"Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
skobki
Registered User
Posts: 10
Joined: Fri Jul 10, 2015 10:12 am
Name: Nik

"Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by skobki »

Hello, dear community!

This is my first message @ this forum, so at first I wanna say big thanks for such great thing as phpBB. I really enjoy this forums! :)

Now about the problem.

1) in <3.0.x versions of phpBB it was quite effective to use "Custom Profile Fields"-antispam.
2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.
3) Problem: In 3.1.x its impossible now to use "Custom Profile Fields"-antispam because now we got "arrows", which defines hidden value. I call them "cheat-arrows". If you click at any of this arrows you would get right answer.

May be its good idea to remove this arrows in next release (make everything as it was before, at <3.0.x)? And also would be nice to know how remove this arrows at current version of phpBB.

Thanks!

Kind regards,
Nikolay
Attachments
cheat-arrows.png
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52815
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by Brf »

It has never been a good idea to use multiple-choice questions as a spam preventative. Multiple-choice questions always give the spam-bots a percentage chance to answer correctly.
User avatar
skobki
Registered User
Posts: 10
Joined: Fri Jul 10, 2015 10:12 am
Name: Nik

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by skobki »

Its not really multiple-choice questions. I put description only to show the problem with numbers. You could ask any questions even without showing tips.

This method worked perfectly for a years. Now it doesn't :(

Help please :|
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17860
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by DavidIQ »

The up and down arrows are a function of the browser. How does this affect SPAM exactly? If I am a human spammer and want to register on your forum I can guarantee that the arrows being there or not will not be a deciding factor in my completing your registration. Same thing with a SPAM program.

There is nothing broken or wrong here. The fact that they are showing in 3.1 is a result of HTML 5 elements being used.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.
User avatar
skobki
Registered User
Posts: 10
Joined: Fri Jul 10, 2015 10:12 am
Name: Nik

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by skobki »

DavidIQ wrote:The up and down arrows are a function of the browser. How does this affect SPAM exactly? If I am a human spammer and want to register on your forum I can guarantee that the arrows being there or not will not be a deciding factor in my completing your registration. Same thing with a SPAM program.
Its affect a lot. Its really easy to teach spam program to use this "arrows" automatically. Its making "Custom Profile Fields"-antispam method useless and a lot of forums would be hurt because of it.

Main problem here that this arrows DEFINE right answer. Its making whole idea of that anti-spam method worthless.

p.s.
Problem @ phpBB tracker
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5784
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by HiFiKabin »

The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17860
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by DavidIQ »

skobki wrote:Its affect a lot. Its really easy to teach spam program to use this "arrows" automatically. Its making "Custom Profile Fields"-antispam method useless and a lot of forums would be hurt because of it.

Main problem here that this arrows DEFINE right answer. Its making whole idea of that anti-spam method worthless.

p.s.
Problem @ phpBB tracker
You are incorrect. Not many forums use custom profile fields to prevent spam. They use the proper spambot countermeasures. Also you really think teaching a spam program to use these arrows is needed? They already know how to fill out the fields without the arrows. ;)
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.
User avatar
skobki
Registered User
Posts: 10
Joined: Fri Jul 10, 2015 10:12 am
Name: Nik

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by skobki »

HiFiKabin wrote:The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?
In my first message:
skobki wrote: 2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.
------------
DavidIQ wrote: You are incorrect. Not many forums use custom profile fields to prevent spam. They use the proper spambot countermeasures.
May be not so many, but there are some %. Nobody can tell certain number, but for example, I'm administrating several forums which using such protection. I think there are some other active and popular forums with double protection too.
DavidIQ wrote: Also you really think teaching a spam program to use these arrows is needed? They already know how to fill out the fields without the arrows. ;)
My forums didnt get spammed since I put fields. Before I put fields - several times per year I had problems with huge envasion of spammers. It was nasty. So, with all respect, I afraid you could be incorrect there - bots and spam programs don't know how to fill this fields in <3.0.x forums. If they would be able to do so - I would knew about it from my forums :)
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5784
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by HiFiKabin »

skobki wrote:
HiFiKabin wrote:The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?
In my first message:
skobki wrote: 2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.
I know you 'don't like' the Q&A captcha, but as it does exactly what you are trying to achieve I do not understand why.

I have KeyCaptcha on my forums and have less than one spam signup a month, and those are caught by the 'first post moderation'

'Double protection' does not help against SPAM. If Spammers get past one, they will get past the other.
User avatar
skobki
Registered User
Posts: 10
Joined: Fri Jul 10, 2015 10:12 am
Name: Nik

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by skobki »

HiFiKabin wrote: I have KeyCaptcha on my forums and have less than one spam signup a month, and those are caught by the 'first post moderation'

'Double protection' does not help against SPAM. If Spammers get past one, they will get past the other.
"Fields" protection worked for years. Why it has to be changed if it worked perfectly? :)

Google made reCapcha 2 and I hope it would be implemented soon to phpBB. In this perspective having double protection would be even more useful then before (because recapcha 1 cracked). But still even recapcha 1 could help to avoid scammers who use "recording" macro software to spam at forums.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5784
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by HiFiKabin »

The captchas supplied with the phpBB download have worked for years, but now they don't. Why is that I wonder?

Things do not stand still. The Spammers try to stay one step ahead of you, you have to be smarter.

I repeat. Why don't you like the Q&A Captcha? In the time you have spent on this topic, you could have set the Q&A up and had no further worries
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17860
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by DavidIQ »

skobki wrote:My forums didnt get spammed since I put fields. Before I put fields - several times per year I had problems with huge envasion of spammers. It was nasty. So, with all respect, I afraid you could be incorrect there - bots and spam programs don't know how to fill this fields in <3.0.x forums. If they would be able to do so - I would knew about it from my forums :)
Not really any different now. The point is that these arrows don't help the spammers. They are a browser feature and those spam programs can't really use them. Unless you have some proof otherwise the whole premise behind the starting of this topic that spambots somehow use these browser-specific arrows to help in filling out profile fields is false.

Moved to phpBB discussion as this is not really a support question.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.
User avatar
javiexin
Code Contributor
Posts: 1157
Joined: Wed Oct 12, 2011 11:46 pm
Location: Madrid, Spain
Name: Javier
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by javiexin »

What is the problem here?

Just declare the CPF as a STRING field, rather than as a NUMBER field, and that's it.

You will need to check the correct value anyhow, for a human there will be no difference, and you will not see those arrows that bother you so much.

Not that I understand the issue, honestly, I think that there are a lot of counter spam measures that work, as explained by others. But if you insist on this, the solution is as simple as I described, change the type of the CPF.

Regards,
-javiexin
User avatar
T0ny
Registered User
Posts: 1383
Joined: Sun Jan 29, 2006 8:42 pm
Location: Lancashire
Name: Tony

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by T0ny »

You could just edit /styles/prosilver/template/profilefields/int.html and remove the min="{int.FIELD_MINLEN}" max="{int.FIELD_MAXLEN}" parameters from the input tag
User avatar
javiexin
Code Contributor
Posts: 1157
Joined: Wed Oct 12, 2011 11:46 pm
Location: Madrid, Spain
Name: Javier
Contact:

Re: "Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

Post by javiexin »

T0ny wrote:You could just edit /styles/prosilver/template/profilefields/int.html and remove the min="{int.FIELD_MINLEN}" max="{int.FIELD_MAXLEN}" parameters from the input tag
That would affect ALL integer CPFs, not recommended. It is better to use a string CPF instead.
Post Reply

Return to “phpBB Discussion”