Why don’t you add questions instead?
This is what I’m doing on my board since 2.1 to block bots-spammers. I added 20 questions, then one question is randomly chosen and that’s all.

Some people who join new sites do not like answering 20 questions.
Reminds me of the phrase "whats with the 20 questions".
Any way 1 or 2 questions might not be a bad idea.
Like are you human and what year is it.

lol)

20 in the DB
it's put 1 question randomly like "How many fingers usually people have on one hand"

Whats a DB besides database?

I mean- 20 in my database.

Ah I understand.
Hmm a random question is not a bad idea as long as the admin can change it.

If we shipped IPB with default questions 99% of people would never change them so bots would already know the answers thereby making them useless. Questions are only good if 1. they are unique to your site and 2. a spammer doesn't take the time to program his bot with the answers

But if ipb3 will ask you to add questions at the install/upgrade? this way every board will have there own questions.

And in case you see that spammers fit there scripts to your questions, you can always can add new.


I personally 1.5 years ago had a lot of problems because of this Captcha. Spammers killed my board and the only why I could stop them, is by disable new registration. I try it all- different fonts, themes, images… nothing worked until I added those question at the registration.
I can sure you that one or two weeks and your new Captcha mod will be useless.

?

Recaptcha is working fine

The bots spam my test board (like I care), but the one with recaptcha on the live one has no more bots on it.

Well, I upgrade yesterday to 2.3.5 and one bot entered. Don’t know about the new ver. of Captcha, but it’s seems to me like a wast of time when you can simple use questions instead.

reCaptcha works just fine. Besides, this still doesn't prevent the bot authors to program their bots with all the answers if they want to target your site specifically. There are also a lot of people who get paid for spamming other peoples boards. You can't beat that with questions (or anything else for that matter).

reCaptcha is in version 2.3.6.

Very good point.
I am glad it is easy to set up questions using the customer profile fields but it would be nice like the op said if the question was random for one field.

How bout adding a simple question like

2 + 3 = 5 and these questions are generated using a rand command. so they will always be different each time automatically.

Not a bad idea. I like it.

If this was a standard IP.Board feature, it would be trivial to update a bot to answer math questions.

..Al

I think you are unaware of how rand works ....
consider no's 0-9, generate a 9digit no, and see how many millions of combinations can be generated...

Computers were created to solve math questions. I'm not sure it would present much of a barrier to them They're quite good at it.

then to be bot proof, do something like google maps

you advertise ur business in gmaps > click submit > and then u get a call immediately

in where u r asked to type in the digits generated on ur screen.

That's getting a little out there for registration on a forum.

We are talking about forum registration here, yeah?

Time will come and ipb will to question mod like I suggested

The bot could easily be made to read the math problem and solve it. It'd be quite a bit more trivial than deciphering graphical CAPTCHA images.

..Al

I was wondering if you can tell me how to do this? I think it is a good idea..Thanks..Keithmj

Something is going on with 2.3.6. I have never seen a "debug_log" in my cache folder. Only error_logs. Well now suddenly in 2 days I have 2 debug_logs totalling almost 300 MB. That's right 300 MB files suddenly in my cache folder.

I looked at another site's cache folder and it has 12 MB of the same type files also. They started on the date 2.3.6 was installed.

I could not get the big files to even open. I opened a smaller one and it has every single query listed.

I see this is already a known issue in the bug tracker and it was fixed yet no announcement of it so I guess people are supposed to just sit around with hundreds of MB of logs sitting there and not be told. lol

For the record, go into ipsclass.php and change the debug log to 0.

For customers: http://forums.invisionpower.com/index.php?showtopic=277715

If you had a customer account, you would know they've already addressed it.

i was hit bad 3 days ago. altogether about 400 hits trying to register. the hard is always trying to find the real from the spam registers. we dealt with this for months on the old old software, and i think i cried when i saw it hit. my tech guy is gone right now so he couldn't do the upgrade, but last night i added 2 questions and a please email at this....address if having trouble registering...and not a single spam hit today. i will change the questions if it picks up again, and at least i know our message board is specific enough that i can pick questions that only new members even would know the answers too.

try it, it does work. you might have to change them, but we should always be pro active.

I doubt all customers randomly went into a customers forum and read anything about this. This was big enough to deserve a news announcement. I hope nothing else needs to be changed. So far I see only this 1 issue.

Ulan ne biçim adamsınız be.

I'm for a finger print or retinal scan that gets stored in the DB. Then that image may not be duplicated again. LOL LOL LOL

Just kidding.

I take care of an IPB 2.3.5 and a PHPBB which I just recently upgraded to v3.

We get a little bit of spam compared to the activity on the IPB which is at www.sailinganarchy.com. Recently the spam has increased to once a day where it was once a week if that much. I'm not sure if people are actually registering then using that registration information to let a bot post. The posts do not seem really like a bot which you would think once inside would just pollute the forum.

I installed the extra images and fonts so I'll wait a week and see what happens.



The PHPBB forum I help with, used to get hundreds of bots a week and posts up the ying yang. After upgrading to PHPBB3 not one has registered or posted. I really like the way the PHPBB3 adminCP allows you st set to twist and angle of the images and fonts. You can make the image damn near unreadable to the human eye. It seems a pretty simple way of controling the Captcha image. Plus it is easy to change so the bots can not figure it out.

damn , yet another bot registered despite the upgrade.

Hello,

You have received this email because a new user has registered!

VIAGRA_Fast_Cheap completed their registration on Oct 5 2008, 11:42 PM

You can turn off user notification in the Admin Control Panel

Have a super day!

Regards,

The Online Medical Forum team.
http://onlinemedicalforum.com/forum/index.php

How did you manage to upgrade and still not be in the Customers group?

There is no way to effectively block spammers permanently.

From a developer's standpoint, it's really a waste of time to put in "questions" for registration. Since bots will be able to use Regex to find patterns, math equations are useless, and spammers will be able to program their bots to answer the questions correctly based on the question...

I see no reason why IPS should bother to put in questions.

You mean to say I hacked into invision download section and stole the upgrade files ?

That email tells you someone completed the registration, thus it was most likely a human being. There are still human spammers out there.



As for the suggestion, I have actually added the feature, but it will ship in the "off" setting as you will need to answer your own questions. If an admin wants to add questions and answers, they will be able to. This is separate from registration profile fields and captcha (you can still use these other features independently if you wish).

Since you have added this feature in, how about the ability to use a captcha and the answer/question method together?
I know some people would like this method. When the competitor added in the ability for questions, a mod was quickly made which allowed the administrator to use both methods together.

BF I think if you add the rand function, it will be better.
like 2 + 2=4 and ths question is always a neumeric thingy and changes always n never repeats itself. ???

If bots are good enough to get past older versions of CAPTCHA, what makes you think it won't be able to read plain text integers on your website?

The ideal anti-bot question is one that doesn't have the answer within the question or an answer that can be mathematically calculated (and a random m+n=? question can be).

True...there may come a time when this is possible.
The answer would be to incorporate this functionality into flash or another image. Say like with Captcha itself, but instead of random letters and numbers, you have a question asked.

Reading all these comments I think it would be good to have both captcha and a random question.
Allow the admin to set random question and as many as he or she would like.
Also that question needs to be displayed as an image.

So your solution to spam is another form of CAPTCHA? What's the point? If reCAPTCHA works in the first place, why bother? Not to mention with reCAPTCHA if an exploit is found they can automatically push out an update to your instance.

I think IPB is already providing you with more than enough anti-spam measures. You will *always* have the occasional spammer. It's a fact of life. You already have the latest version of CAPTCHA and custom questions (and apparently custom random questions with IPB3).

Somehow bots were able to mass register and spam on 2.3.5 boards, a ton of people were affected and IPS acted and released 2.3.6 to fix it. Since then I don't see people complaining about the spam, so why are we needing more anti-spam measures?

It is always good to have some extra protection mate.

Alright, you guys can make your users jump through hoops to register and post, and I'll stick with what already works and deal with the rare spam post that will still affect you, most likely generated by a human in the first place.

My first post probably wasn't clear, but yes you can use both simultaneously. As in, configure questions/answers and use reCAPTCHA both.



The fundamental problem to me is the system of CAPTCHA itself. Today's OCR technology is getting better and better. Some computers are quite capable of reading an image and actually practically determining what it is. As technology in image recognition advances, we will reach a point where no amount of tweaking to the CAPTCHA system will do much good. Bots will simply adjust and read the new images.

Thus, I sat down and thought about the question and answer settings and it makes sense.

Say you run a WOW site for your clan. You have a registration question like "What is the weakest class in WOW?" (or something like that - I don't play the game). A bot isn't going to be programed to answer that, but your visitors will know the answer.

Say I run a car forum and add a question "Who makes mustangs?". My visitors will be able to answer this, but again a bot won't be programmed to know the answer.

By allowing administrators to add custom questions, you bypass the whole issue of a bot being able to be programmed to respond. The questions should be unique of course, and the answer shouldn't be contained in the question (though in this case it could be if you wanted). The whole unique-aspect of this approach, combined with the fact that it can be made trivial for humans to answer while still retaining a level of difficulty for an automated program, is what makes this approach ideal to me moving forward.

By the way, you can add as many questions as you want. They randomize on the form. If the user gets it wrong and the form reloads, the question is again pulled at random (thus it's unlikely they'll get the same question twice). You can configure multiple answers for each question, and the answers are case-insensitive.

I have another idea. How about display three or four images and ask a question based on those images. Like "which animal has brown fur?". Then with the images themselves, change the zoom and rotation slightly so it's always different, but a human can still identify what's in the picture. With some questions, go as far as changing the color hue of the pictures. With question generation, you can pick which pictures would accurately answer the question.

Brandon -

I personally have no expertise in this but how hard would it be to incorporate the questions into an image instead of plain text?

I think the random maths question will be more difficult for a bot to beat.

Just add the rand function ... 4-2= ?
Let rand chage the no's. o need to store or create 20 or 100 questions in admin cp.
I am sure a bot can quickly add in its database 100 answers, if it answers wrong the next question will reload, so it will come to know all the questions andthe programmer
can easily add them to the db.

Why bother? If the questions are random and they're worded in a spoken style, it really shouldn't be important whether or not the bot can read them (which they could in an image anyway, as you wouldn't want to distort a full question).

Seems like a lot of extra resource overhead for no real gain.

But the point is that there's any number of unique questions for each site. So my forum would have different questions to this forum, and this forum has different questions to your forum, etc. - So the bot could never "learn" the answers, as they're always different. If you also add in an X strikes and you're out style system, banning the bots from repeatedly failing, you'd eliminate it entirely.

It takes google bot <24 hrs to index the whole set of ip range globally.
So I guess bots can work at a amazing speed. If someone targets a site and sends his bots to register there, then its a easy job.