phpBB doesn't allow a question AND captcha in registration!?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
Emper0r
Registered User
Posts: 170
Joined: Sun Feb 15, 2004 12:10 am

phpBB doesn't allow a question AND captcha in registration!?

Post by Emper0r »

Like, seriously? I'm using phpBB 3.0.10 and I wanted to use a question during registration to stop spambots, but to my dismay I found that if I chose to use a question under Spambot Countermeasures I couldn't also use CAPTCHA.

Seriously? Who thought that was a good idea?

Is there any way around this besides installing one of the CAPTCHA mods that shows it's last version as .09?

Attention phpBB developers. It's very simple, and it's amazing after all these years that you still don't get it:

1. Allow us to incorporate as many questions as we want into the registration process (without having to install a MOD).

2. Allow the use of questions AND CAPTCHA as a DEFAULT choice in the drop-down menu!

3. Create a Newly Registered User setting where people in the group aren't allowed to post hyperlinks via BBCode or HTML.

I'm shocked and a little disappointed that after all this time they still seem completely inept when it comes to security, considering phpBB is notorious for having such terrible security throughout its history.

*looks at vBulletin* did you guys get it right?
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70218
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by KevC »

CAPTCHA was broken over a year ago so it would be pointless.

A good Q&A question is all you need.
Emper0r wrote:1. Allow us to incorporate as many questions as we want into the registration process (without having to install a MOD).
You can.
Custom profile fields.
Emper0r wrote:2. Allow the use of questions AND CAPTCHA as a DEFAULT choice in the drop-down menu!
I've only ever seen that asked for once or twice. Not sure if anyone suggested the code to do it but you might find it on a search but like I say the captcha will be useless.
Emper0r wrote:3. Create a Newly Registered User setting where people in the group aren't allowed to post hyperlinks via BBCode or HTML.
Stopping people writing something.com whether plain text, or in bbcode is hard to stop because it just looks like text. Setting the newly reg'd users group to 1 will catch them out every time. Their raison d'etre is to get the spam out as fast as they can so they always give themselves away in the first post they make. When was the last time you saw a spam post on here for instance?
Emper0r wrote:I'm shocked and a little disappointed that after all this time they still seem completely inept when it comes to security,
Spam has nothing at all to do with security.
Emper0r wrote:considering phpBB is notorious for having such terrible security throughout its history.
phpBB had one issue about 10 years ago that was closed within hours. The rest has been unfounded afaik.

If by security you think it means spambots getting in (which it doesn't), EVERY board software has spambots. ALL of them have to find ways to try and stop them. ALL of those methods get beaten from time to time and we have to think up new ones. At the moment, a non searchable Q&A question is highly effective.
*looks at vBulletin* did you guys get it right?
They have spam too.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
Cpt. Blackbeard
Registered User
Posts: 443
Joined: Sat Oct 31, 2009 4:39 am
Location: USA
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Cpt. Blackbeard »

Kevin is 100% right here, I added a single Q&A with Custom Profile fields way back in Version 3.0.4 and that single question is still keeping the Spammers out, with CAPTCHA I was deleting 20+ Spammers a DAY. I suggest you use this post to learn Emper0r, phpBB has excellent built in protection if you take the time to find out, I did simply by reading the Topic pinned at the top of this Forum..
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22825
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Mick »

Emper0r wrote:*looks at vBulletin* did you guys get it right?
Yep, and phpBB is free!
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51587
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by stevemaury »

Only one little issue with your rant. You are incorrect. You could have 5,000 questions if you would like - no MOD required. http://www.phpbb.com/kb/article/custom- ... mmer-tool/

You are also incorrect about phpBB's security history. There have been ZERO exploits of any version of phpBB 3.0.x and only ONE for version 2.

Finally, as pointed out, spam is NOT a security issue. It is users registering who you don't want to register.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Pony99CA »

Emper0r wrote:Like, seriously? I'm using phpBB 3.0.10 and I wanted to use a question during registration to stop spambots, but to my dismay I found that if I chose to use a question under Spambot Countermeasures I couldn't also use CAPTCHA.
The Q&A spambot countermeasure is a CAPTCHA. You can only have one CAPTCHA at a time.

If you want a CAPTCHA and questions, use required custom profile fields as Kevin said.
Emper0r wrote:Create a Newly Registered User setting where people in the group aren't allowed to post hyperlinks via BBCode or HTML.
This is the only thing that you said that was close to being on the mark. I've long said that hyperlinks should be a group-based permission, not a global setting.
Emper0r wrote:I'm shocked and a little disappointed that after all this time they still seem completely inept when it comes to security, considering phpBB is notorious for having such terrible security throughout its history.
phpBB 2.x had some big security problems (I got bitten by one). phpBB 3.x went through a paid security audit and has only had two reported security problems -- an Atom feed problem displaying information to non-authorized users fixed in 3.0.7-PL1, arguably not a real "security" issue , but Naderman called it one; and a FLASH BBCode XSS problem in some browsers fixed in 3.0.8).

Given that you can have a CAPTCHA and multiple required custom profile fields already, I have to wonder who the inept one truly is. :roll:
Emper0r wrote:*looks at vBulletin* did you guys get it right?
Go for it. Enjoy paying $200, too.
stevemaury wrote:You are also incorrect about phpBB's security history. There have been ZERO exploits of any version of phpBB 3.0.x[....]
What about those two that I linked to above? Whether they were actually exploited or not, they did exist. phpBB 3.x has a good security record, but let's not exaggerate it.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51587
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by stevemaury »

There is a difference between a security "issue" and an "exploit". I stand by the zero figure for the latter.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Emper0r
Registered User
Posts: 170
Joined: Sun Feb 15, 2004 12:10 am

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Emper0r »

Clearly by "security" I meant spam bot issues. Personally, I find it a threat to the security of my community when spam bots flood in and post links to websites containing viruses, but we can play semantics all you want, I guess.

Well, help me out with the custom field part then. As far as I can tell they can enter any value as the answer and it will be interpreted as correct. How exactly is this the same as the Q&A? Makes it a lot easier to bypass, doesn't it?

Yes, all forum software gets spambots, but phpBB gets the largest share of them all, let's face it. At least you guys are FINALLY doing something to stop them, but I still think more could be done.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70218
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by KevC »

Emper0r wrote:Clearly by "security" I meant spam bot issues. Personally, I find it a threat to the security of my community when spam bots flood in and post links to websites containing viruses, but we can play semantics all you want, I guess.
Security is usually meant to mean an exploitation or vulnerability in the code that allows people to do things outside of their permissions. Spam is totally different.
Emper0r wrote:Well, help me out with the custom field part then. As far as I can tell they can enter any value as the answer and it will be interpreted as correct. How exactly is this the same as the Q&A? Makes it a lot easier to bypass, doesn't it?
Steve's first reply linked to a KB article explaining how to do it.
Emper0r wrote:Yes, all forum software gets spambots, but phpBB gets the largest share of them all, let's face it. At least you guys are FINALLY doing something to stop them, but I still think more could be done.
There are more phpBB boards than the others so that probably holds true but I doubt there is any real evidence that they're more susceptible. Q&A has been built in since the end of 2009 so yes we are doing something about it and have been for a long time.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
Emper0r
Registered User
Posts: 170
Joined: Sun Feb 15, 2004 12:10 am

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Emper0r »

Thank you for the prompt support and please excuse my bitterness earlier.
User avatar
Cpt. Blackbeard
Registered User
Posts: 443
Joined: Sat Oct 31, 2009 4:39 am
Location: USA
Contact:

Re: phpBB doesn't allow a question AND captcha in registrati

Post by Cpt. Blackbeard »

With my one Question I get Zero Spam, phpBB has done an excellent job providing ways to stop Spam but it's up to the end user to implement them as ANY Anti Spam measure that is used by every board by default will be promptly targeted and broken, uniqueness is the key, Q&A allows that.
Locked

Return to “[3.0.x] Support Forum”