Drop captcha - instead more thoroughly check new members?

Page 1 of 1 [ 10 posts ] 

Hopper
Veteran
Veteran

User avatar

Joined: 22 Aug 2012
Age: 46
Gender: Male
Posts: 1,920
Location: The outskirts

23 Jan 2016, 6:26 am

The nuisance of Captcha is a common cause for complaint. I haven't had anything but either a 'post a reply' loop or an error message in place of the image and box for about 24 hours. I'm trying to keep things short and quick, no quotes, so it doesn't get set off.

Yet, spammers be spamming. There's obviously a problem with a system that stops sincere members from posting, but lets spammers spam.

Would it be possible to drop post-captcha and instead more thoroughly check out new members? I just started a registration, and see there's a captcha there. Perhaps also require a few words from the applicant as to why they want to join, to double check their humanness? A question based on basic reading comprehension - 'Jane has two apples. Liz has three apples. In word form, how many apples do they have together?' kind of thing.

(I'm just stealing securty things I've seen on other forums I've signed up to, where the anti-spam checks were front-loaded at registration rather than throughout the site)

Perhaps with more restrictions on what can/can't be posted until after x number of posts?


_________________
Of course, it's probably quite a bit more complicated than that.

You know sometimes, between the dames and the horses, I don't even know why I put my hat on.


Edenthiel
Veteran
Veteran

User avatar

Joined: 12 Sep 2014
Age: 58
Gender: Female
Posts: 2,820
Location: S.F Bay Area

23 Jan 2016, 4:26 pm

I realize WP's infrastructure may not be up to it, but one technique I've seen work counts the flags and if a post is flagged X times, it is quarantined. If X number of posts from a user are quarantined, the user is quarantined for admin inspection.


_________________
“For small creatures such as we the vastness is bearable only through love.”
―Carl Sagan


TheAP
Veteran
Veteran

User avatar

Joined: 28 Dec 2014
Age: 27
Gender: Female
Posts: 20,314
Location: Canada

23 Jan 2016, 4:34 pm

Good ideas. I think we should have members have to write something about themselves before they are allowed to post. Moderators could grant posting privileges to legit-looking members and ban spammers before they could post.



eric76
Veteran
Veteran

User avatar

Joined: 31 Aug 2012
Gender: Male
Posts: 10,660
Location: In the heart of the dust bowl

23 Jan 2016, 5:37 pm

One sometime used approach elsewhere is to limit new posters to no more then three or four posts per day for the first twenty or thirty posts.



0_equals_true
Veteran
Veteran

User avatar

Joined: 5 Apr 2007
Age: 44
Gender: Male
Posts: 11,038
Location: London

23 Jan 2016, 7:49 pm

It shouldn't be a general post wall. If there has to be a there it should be a phpBB extension. It is interfering with the function of the forum.

I have made phpBB extensions and contributed to forum software.

User that have been here a while don't deserve this level of interference.

It hasn't blocked spam or load issues. Some anti-DOS protection from cloudflare is ok, but this not a good approach.

WP/Alex needs proper advice.



0_equals_true
Veteran
Veteran

User avatar

Joined: 5 Apr 2007
Age: 44
Gender: Male
Posts: 11,038
Location: London

23 Jan 2016, 7:56 pm

Edenthiel wrote:
I realize WP's infrastructure may not be up to it, but one technique I've seen work counts the flags and if a post is flagged X times, it is quarantined. If X number of posts from a user are quarantined, the user is quarantined for admin inspection.

My experience is any negative feedback gets abused.

The captcha is not for manual spam. It is a crude cloufloare firewall rule.

A custom extension can be made for the actual form with tick captcha. phpBB 3 is symfony based and and is extensible.

However it should apply to users who have been here for months or years.



eric76
Veteran
Veteran

User avatar

Joined: 31 Aug 2012
Gender: Male
Posts: 10,660
Location: In the heart of the dust bowl

24 Jan 2016, 1:46 pm

There are configuration options that the owner of this site can modify.



Edenthiel
Veteran
Veteran

User avatar

Joined: 12 Sep 2014
Age: 58
Gender: Female
Posts: 2,820
Location: S.F Bay Area

24 Jan 2016, 2:08 pm

Last night only 1 out of 5 of my comments ever made it through despite repeated attempts to get past captcha. I posted a small handful so a fair number were blocked. Most had no links or other BBCode, nor was there a correlation between new posts & replies. I flushed cookies & cache, I switched browsers, I switched from Linux to Windows. Nothing helped. I finally gave up and went to bed. This is getting stupid. What, exactly is gained by going through Cloudflare? It's not a full on cache server & the anti spam functionality of Captcha is ineffective.

Update: Whoooo-hooo! I'm 2 for 2 posted messages actually getting through today! Also, it makes me sad that I have to celebrate this.


_________________
“For small creatures such as we the vastness is bearable only through love.”
―Carl Sagan


Edenthiel
Veteran
Veteran

User avatar

Joined: 12 Sep 2014
Age: 58
Gender: Female
Posts: 2,820
Location: S.F Bay Area

24 Jan 2016, 2:25 pm

Update2: ratio is down to 50-50. Newest corellation: 6 lines, w/ no non-alpha characters made it through. 8 lines did not, repeatedly and with or without non-alpha.

Yeah, I know. Tilting at windmills...


_________________
“For small creatures such as we the vastness is bearable only through love.”
―Carl Sagan


0_equals_true
Veteran
Veteran

User avatar

Joined: 5 Apr 2007
Age: 44
Gender: Male
Posts: 11,038
Location: London

24 Jan 2016, 5:38 pm

The configuration setting should be to turn off this section of the cloudflare firewall. It is not fit for purpose.

It is common for admins turn on all most of the setting when they are not sure which settings will be useful.

phpBB extention is the right solution.

I had issues with quoted posts but this may be coincidence.