nolsilang

  • Lurking <i class=
  • Posts: 106
Re: Another reason to dislike reCaptcha
« Reply #15, on April 6th, 2012, 01:53 AM »
Quote from nend on April 5th, 2012, 07:27 PM
IMHO though, most bots I have seen get through most security lately are not bots but people. They create a account and get it unlocked for the bots to use it later. You can captcha the post maybe, allot of junk though just to keep a few bots out. :whistle:
Captcha protects from automation/bot(It can hit your forum thousands per day), if anything got through then the forum's staff should be able to take action. The reason they want an account is to post link, so I usually just limited that in forum permission. Stuff like website link on profile(min 10 post), link on post/signature(min 20 post) and so on. I think the forum's staff would be able differentiate between regular user and would be spammer. :)

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Another reason to dislike reCaptcha
« Reply #16, on April 6th, 2012, 01:59 AM »
No, no it doesn't, that's precisely the point.

The SMF one has been broken by bots for years. ReCaptcha has also been broken for at least a year. It's incredibly easy to automate - I've even seen JavaScript implementations for OCRing the text in a CAPTCHA and even limited neural network solutions (i.e. a JavaScript routine that's able to learn and improve its ability to process text)

Please understand, we know what CAPTCHAs can and can't do, we've been fighting spam with them for years, and we've learned their limitations only too well - which is why almost two years ago I implemented my own from scratch, which Wedge inherited.

CAPTCHAs are outdated and do not actively solve the spam problem.

Limiting the website link to 10+ posts doesn't really solve the problem either, the bots won't notice and will try it anyway, the human spammers might be discouraged. We have also made that entirely possible in Wedge, to limit website and signature to higher post counts, plus it's also possible to set things up where a user can put their signature in but it isn't visible until they made 10 posts (or whatever setting you want)
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial