reCaptcha?

Discussion in 'Forum Software' started by MagicalAzareal, Oct 12, 2019.

  1. MagicalAzareal

    MagicalAzareal Magical Developer

    437
    332
    +206
    Someone told me that spambots have started using Google's own AI (computer vision) to break reCaptcha now and supposedly a lot of bots have started slipping past it.
     
  2. \o/

    \o/ an oddity

    181
    33
    +52
    reCAPTCHA has had known flaws for quite some time now. Its major effect is to annoy your visitors.
     
  3. zappaDPJ

    zappaDPJ Administrator

    6,858
    1,432
    +5,450
    As far as I'm concerned there's nothing more to say but I can't help but contradict myself so I'll keep talking :LOL:

    The first time I encountered reCAPTCHA was probably a while before the (re) prefix and that was enough for me to remove it from all my forums and nothing has changed since then. The fact that I rarely encounter it now tells me most site owners think the same. Over the years it's stopped me registering with multiple sites.

    The thing about it that makes me sigh/laugh/face-palm (take your pick) is it often goes hand in hand with web-masters who bleat on about the benefits of SEO. There's nothing more contradictory than attempting to screw every last morsel out of SEO and then kill it stone dead with a spam catching philosophy that locks new members out of your site and leaves them in despair.

    reCAPTCHA in all its forms is a blight on the Internet. It should be scooped to death with a dull spoon and buried six feet under.
     
    • Like Like x 3
    • Winner Winner x 1
    • List
  4. Wes of StarArmy

    Wes of StarArmy Adherent

    391
    117
    +144
    What better alternative is there, though?
     
  5. mysiteguy

    mysiteguy Administrator

    2,951
    1,387
    +2,279
    I believe the solution depends a great deal on how often the site is a target and what type of attackers.

    If it's human spam, then recaptcha makes no sense. If it's machine spam, it might, but only if your site isn't a site which has merited the attention of software which circumvents recaptcha. Big forums are often the target of more sophisticated means which require a bit more horsepower such as solving recaptcha, because the payoff is worth it for the spammer.

    I agree with not liking recaptcha, but its a workable solution for some sites especially if they don't have many other options. Heck, I don't like any forms of human verification, but its an arms race reality against spammers.

    And as important, if not more, than blocking spammers, is blocking the spam content before it's ever viewed by the user base. Human spammers will always get through registration. I have posts with links set for auto-moderation for new users, and it stops it 100%.
     
  6. Wes of StarArmy

    Wes of StarArmy Adherent

    391
    117
    +144
    I agree completely with mysiteguy. You're right that most spammers aren't going to take investment to get to 5 posts or whatever before they start spamming. Bots and humans are all about quantity rather than quality - if they can't spam you, they just move on to the next board instead of trying to figure out your system. The only exception is if your site is, for whatever reason, really important to them and then it's basically a cat and mouse game.
     
  7. zappaDPJ

    zappaDPJ Administrator

    6,858
    1,432
    +5,450
    If the Q&As are right which I'll admit takes some effort, I've found that to be 100% effective on every board I've managed to implement it on.
     
  8. doubt

    doubt Tazmanian

    4,796
    562
    +2,062
    They are.
    I have 50 of them, only 10 active.
    When a human breaks through another 10 going to be active.
     
  9. cheat_master30

    cheat_master30 Moderator

    3,805
    1,052
    +1,079
    The best Recaptcha alternative now (as it's arguably always been) is questions specific to the site topic, that only people versed in said topic could easily answer. Obviously the difficulty would depend on just how accessible to the general public said site needs to be, and the more niche it is, the more strict the requirements could be there.

    For instance, this one would be pretty brutal for most sites:

    http://random.irb.hr/signup.php

    Screenshot 2019-10-15 at 23.41.21.png

    But could work for a very dedicated, fairly high level maths community. Similarly, this question from my site's sign up process would be a tad obscure for a general gaming site (or anything outside the niche in general), but works well enough as one of many questions on a forum about a very specific series:

    Screenshot 2019-10-15 at 23.42.59.png

    Past that, well uniqueness is really the aim of the game. Anything generic will get cracked by bots eventually, since there's a huge incentive to bypass it in order to spam as many sites as possible. Meanwhile unless your site is some world class authority in its niche with millions of visitors a month, it's unlikely anyone's gonna bother building bots specifically to beat your anti spam counter measures.

    So the real solution overall is 'use tricky, niche specific questions' as the main solution, implement a bunch of other site specific counter measures when possible to throw off bots, and avoid anything like Recaptcha because it's used by too many other websites.
     
  10. \o/

    \o/ an oddity

    181
    33
    +52
    A horrible approach comes from the Arch Linux forum that requires executing a certain (non-portable) GNU/Linux command to register.

    I ended up building a solver for it so I could register there myself. I mean, if you absolutely want to stay a closed community, you probably missed the point.
     
  11. salem

    salem Adherent

    372
    142
    +84
    Only problem with that example is the answer is one the first page of google , a big no no for Q&A
     
  12. Jura

    Jura Devotee

    2,143
    747
    +236
    Q&A I found to be bad. I think low wage people answer them and store them in a database.
     
  13. cheat_master30

    cheat_master30 Moderator

    3,805
    1,052
    +1,079
    What kind of questions did you ask? Anything that's 'general knowledge' is probably not gonna deter many dedicated spammers.
     
  14. Jura

    Jura Devotee

    2,143
    747
    +236
    Questions related to the subject. That doesn't stop someone from creating a database or updating it.

    That's what happened on my forum. I made a new question and it'd work for a while then not at all.
     
  15. bevans49

    bevans49 Aspirant

    33
    63
    +7
    My site is about kart racing.
    Years ago I stumbled on "Type karting in the box" for the QA, for some reason the phrasing seemed to confound the bots.

    I don't use it anymore because I have a 100% effective add on for bots, and moderate the first 3 posts containing urls. The latter having the added bonus of stopping folks from registering just to freeload my traffic to their facebook page. :)
     
  16. zappaDPJ

    zappaDPJ Administrator

    6,858
    1,432
    +5,450
    Exactly that kind of Q&A has always worked for me. It's what I use on the majority of my forums and I rarely get spam of any kind.
     
  17. Jim McClain

    Jim McClain Senior Citizen

    1,973
    832
    +637
    Would "karting" AND "karting in the box" pass?

    Can you share the name of the plugin?
     
  18. bevans49

    bevans49 Aspirant

    33
    63
    +7
    karting is all I let through
     
    Last edited: Nov 1, 2019
    • Informative! Informative! x 1
    • List
  19. Personal observation - anything that requires actual thought does a pretty good job of blocking robot sign-ups and most spammers. I have two I use: a custom captcha where the instructions tell the user to skip x number of characters (this does a good job as it requires the user to actually read and implement the instructions) and questions that are presented as a graphic and require the answer to be in the proper format. Example: 'One plus one is:' (The answer is NOT '2' but 'two'.) I get few spammers on my sites. Requiring a minimum number of posts before allowing links AND keeping an eye out for new members bumping old topics takes care of those few.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.