This is an old revision of the document!
Table of Contents
Antispam (pun_admin_antispam)
- Status: Under development
- Current version: 0.2
General idea
Protect the forum using CAPTCA from
- Bruteforcing the passwords
- Spam in guest posts
- Bot registration
Specification
- Put CAPTCHA at the Register, Guest post, Password restore and Login pages.
- Add options to Administration ⇒ Settings ⇒ Features
- Use CAPTCHA on register page (checkbox, checked by default)
- Use CAPTCHA on guest posting (checkbox, checked by default)
- Use CAPTCHA after 5 login failures (checkbox, checked by default)
- Use CAPTCHA on password restore form (checkbox, checked by default)
- Add database table <db_prefix>_config
- o_pun_antispam_captcha_register = 1
- o_pun_antispam_captcha_guestpost = 1
- o_pun_antispam_captcha_login = 1
- o_pun_antispam_captcha_restorepass = 1
- CAPTCHA implementation
- Use sessions to store the code.
- Delay before image output (1 s).
- When the test is passed by the user, do not ask again it again on other pages for some time (or until user does something suspicious).
- TODO: Describe how the code will be modified against bots.
- IDEA: Use the words list? E.g. “punbb”, “forum”, “guest”, “user” and s.o.
- IDEA: Use the empty invisible field with title like “do not fill this”. If filled, this is a bot.
- IDEA: Use math captcha.