Protect the forum using CAPTCHA from
- Bruteforcing the passwords
- Spam in guest posts
- Bot registration
- Add CAPTCHA at:
- If user has passed the CAPTCHA, but mistaken in some other field of the form (the form is displayed again for user to correct the data), do not show the CAPTCHA again. I.e. user must pass the CAPTCHA only once to register.
- Here may be used the simple CAPTCHA kind of “Are you robot? Yes/No” Just use the random
name=“agree”for “Yes”. This will protect from common robots, but not from targeted attack, so this may be an option. Delay this for (pun_antispam 2.0)
- Guest post
- Same as for registration: do not ask CAPTCHA again if user has some errors, ask once per message.
- Or even once per N messages? (pun_antispam 2.0)
- Password restore
- Do not ask for the first N requests from the IP (pun_antispam 2.0)
- Do not ask for the first N requests from the IP.
- Add options to Administration ⇒ Settings ⇒ Features
- Use CAPTCHA on register page (checkbox, checked by default)
- Use CAPTCHA on guest posting (checkbox, checked by default)
- Use CAPTCHA after 5 login failures (checkbox, checked by default)
- Use CAPTCHA on password restore form (checkbox, checked by default)
- Add database values to the config table
- CAPTCHA implementation
- Use sessions to store the code.
- Delay before image output (0.3 s).
- When the test is passed by the user, do not ask again it again on other pages for some time (or until user does something suspicious).
- TODO: Describe how the code will be modified against bots.
- IDEA: Use the words list? E.g. “punbb”, “forum”, “guest”, “user” and s.o.
- IDEA: Use the empty invisible field with title like “do not fill this”. If filled, this is a bot.
- IDEA: Use math captcha.
- IDEA: Use reCAPTCHA.
- IDEA: Use questions and answers instead of CAPTCHA characters enter like in CaptchaGuest.