this method.
|
|
|
|
MaD2ko0l
Senior Member
United Kingdom
1053 Posts |
Posted - 11 March 2008 : 12:27:18
|
you coudl always ue a drop down box or somthign with a list.
for example
What number comes after two? Eight
Five
Three
One
woudl that not work out any better? altho you still have the question, the answers r there |
© 1999-2010 MaD2ko0l |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 11 March 2008 : 12:35:26
|
| That and Three, Five, and Eight all come after Two... |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 11 March 2008 : 14:19:50
|
| Something like: What is the velocity of a sparrow flying south with a coconut? |
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 11 March 2008 : 16:10:42
|
I've had the GateKeeper mod installed for six months or more and it works.
Zero spam and zero fake registrants.
New users still register and none have complained or even commented about the captcha mod.
And if anybody is too dumb  , or too much the smarta$$ to know the opposite direction of up is down. . .I would prefer to send them to a forum with a simpler format.
|
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 11 March 2008 : 16:45:17
|
quote:
What number comes after 101?
My immediate answer was 110... Who are you calling a geek? |
|
|
|
MaD2ko0l
Senior Member
United Kingdom
1053 Posts |
Posted - 11 March 2008 : 18:01:38
|
quote:
Originally posted by Podge
If the answers are in a dropdown box on the page where the question is asked then its a no brainer for the would-be spammer to circumvent it. For an effective captcha the answer can only be in a humans head/brain.
yes but if you have a few questions that randomly change then surely it will be harder for the spammers to registar seen as the questions/answers will be different each time they try to register |
© 1999-2010 MaD2ko0l |
|
|
|
leesh695
Junior Member
101 Posts |
Posted - 11 March 2008 : 18:09:26
|
What if you did...
Whats 1+1 then had a list of answers to the right but still requiring them to type the answer? |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
Posted - 11 March 2008 : 18:49:37
|
quote:
yes but if you have a few questions that randomly change then surely it will be harder for the spammers to registar seen as the questions/answers will be different each time they try to register
What they do is present the question to either the user of the application being used to spam or another user signing up for something else. Something like this;
1. User want to download some warez
2. User must enter a captcha before download link is presented
3. Image Captcha or gatekeeper question is scraped from Snitz forum
4. Image Captcha or gatekeeper question is presented to user who wants warez
5. User enters captcha or answers gatekeeper question
6. Snitz forum is spammed using the warez users help
There are ways around everything. |
Podge.
The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)
My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board
Warning: The post above or below may contain nuts. |
|
|
|
Topic |
|
Topic Locked
