MaxCoderz

this is not your typical "edit the variable names" script.

Instead Im adding a fully customizable visual confirmation that actually requires a human to register.

It displays an image out of a database and the registree must identify it out of several options. However to prevent spambots from smartening up and learning which options correspond to which pictures, this comes with an administrative interface that allows you to add and remove your own pictures making it fully customizable.

anyway, I finished coding the MOD, but its getting late so Im just going to post a few screenies of it and go make the beta template file in the morning.

sorry, not intrested. We have installed a mod which prevents bots from registering already. And it's 100% idiot proof

Nice you want to help though If I were you, I would post the mod on phpbb.com

I did that very thing last night.

It's nice, but how is it better than a traditional captcha? If there are only a few options for each picture, random guessing can be far enough for a spambot to get through.

CoBB wrote:It's nice, but how is it better than a traditional captcha? If there are only a few options for each picture, random guessing can be far enough for a spambot to get through.

Yeah... that's what I though aswell

It isn't if you set a time limit between guesses.

So what? Bots have unlimited time.

its less eyestrain on the people than your standard visual confirmation and bots can't OCR it, and I specifically wrote it so that the picture changes everytime and you can add more yourself.

I'd rather code a guessing bot than an OCR algorithm, but maybe that's just me. Also, it seems to be a lot of administrative burden for no increased security. I mean, no matter how many pictures you have, guessing is just as likely to succeed.

What would be interesting, on the other hand, is a text-only captcha. Say, a simple maths problem presented in human language (preferably in a verbose and twisted wording), but with lots of typos and grammar errors to make parsing harder for a program. The answer would be a number, which is unlikely to be guessed correctly, and the problems could be generated by a program on the fly. Additionally, those would also be accessible from text browsers.

Also, what if someone didn't know all the words in English? I know we get a lot of people who aren't British/American/Indian/Whatever, so they aren't expected to be totally fluent in English. However it is a very good idea.

Do you realize how unlikely it is that a spambot could crack the password? If the password is a mixture of numbers, words, or even phrases, the chances are so remote that there would be no point in even trying.
The easiest thing to do is make guessing so impossible to do that people won't even try. That means that whoever is entering a password has a certain number of tries to get it right (5 or so). Once that has been exceeded, then the person/bot would be locked out for an extended period of time (maybe a couple of hours?). This doesn't effect the user much, since most people know their passwords well enough that they wouldn't get locked out.

threefingeredguy wrote:Also, what if someone didn't know all the words in English? I know we get a lot of people who aren't British/American/Indian/Whatever, so they aren't expected to be totally fluent in English. However it is a very good idea.

I assumed it would be something like "John has twenty apples. Brian has ten apples and gives five of them to John. Who has the most apples? Enter the first three letters of his name."
Ultimately, it'll just end up annoying people though.

threefingeredguy wrote:Also, what if someone didn't know all the words in English? I know we get a lot of people who aren't British/American/Indian/Whatever, so they aren't expected to be totally fluent in English. However it is a very good idea.

I think one can expect newcomers to speak English when joining an English-language forum. Interestingly, most people I know—at least those who are often online—are fairly fluent in it.

benryves wrote:Ultimately, it'll just end up annoying people though.

Of course, but that's usually part of the formula. To block bots you have to raise barriers, which is inevitably intrusive. But if it's only needed once, during registration, and most people can probably cope with the challenge.

What we did, is to disable signature and and website fields in the form. If a bot is entering the form by just pasting the link with the needed info (including website and signature), it's detected and banned... normal users don't notice anything about that, besides that they can't enter a signature or website when signing up

CoBB wrote:I'd rather code a guessing bot than an OCR algorithm, but maybe that's just me. Also, it seems to be a lot of administrative burden for no increased security. I mean, no matter how many pictures you have, guessing is just as likely to succeed.

the issue being that the OCR algorithms seem to be already coded given how well they seem to register on phpBB forums.<_< and this isn't done yet...I still have a few more things to add.

and in reality your average spam bot makes one or two attempts at a site, and if it cant register it goes away.