Wedge
Public area => The Pub => Off-topic => Topic started by: CJ Jackson on April 11th, 2011, 05:21 PM
-
Unfortunately spambots have got through reCAPTCHA, fortunately, the email address they use are so random, none of them have Gravatar. Those spambots programmers thought they outsmarted me, but they failed because they overlooked Gravatar (which is probably blocked by the great firewall of China) :D
What your opinion?
-
reCAPTCHA is long since too much a liability for my liking, if humans typically draw a 50% success rate (vs 25-30% success rate for bots), and the fact that it allows for off-by-one errors... no thanks.
We have a custom CAPTCHA that I wrote, draws 9 or so visibly distinct styles, including some animated ones. Sure, they're breakable, but not trivially or easily. It's been in use on arantor.org now since August and while I've had spammers sign up, I've had the grand total of 3 spam posts from a human spammer.
The other thing is that not everyone has a Gravatar, so while blog users (especially WP users/converts) will be fine, it's not a safe assumption for the purposes of combatting bots.
There are alternative methods, some of which have been integrated already ;)
-
The other thing is that not everyone has a Gravatar, so while blog users (especially WP users/converts) will be fine, it's not a safe assumption for the purposes of combatting bots.
-
Yeah, I guess it depends on the board ;)
-
reCAPTCHA is long since too much a liability for my liking, if humans typically draw a 50% success rate (vs 25-30% success rate for bots), and the fact that it allows for off-by-one errors... no thanks.
We have a custom CAPTCHA that I wrote, draws 9 or so visibly distinct styles, including some animated ones. Sure, they're breakable, but not trivially or easily. It's been in use on arantor.org now since August and while I've had spammers sign up, I've had the grand total of 3 spam posts from a human spammer.
The other thing is that not everyone has a Gravatar, so while blog users (especially WP users/converts) will be fine, it's not a safe assumption for the purposes of combatting bots.
There are alternative methods, some of which have been integrated already ;)
Is your version available to the public?
-
Yes it does, my board does not have any uploading facilities for avatar, so Gravatar is the only method. ;)
-
Is your version available to the public?
-
/megot that old version too :P but there is only one site to get it from.
-
but there is only one site to get it from.
-
3.5 :p
-
reCAPTCHA doesn't even have proper updates... seriously, there's always a retard saying "reCAPTCHA works. period." and it piss me off...
-
Well, technically, that's true. (For software that works, of course.)
-
I would use akismet, that it is something more stable and it actually let you track the amount of spambots you have...
-
That's one answer for Pete I believe ;)
(4200! This... is... Geekland!!)
-
Any good antispam measure taken on wedge? I mean, would you add spinning and flying captchas or captchas which the only way to pass through it is singing ABBA's songs (is widely known that spambots can't sing ABBA's songs).
-
Not good idea for those who are deaf...
-
Any good antispam measure taken on wedge?
-
Not good idea for those who are deaf...
/sarcasm
-
Not good idea for those who are deaf...
/sarcasm
-
Any good antispam measure taken on wedge?
-
Spambot should go to bed for Bad Behaviour, with no supper, but seriously I do use that on Wordpress! :)
-
Not good idea for those who are deaf...
/sarcasm
(I always wanted to be that cranky old man that complains about the music volume :lol: )
-
No, when I mean I'm deaf...I'm seriously deaf in both ears, I become deaf when I was 3 years old...
-
We know that, Dismal. But I think you should be less upset/frustrated about people treading this lightheartedly. They're not making fun of deaf people at all, and certainly not of *you*, you can be sure of that.
-
No, when I mean I'm deaf...I'm seriously deaf in both ears, I become deaf when I was 3 years old...
-
Anyway, anti-spam should not use sound only but I'm happy with Bad Behaviour in Wedge
-
OK, right now, here's what we have.
9 or so CAPTCHAs, originally designed and written by me, using a variation of the code base as visible on arantor.org on registration. Some of them are animated, but the thing is, the variety of images really kicks out bots.
I also added Bad Behaviour as discussed, though I need to update to the latest version because I integrated it directly.
I do plan to rework the audio CAPTCHA too because right now it's actually almost as vulnerable as SMF's main CAPTCHA is.
-
I know many spambot can read javascript, but how many of them can execute javascript?
-
And if you make it dependent on JS, any device that can't use JS is excluded which rules out some smartphones.
-
but not all smartphones, right? ;)