• From: Canada
  • Registered: 2004-12-12
  • Posts: 148

Topic: Captcha?

Captchas were originally built to prevent bots from mass-inserting of urls at Altavista. It works by providing an obscured image composed of letters and numbers, often riddled with warps and specks.

Now Java programs have been created to automatically create users, unverified as they may be, in unsuspecting punbb databases. Considering admins of small and large punbb communities alike are suffering a lot lately from the vast amounts of registrations and whatnot, why not make captcha standard on punbb?

http://punbb.org/forums/viewtopic.php?id=6785

It could be very helpful. smile

~Creaturecorp

I don't HAVE a signature, ok?

creaturecorp's Website

2 Reply by Stork

  • Stork
  • Junior Member
  • Offline
  • Registered: 2005-08-23
  • Posts: 7

Re: Captcha?

I would advise that. I currently use image verification, its nicer, more professional, and easier to use then the email version smile

3 Reply by Tobi

  • Tobi
  • Senior Member
  • Offline
  • From: Samos, Greece
  • Registered: 2005-06-27
  • Posts: 477

Re: Captcha?

creaturecorp wrote:

why not make captcha standard on punbb?

If you browse the board for ideas what should be standard in punBB, and if Rickard had done all this then punBB would be bigger than phpBB today. Bigger, not better... wink

I think captcha is a good thing but since it's so easy to mod why not leave it to people to just do it?

plus, it depends on GD2 which is not implemented on all servers.

The German PunBB Site:
PunBB-forum.de

Tobi's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Captcha?

Because it requires GD wink

5 Reply by creaturecorp (edited by creaturecorp 2005-08-24 18:03)

  • From: Canada
  • Registered: 2004-12-12
  • Posts: 148

Re: Captcha?

Can't it be done with images created from Photoshop?

Lucky for me I have GD. (I'm a poet and dun know it) smile

I don't HAVE a signature, ok?

creaturecorp's Website

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: Captcha?

the images have to be generated randomly or it would be pretty simple for a script to detect them.

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • Registered: 2004-08-08
  • Posts: 508

Re: Captcha?

http://it.slashdot.org/article.pl?sid=0 … p;from=rss

8 Reply by Tobi

  • Tobi
  • Senior Member
  • Offline
  • From: Samos, Greece
  • Registered: 2005-06-27
  • Posts: 477

Re: Captcha?

Well, this just says that captcha is not 100% secure.
Surprise.
Nothing is absolutely secure.

However, it takes more than a lame script kid to break a good captcha installation so it's definitely worth it.

The German PunBB Site:
PunBB-forum.de

Tobi's Website

9 Reply by hcgtv

  • hcgtv
  • hcgtv
  • Senior Member
  • Offline
  • From: Charlotte, NC
  • Registered: 2004-06-25
  • Posts: 1,991

Re: Captcha?

In Nucleus CMS, we began getting hit with comment spam late last year. A blacklist plugin was quickly made by one of our developers based on the MT spammer's list. All was well until we started getting targeted spam, our small project was on their radar screen.

To make a long story short, Nucleus 3.2 was released on March 7, 2005 with Captcha support. I've never had any more issues with comment spam since then. I can now concentrate on other tasks instead of cleaning up daily f*cking p*ker spam.

PHPCrossRef . TXP Make . TXP Themes . TXP Tags . TXP Planet . We Love TXP

hcgtv's Website

10 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: Captcha?

I don't understand the argument that Captcha should not be supported because it relies on GD. If there was an alternative which could be implemented for all users then the argument would be correct. If however there is no viable alternative then not implementing it because some people won't benefit from it is saying that because everybody can't be protected then nobody should be protected. Surely it is better to protect some rather than none.

I am of course assuming that there is a simple way to detect the presence of GD on the server.

The only downside to it of course it that it not only defeats bots it also defeats anybody who has impaired vision including colour blindness.

11 Reply by Tobi

  • Tobi
  • Senior Member
  • Offline
  • From: Samos, Greece
  • Registered: 2005-06-27
  • Posts: 477

Re: Captcha?

Paul wrote:

I am of course assuming that there is a simple way to detect the presence of GD on the server..

There is.
But I think once you start with "exceptions" you will find a board sooner or later that has all kinds of conditions so it's more or less a matter of good luck getting a complete install depending on your system.

I think punBB should try to run on all systems matching minimum conditions in the same way.
And offer a captcha mod (that already exists) to those who can and want to implement it.
This mod is terribly easy to implement by the way.
Everybody seems to install all those mods that are a lot more difficult to handle because they look funky or add some kind of candy to the board - what do I know - so don't come and tell me it's too much asked installing a captcha mod smile

The German PunBB Site:
PunBB-forum.de

Tobi's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Captcha?

Paul wrote:

I don't understand the argument that Captcha should not be supported because it relies on GD. If there was an alternative which could be implemented for all users then the argument would be correct. If however there is no viable alternative then not implementing it because some people won't benefit from it is saying that because everybody can't be protected then nobody should be protected. Surely it is better to protect some rather than none.

I generally agree with you. It's just that I would like to hear about any potential alternatives before I go ahead and add Captcha support to PunBB. Captcha's have been getting a lot of negative "press" lately. Mainly due to accessibility issues.

Paul wrote:

I am of course assuming that there is a simple way to detect the presence of GD on the server.

There is.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

13 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: Captcha?

Yes, the accessibility angle is problematic. There would have to be an alternative method of registering for those who couldn't use it. Of course it could just be a case of providing a checkbox which, if selected, uses email verification as a fallback. I will see if I can find out anything on some of the accessibility sites.

EDIT
I just came across a different kind of CAPTCHA called gatekeeper which Eric Meyer developed for WordPress to prevent comment span. This one doesn't use graphics so should be accessible.
http://meyerweb.com/eric/tools/wordpres … eeper.html

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Captcha?

Paul wrote:

Yes, the accessibility angle is problematic. There would have to be an alternative method of registering for those who couldn't use it. Of course it could just be a case of providing a checkbox which, if selected, uses email verification as a fallback. I will see if I can find out anything on some of the accessibility sites.

But if you can circumvent the captcha test by checking a checkbox, what good will it do against spam robots?

Paul wrote:

I just came across a different kind of CAPTCHA called gatekeeper which Eric Meyer developed for WordPress to prevent comment span. This one doesn't use graphics so should be accessible.
http://meyerweb.com/eric/tools/wordpres … eeper.html

There are lots of problems with that kind of protection as well. The first one that comes to mind is language. Also, in order for it to be effective, you have to have a huge pool of "challenges". If not, a spam robot can be programmed to supply one of the correct answers and it will go through every 20 times or so.

Edit: A good read on captchas and accessibility: http://www.w3.org/TR/turingtest/

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

15 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: Captcha?

I think I read somewhere about a method which checks a hidden field on a form against a randomly generated time limited number which can only be use once. Though that only works if the bots are faking a form submission rather than dealing with the form itself.

16 Reply by hcgtv

  • hcgtv
  • hcgtv
  • Senior Member
  • Offline
  • From: Charlotte, NC
  • Registered: 2004-06-25
  • Posts: 1,991

Re: Captcha?

I know about all the problems with captcha, but since I started to use in Nucleus, no spam to report.

But I'm willing to try anything else, the WP method sounds fine or any other way to accomodate everyone except the spammers.

PHPCrossRef . TXP Make . TXP Themes . TXP Tags . TXP Planet . We Love TXP

hcgtv's Website