Page 1 of 1

In addition to captcha verification...

Posted: Thu Jul 15, 2010 2:04 am
by Apollo
I noticed there's quite some spamposting going on lately.

Recently I found a very simple anti-spam measure on another forum. In the registration form, there was an additional field (besides the Captcha) requiring a "VIP Code", stating "you can find the VIP code on the forum".
And the required code was mentioned in one of the general FAQ / Rules / general info sticky topics (a reasonable place on this forum would be the phpdn tour or rules for example). You can see this as some alternative form of captcha: it takes some human effort to get the correct code.

Obviously, this is very easy to circumvent (especially if the vip code changes rarely or not at all). But it requires an attack specifically on this forum, rather than generic phpBB spambots which are MUCH more common.

Oh, one more thing: besides all this, it would be also wise to enforce a captcha verification not just for registering, but also for the first 5 posts someone makes.

Re: In addition to captcha verification...

Posted: Thu Jul 15, 2010 3:31 am
by Benjamin
Yes, it's a good idea. There are other things we can do as well. I anticipate we will be adding some new stuff shortly.

Re: In addition to captcha verification...

Posted: Tue Nov 02, 2010 1:25 am
by Apollo
I guess the amount of crap that just got posted by that v5447789179 d*ckwad shows the forum is still vulnerable. Is there an easy switch to enable captcha verification upon posting the first N (e.g. 5 or 10) posts by any new user? (in addition to captcha during registering, of course)

Also, if you can easily switch from the current captcha to something harder (I think phpbb3 offers various captcha types?) it might be worth it.

Re: In addition to captcha verification...

Posted: Thu Nov 04, 2010 12:49 pm
by greyhoundcode
Apollo wrote:Is there an easy switch to enable captcha verification upon posting the first N (e.g. 5 or 10) posts by any new user? (in addition to captcha during registering, of course)

Also, if you can easily switch from the current captcha to something harder (I think phpbb3 offers various captcha types?) it might be worth it.
I was thinking along similar lines. As far as CAPTCHAs go there are some mods ready to go here. However (might be mistaken) I was under the impression that PHPDN's policy was to run a "stock install" of phpBB without mods - not sure where I picked that one up, but I'm sure I read it somewhere.

Anyway, what surprises me is that although there are some mods that limit people's ability to post in given forums until their post count exceeds n, I could find none that force a CAPTCHA to be entered on every post up until n posts. Unless I was being a dunce and missing a mod through poor searching, which is possible...

With this being a forum for PHP devs however surely a team of us could roll our own? There must be a few guys and girls here with phpBB knowledge?