CAPTCHA useless?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
Dogs and things
Registered User
Posts: 2114
Joined: Fri Sep 01, 2006 9:04 am
Location: Spain
Contact:

Re: CAPTCHA useless?

Post by Dogs and things » Wed Mar 18, 2009 6:19 pm

And it's not only the human eye that has it's limitations, also the human patience is limited. Mine for example is not able te remain calm if I have to re-submit a form just because I wasn´t able to copy the code hidden in it's Captcha. If I do not really really want to join a certain site or send a certain form I just leave it if it's nearly impossible.

And that's a person who is pretty used to deal with Captchas, imagine a more Captcha illiterate person.

I think, for my site, that user accessibility and ease of use is of the utmost importance. And Captcha is not part of that.
For phpBB2 support visit phpBB2refugees.

karossii
Registered User
Posts: 3
Joined: Fri Mar 20, 2009 10:58 am

Re: CAPTCHA useless?

Post by karossii » Fri Mar 20, 2009 11:22 am

I know that as soon as I see a captcha system, my first instinct is to run away. I hate them, and only register on boars using them if I really HAVE to. Like I just registered here because I need help with some questions on phpBB; and I know that it is unlikely I will get the answers anywhere else.

But if it is just a question of checking out some new site a friend recommended, or maybe a casual interest in a site from a search engine, I just forget all about it if I see a captcha. I hate the stupid things!

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: CAPTCHA useless?

Post by Eelke » Fri Mar 20, 2009 11:43 am

Well, some might say they are happy to get only users that are genuinely interested in their site ;) Still, annoying users is never a good thing. Problem is, there is no great alternative.

Geed
Registered User
Posts: 197
Joined: Sat Sep 20, 2008 1:02 am
Location: Princeton, NJ
Name: DG Kim
Contact:

Re: CAPTCHA useless?

Post by Geed » Sat Mar 21, 2009 9:51 pm

I made it so that users had to check their emails to register, and that seemed to fix many problems.
DG Kim | Princeton '18
Electrical Engineering

User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: CAPTCHA useless?

Post by ChrisRLG » Sat Mar 21, 2009 9:52 pm

Geed wrote:I made it so that users had to check their emails to register, and that seemed to fix many problems.
Bots can do that easy - so that is no help to stop them registering.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing

Kim_Possible
Registered User
Posts: 1343
Joined: Sun Sep 21, 2008 3:57 pm

Re: CAPTCHA useless?

Post by Kim_Possible » Sat Mar 21, 2009 11:29 pm

ChrisRLG wrote:Bots can do that easy - so that is no help to stop them registering.
That is traditionally true, but on my largest board, we are getting a half-dozen registrations a day (this is way down after I tweaked the CAPTCHA), but even the ones that are registering are not activating. In this new wave of spam bots, I've not had a single one activate their account via email.

I know bots can . . . they just aren't this time around. Email activation is currently our best anti-spam weapon. :D

Could just be me though. :)

User avatar
stickerboy
Former Team Member
Posts: 7349
Joined: Mon Mar 29, 2004 2:27 pm
Location: Airdrie, UK (127.0.0.1)
Name: Kenny Cameron
Contact:

Re: CAPTCHA useless?

Post by stickerboy » Sat Mar 21, 2009 11:49 pm

I implemented this - http://www.phpbb.com/kb/article/custom- ... mmer-tool/
12+ days and counting (*knocks on wood* :P) with no spam registrations. I still have email activation turned on and CAPTCHA showing, but this seems to be working a great deal :)
I'm a web-designing code-decrypting tech-support musician
|| Twitter || Flickr || phpBB Snippets ||
Formerly known as cherokee red

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: CAPTCHA useless?

Post by Dog Cow » Sun Mar 22, 2009 9:17 pm

ChrisRLG wrote:
Geed wrote:I made it so that users had to check their emails to register, and that seemed to fix many problems.
Bots can do that easy - so that is no help to stop them registering.
Some bots, such as XRumer, use a regular expression to search for the email by its subject, as is default by many popular forum systems. So it may help to change the subject of the registration email to something non-standard. Removing the words 'Welcome' and 'activation' might help, since those are two words which the bots look for. Just have the welcome/activation email subject be simply the name of your web site. People ought to figure that out easily.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

User avatar
MartectX
Translator
Posts: 1324
Joined: Wed Dec 19, 2007 8:05 pm
Location: Marienplatz

Re: CAPTCHA useless?

Post by MartectX » Mon Mar 23, 2009 12:51 pm

If I were writing such a bot I'd have him search the body for the domain name. I register to phpbb.com - I search the body of all incoming emails for phpbb.com.

So I don't think it's worth it to change activation mail wordings, because the link to your board has to be there anyway.

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: CAPTCHA useless?

Post by Eelke » Mon Mar 23, 2009 1:16 pm

Well, is it really important what you would do? You are not writing these bots (I hope) :) Bad code is produced all the time, why would spam bots be any exception?

CMCDragonkai
Registered User
Posts: 483
Joined: Sat Jun 09, 2007 11:37 pm
Location: Australia.. and other parts of the world sometimes...

Re: CAPTCHA useless?

Post by CMCDragonkai » Tue Mar 24, 2009 8:50 am

What about flash based captcha? Anybody thought of using that? Last I heard, flash was hard for search engines to index, so if you intend it not be indexed, I'd think bots would have hard time reading flash.
Show phpbb threads as html articles. V.5.03 Thanks Erik! (This will be updated constantly as I or others contribute...) This code is to be used on external HTML page, but if you want a template version see here.

For the best PHPBB total modification to posting - bbcode, embedding... everything! Visit MSSTI's ABBC3 Modification.

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: CAPTCHA useless?

Post by Eelke » Tue Mar 24, 2009 8:59 am

Same principal applies: once phpBB adopts it, the incentive to crack it becomes so large it doesn't really matter how hard it is. Also, Flash has much narrower support than an image. BTW, Google can index Flash just fine, nowadays ;) Don't know about other search engines, but I'd expect them to follow suit.

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: CAPTCHA useless?

Post by onehundredandtwo » Tue Mar 24, 2009 9:50 am

Using Flash assumes that the end user has Flash installed on their system, which is not always the case.

And unlike PHP, Flash is not Open-Source and the person who creates the Flash CAPTCHA would need an Adobe CS3/4 Flash License or some other Flash developing tool.
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above

User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Re: CAPTCHA useless?

Post by Kellanved » Tue Mar 24, 2009 10:24 am

CMCDragonkai wrote:What about flash based captcha? Anybody thought of using that? Last I heard, flash was hard for search engines to index, so if you intend it not be indexed, I'd think bots would have hard time reading flash.
On the contrary, flash is incredibly simple. php flash support is good enough to write small flash applications on the fly, the problem is that the flash program will contain the information in a format that is easy to parse - the flash player has to understand it after all. A bot wouldn't bother with the actual display, it would just decompile the flash animation.
Nocando is in Idontwanna county. No support via PM

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: CAPTCHA useless?

Post by Dog Cow » Tue Mar 24, 2009 2:01 pm

Also, there's the problem I've discovered which is that it appears to be impossible to securely pass variables between a server and the Flash client. That is because the Flash client runs on the client PC, so any HTTP requests it makes to the server (such as to get the Captcha text it is supposed to display) can be traced and logged by the end-user.

Even encrypting the communication is not the final solution, for the Flash client can be readily decompiled and the encryption algorithm exposed.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

Post Reply

Return to “phpBB Discussion”