- This topic is empty.
-
Posts
-
We’re starting to get hit multiple times a day by the same stupid spam bots trying to register accounts. They aren’t getting through, but it’s becoming and administrative hassle to log in and delete them all the time, and sift out the real users. I’m planning to change the registration process to combat this, but haven’t had the time. I might get to it today. I’m planning the following: 1. Get rid of the visual character identification (CAPTCHA).
Apparently the spam bots are ahead of the game at this point, and most can OCR this quickly to break the security. Also, getting rid of it makes registrations by real human beings easier.
2. Add a challenge question module like “RAC.” This presents a random question that requires a human to answer. It requires some basic thinking, which is very hard for the spam bots, but very easy for real humans — like “What color is the sky?” or “Who was the first prophet of the LDS Church?” or even “Are you a spam bot, say ‘no’ if you are not.”
3. Leave the second layer of security in place — newly registered users can not post publicly until moderator approved once.
Just completed update from phpBB 3.0.5 to phpBB 3.0.8 Board was down about 45 min to an hour I think.
I’ve noticed the upsurge in spambots. go-kuro-sama, Brian.
Thanks Brian. I have noticed my blog is getting hit with more spam lately too, though Akismet seems to be doing the job well. I’ll try to get this mod called “Anti-Bot Question” installed today. Other admins report an almost complete disappearance of spam bots registering after installation. Spammers are lazy.
I activated a Q&A defense module for registration. These are the four random questions that someone might be asked to complete registration. They should be easy for a human to answer. They are near impossible for an automated program that hits thousands of sites a day to answer (would require someone to care enough to look up the answers). Anyone think these are too hard, or are unclear?
QUESTION DATABASE (I created these):
Question: Who was the founder of the Mormon religion in 1830? (first and last name)
Answer: joseph smith
Question: What is the last name of the current president of the LDS Church?
Answer: monson
Question: The women’s organization in the LDS Church is called the _____ Society. Answer with the missing word.
Answer: relief
Question: LDS Church headquarters is located in ____ Lake City. Answer with the missing word.
Answer: salt
I like those questions. I assume it is not case sensitive. The only caution is if people spell Monson with an “e” – Monsen.
Is it possible to accept both spellings?
What happens if they get a question wrong?
Heber13 wrote:I assume it is not case sensitive.
No. It can be set to that, but it isn’t configured that way. Just to be sure, I entered multiple valid answers. The user only has to match one of a list of valid answers.
Heber13 wrote:The only caution is if people spell Monson with an “e” – Monsen.
Good point. I will add that misspelling as a valid answer. The most important thing is a human being has to think about the answer. A bot script can not do that.
Heber13 wrote:Is it possible to accept both spellings?
Yes. Multiple valid answer can be entered into the configuration.Heber13 wrote:What happens if they get a question wrong?
They currently have 3 tries, then it cuts off their registration and they have to start over.I think after the 5th attempt at registering, their IP is blocked temporarily, I think. (to prevent DoS style attacks, etc.)
- You must be logged in to reply to this topic.