"Custom Profile Fields"-antispam method not working in 3.1.x cause of "cheat-arrows"

[skobki]

Hello, dear community!

This is my first message @ this forum, so at first I wanna say big thanks for such great thing as phpBB. I really enjoy this forums!

Now about the problem.

1) in <3.0.x versions of phpBB it was quite effective to use "Custom Profile Fields"-antispam.
2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.
3) Problem: In 3.1.x its impossible now to use "Custom Profile Fields"-antispam because now we got "arrows", which defines hidden value. I call them "cheat-arrows". If you click at any of this arrows you would get right answer.

May be its good idea to remove this arrows in next release (make everything as it was before, at <3.0.x)? And also would be nice to know how remove this arrows at current version of phpBB.

Thanks!

Kind regards,
Nikolay

[Brf]

It has never been a good idea to use multiple-choice questions as a spam preventative. Multiple-choice questions always give the spam-bots a percentage chance to answer correctly.

[skobki]

Its not really multiple-choice questions. I put description only to show the problem with numbers. You could ask any questions even without showing tips.

This method worked perfectly for a years. Now it doesn't

Help please

[DavidIQ]

The up and down arrows are a function of the browser. How does this affect SPAM exactly? If I am a human spammer and want to register on your forum I can guarantee that the arrows being there or not will not be a deciding factor in my completing your registration. Same thing with a SPAM program.

There is nothing broken or wrong here. The fact that they are showing in 3.1 is a result of HTML 5 elements being used.

[skobki]

The up and down arrows are a function of the browser. How does this affect SPAM exactly? If I am a human spammer and want to register on your forum I can guarantee that the arrows being there or not will not be a deciding factor in my completing your registration. Same thing with a SPAM program.

Its affect a lot. Its really easy to teach spam program to use this "arrows" automatically. Its making "Custom Profile Fields"-antispam method useless and a lot of forums would be hurt because of it.

Main problem here that this arrows DEFINE right answer. Its making whole idea of that anti-spam method worthless.

p.s.
Problem @ phpBB tracker

[HiFiKabin]

The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?

[DavidIQ]

Its affect a lot. Its really easy to teach spam program to use this "arrows" automatically. Its making "Custom Profile Fields"-antispam method useless and a lot of forums would be hurt because of it.

Main problem here that this arrows DEFINE right answer. Its making whole idea of that anti-spam method worthless.

p.s.
Problem @ phpBB tracker

You are incorrect. Not many forums use custom profile fields to prevent spam. They use the proper spambot countermeasures. Also you really think teaching a spam program to use these arrows is needed? They already know how to fill out the fields without the arrows.

[skobki]

The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?

In my first message:

2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.

------------

You are incorrect. Not many forums use custom profile fields to prevent spam. They use the proper spambot countermeasures.

May be not so many, but there are some %. Nobody can tell certain number, but for example, I'm administrating several forums which using such protection. I think there are some other active and popular forums with double protection too.

Also you really think teaching a spam program to use these arrows is needed? They already know how to fill out the fields without the arrows.

My forums didnt get spammed since I put fields. Before I put fields - several times per year I had problems with huge envasion of spammers. It was nasty. So, with all respect, I afraid you could be incorrect there - bots and spam programs don't know how to fill this fields in <3.0.x forums. If they would be able to do so - I would knew about it from my forums

[HiFiKabin]

The example you use is a question that has an answer so why not just set the Q&A captcha to do the same thing?

In my first message:

2) I still wanna use it in 3.1.x because I don't like that Q&A CAPTCHA don't give me a chance to use reCapcha. I like to have double protection - with a question from "Custom Profile Fields" and reCapcha.

I know you 'don't like' the Q&A captcha, but as it does exactly what you are trying to achieve I do not understand why.

I have KeyCaptcha on my forums and have less than one spam signup a month, and those are caught by the 'first post moderation'

'Double protection' does not help against SPAM. If Spammers get past one, they will get past the other.

[skobki]

I have KeyCaptcha on my forums and have less than one spam signup a month, and those are caught by the 'first post moderation'

'Double protection' does not help against SPAM. If Spammers get past one, they will get past the other.

"Fields" protection worked for years. Why it has to be changed if it worked perfectly?

Google made reCapcha 2 and I hope it would be implemented soon to phpBB. In this perspective having double protection would be even more useful then before (because recapcha 1 cracked). But still even recapcha 1 could help to avoid scammers who use "recording" macro software to spam at forums.

[HiFiKabin]

The captchas supplied with the phpBB download have worked for years, but now they don't. Why is that I wonder?

Things do not stand still. The Spammers try to stay one step ahead of you, you have to be smarter.

I repeat. Why don't you like the Q&A Captcha? In the time you have spent on this topic, you could have set the Q&A up and had no further worries

[DavidIQ]

My forums didnt get spammed since I put fields. Before I put fields - several times per year I had problems with huge envasion of spammers. It was nasty. So, with all respect, I afraid you could be incorrect there - bots and spam programs don't know how to fill this fields in <3.0.x forums. If they would be able to do so - I would knew about it from my forums

Not really any different now. The point is that these arrows don't help the spammers. They are a browser feature and those spam programs can't really use them. Unless you have some proof otherwise the whole premise behind the starting of this topic that spambots somehow use these browser-specific arrows to help in filling out profile fields is false.

Moved to phpBB discussion as this is not really a support question.

[javiexin]

What is the problem here?

Just declare the CPF as a STRING field, rather than as a NUMBER field, and that's it.

You will need to check the correct value anyhow, for a human there will be no difference, and you will not see those arrows that bother you so much.

Not that I understand the issue, honestly, I think that there are a lot of counter spam measures that work, as explained by others. But if you insist on this, the solution is as simple as I described, change the type of the CPF.

Regards,
-javiexin

[T0ny]

You could just edit /styles/prosilver/template/profilefields/int.html and remove the min="{int.FIELD_MINLEN}" max="{int.FIELD_MAXLEN}" parameters from the input tag

[javiexin]

You could just edit /styles/prosilver/template/profilefields/int.html and remove the min="{int.FIELD_MINLEN}" max="{int.FIELD_MAXLEN}" parameters from the input tag

That would affect ALL integer CPFs, not recommended. It is better to use a string CPF instead.