PDA

View Full Version : Random Question



MeSue
2009-03-16, 18:33
I understand the need to keep out spammers, but subjecting every post to a random question is going to kill this forum. Please, can you exclude members with high post counts from this?

radish
2009-03-16, 19:15
Yeah, it seems particularly weird to challenge posts from moderators :)

peterw
2009-03-16, 19:45
I understand the need to keep out spammers, but subjecting every post to a random question is going to kill this forum. Please, can you exclude members with high post counts from this?

And localize them. I changed my prefs to German, headed over to the Deutsch forum, and was asked the same question, in English. Nicht gut.

Had Mike Valera been saving us from this (*^$&$ up until the Logitech layoffs wiped out his position?

And I really dislike how Preview Post loses my answer.

Worst captcha system I've seen yet.

Mnyb
2009-03-16, 19:52
Oh no not good the STASI forum :) is this necessary ? I will get educated in the process.

pfarrell
2009-03-16, 19:59
peterw wrote:
> Worst captcha system I've seen yet.

I tend to agree.

And in general, I hate all captcha implementations. They make life hard
for humans and don't do a very impressive job of preventing spam. So
while I dislike nearly all of them, this one is far worse than usual.

--
Pat Farrell
http://www.pfarrell.com/

Matt Wise
2009-03-16, 20:01
To be honest ... its all a work in progress right now. The fact is that we have a serious spam issue and we're not sure what the best "fix" is going to be. Unfortunately right now that means that we're trying different things out to see how they behave.

Ultimately, it may simply be a little bit more difficult to post, or register, or both ... or it might not be, if we find another silver bullet.

One thing to keep in mind is that we're working within the confines of VBB. Patches welcome. :)

Matt Wise
2009-03-16, 20:10
FYI... I've just implemented (I think) a promotion system. Existing users start out as "Newly Registered Users". After 50 posts you automatically get promoted to "Registered Users". Only "Newly Registered Users" have to do the Captcha stuff (whichever method we choose) for most of their actions (posts, etc). Once your a registered user, you're free and clear.

Thoughts?

pfarrell
2009-03-16, 20:11
Matt Wise wrote:
> To be honest ... its all a work in progress right now. The fact is that
> we have a serious spam issue and we're not sure what the best "fix" is
> going to be. Unfortunately right now that means that we're trying
> different things out to see how they behave.

Thanks.
Actually, depending on the spam source, things like @MeSue's idea of not
checking for X number of posts, or for Moderators, etc. may not work
either. If the bad guys can spoof my ID, then the system would see that
I've got lots of posts, and not do the spam test.

I think this is actually a NP-hard problem, after all, the Turing test
has never been solved, no matter what the authors of captcha claim.


--
Pat Farrell
http://www.pfarrell.com/

Dogberry2
2009-03-16, 20:55
after all, the Turing test
has never been solvedSpeaking as an ongoing experiment in adaptive software development, I thank you for believing that.






(Is this the place I put the little smiley face thingy?)










(Sorry if I ruffle feathers; I'm just funnin' ya.)







Maybe.

JJZolx
2009-03-16, 21:21
So it looks like we're back to CAPTCHA, but it's now required for every post and every search.

That's the end result of a bug report that the CAPTCHA is too difficult for humans to decipher?

You're going in the wrong direction.

mherger
2009-03-17, 02:46
Hmm... just answering to see the ugliness of this all :-)

mherger
2009-03-17, 02:46
I must be a happy user. Didn't see any issue.

Matt Wise Test
2009-03-17, 07:31
Looks like I broke forum permissions last night... I told VBB to import the permissions from usergroup A to usergroup B, but never actually verified that it did that. Sorry about that -- I shouldn't make those changes when I'm tired!

Again, please bear with us while we try out some different settings. We'll make a more comprehensive post when we get to something we plan to stick with.

Mark Lanctot
2009-03-17, 07:40
(after solving the CAPTCHA)


The fact is that we have a serious spam issue and we're not sure what the best "fix" is going to be.

You know, I find the new moderate posts settings are catching a lot of them before they post. I found 3 or 4 over the weekend, each trying to post 3 or 4 threads. That's a lot of spam the users will never see.

It seems the big spam times are Friday and Saturday nights, with minor spikes weeknights in the wee hours.

I really think you could capture 99.9% of the spam if:

1. All posts from new users were moderated until X posts are achieved. Keep X a secret and change it once in a while.

2. After X posts are achieved, keep any new user posting URLs or containing URLs in their signature on moderated status until Y posts are posted. Again, keep Y a secret and change it once in a while.

ModelCitizen
2009-03-17, 07:42
Well, at least I can read the captcha words. I deal with Google captcha system almost every day and sometimes I have to cycle through 8 graphics before there is one I am sure I can read correctly.

BTW. I made this post at 14.40 GMT (UK standard time) but Mats post directly before mine was billed as being posted at 15.31.

I knew Matt was a clever spod... but time travel?

MC

Matt Wise
2009-03-17, 07:44
(after solving the CAPTCHA)



You know, I find the new moderate posts settings are catching a lot of them before they post. I found 3 or 4 over the weekend, each trying to post 3 or 4 threads. That's a lot of spam the users will never see.

It seems the big spam times are Friday and Saturday nights, with minor spikes weeknights in the wee hours.

I really think you could capture 99.9% of the spam if:

1. All posts from new users were moderated until X posts are achieved. Keep X a secret and change it once in a while.

2. After X posts are achieved, keep any new user posting URLs or containing URLs in their signature on moderated status until Y posts are posted. Again, keep Y a secret and change it once in a while.

Both of those are implemented currently ... the only question is, what are the X and Y values. We'll discuss that today and see what we choose.

ModelCitizen
2009-03-17, 07:49
In my profile the time is billed as "All times are GMT +1. The time now is 15:46".

But in the UK we are on GMT and the time is 14.46. I seem to have no control (that I can see) on this setting.

MC

MeSue
2009-03-17, 08:24
So today I am getting an image verification instead of the random question. Not an improvement, but I'll assume it's temporary.

Moonbase
2009-03-17, 08:28
Not an improvement, indeed :-(

Words are sometimes only "guessable". And "Stop Spam Read Books!" might not be the right message to people who want to be helpful

iPhone
2009-03-17, 08:45
To be honest ... its all a work in progress right now. The fact is that we have a serious spam issue and we're not sure what the best "fix" is going to be. Unfortunately right now that means that we're trying different things out to see how they behave.

Ultimately, it may simply be a little bit more difficult to post, or register, or both ... or it might not be, if we find another silver bullet.

One thing to keep in mind is that we're working within the confines of VBB. Patches welcome. :)

I have noticed a huge trend in Spammers using a new account and their signature as a means of advertising. I hate to say this, but would it not be easier and better to put any new account with a signuture "On Hold" until an Admin or Moderator can approve the new user account? Also could it be set so that any user with under 100 posts makes changes to their signature that the account is held until re-approved?

This would not impact new users that need instant access to get Forum support as long as its made clear during sign up that adding a Signature will delay Forum posting access until approved by Admin or Moderator.

Would this type of process help with the problem?

cdmackay
2009-03-17, 08:45
should I be surprised that by using the email interface to the forums I
never have to do anything, it just works?

or perhaps I'm being moderated anyway? :)

dave77
2009-03-17, 08:47
The new CAPTCHA is a lot better than the one a few hours back!

Can you not just put the CAPTCHA on login/registration then it shouldn't be needed for posting?

MeSue
2009-03-17, 08:51
I just don't understand why users with 500+ post counts (or even 100) are being CAPCHA'd. But it's a work in progress... okay. Keep working on it! ;-)

iPhone
2009-03-17, 09:01
I just don't understand why users with 500+ post counts (or even 100) are being CAPCHA'd. But it's a work in progress... okay. Keep working on it! ;-)

Hey Sue,

The limit is 1600 posts! Sorry but your short!

Matt Wise
2009-03-17, 09:01
I have noticed a huge trend in Spammers using a new account and their signature as a means of advertising. I hate to say this, but would it not be easier and better put any new account with a signuture "On Hold" until an Admin or Moderator can approve the new user account? Also could it be set so that any user with under 100 posts makes changes to their signature that the account is held until re-approved?

This would not impact new users that need instant access to get Forum support as long as its made clear during sign up that adding a Signature will delay Forum posting access until approved by Admin or Moderator.

Would this type of process help with the problem?

Will consider that in our plans... its doable.

Matt Wise
2009-03-17, 09:04
I just don't understand why users with 500+ post counts (or even 100) are being CAPCHA'd. But it's a work in progress... okay. Keep working on it! ;-)

Actually right now, you shouldn't be asked for the Captcha. I just fixed that. At the moment, users with 50+ posts will not be checked.

MeSue
2009-03-17, 09:07
Actually right now, you shouldn't be asked for the Captcha. I just fixed that. At the moment, users with 50+ posts will not be checked.

Yes! Thank you!

toby10
2009-03-17, 09:21
Actually right now, you shouldn't be asked for the Captcha. I just fixed that. At the moment, users with 50+ posts will not be checked.

The CAPCHA works fine, but it always asks me to type in the same phrase.... "SONOS"?

Mark Lanctot
2009-03-17, 10:04
Both of those are implemented currently

Hi Matt:

I know you're getting it from all sides today, but 40 minutes ago (12:20 EST) a spammer got by fitting that very criteria - 1 post and a URL in the signature.

Matt Wise
2009-03-17, 10:41
Hi Matt:

I know you're getting it from all sides today, but 40 minutes ago (12:20 EST) a spammer got by fitting that very criteria - 1 post and a URL in the signature.

I wish I could make VBB dis-allow URL's in posts (for certain users)... but I can't seem to find that as an option. Unfortunately some spam will always get through.

Mark Lanctot
2009-03-17, 10:52
I wish I could make VBB dis-allow URL's in posts (for certain users)... but I can't seem to find that as an option. Unfortunately some spam will always get through.

Oh well, as I indicated, it caught an awful lot over the weekend, so it is helping.

JJZolx
2009-03-17, 11:09
More unsolicited advice...

The first thing to do is make registration as difficult as possible to a bot. vBulletin's CAPTCHA has been cracked, so there's no sense in using it when there are better alternatives. The Q&A with a large number of good questions is supposed to work well. Replacing CAPTCHA with reCAPTCHA is also supposed to work much better.

Matt Wise
2009-03-17, 11:11
More unsolicited advice...

The first thing to do is make registration as difficult as possible to a bot. vBulletin's CAPTCHA has been cracked, so there's no sense in using it when there are better alternatives. The Q&A with a large number of good questions is supposed to work well. Replacing CAPTCHA with reCAPTCHA is also supposed to work much better.

What's interesting about that is that when I enable reCaptcha we get alot more signups. Also I tried enablign the Q&A and people got more upset about that it seemed. Not to mention we have the non-english forums to think about.

VBB doesn't give you the ability to say "use method A for registrations, use methodB for posts, use methodC for etc"...

Teus de Jong
2009-03-17, 11:11
Looks like I broke forum permissions last night... I told VBB to import the permissions from usergroup A to usergroup B, but never actually verified that it did that. Sorry about that -- I shouldn't make those changes when I'm tired!

Again, please bear with us while we try out some different settings. We'll make a more comprehensive post when we get to something we plan to stick with.

Well that must be the reason I couldn't post at all (with the message "you do not have permission to access this page"). Thanks for fixing that.

Teus

JJZolx
2009-03-17, 11:16
What's interesting about that is that when I enable reCaptcha we get alot more signups. Also I tried enablign the Q&A and people got more upset about that it seemed.

No, I think they were upset about it being required for every post. Normally, users would only see the human verification at signup and on the rare occasion when they need to recover a password.


Not to mention we have the non-english forums to think about.

Good point.

Matt Wise
2009-03-17, 13:52
For the time being we've settled on a relatively lax policy... we'll see how it goes for a few weeks and then make adjustments:

A more easy-to-read captcha (with audio) has been implemented for Registration, Lost Password and Posting (for your first post only). After that, your first 10 posts are automatically moderated by the Akismet spam filter -- if they are believed to be spam, they're set aside in the moderator queue. After that, its all open and easy to use.

markiii
2014-12-31, 06:40
well having got the complete arse with the captcha to register it seems to require it before I can post and I'm not being able to edit my profile so here's hoping that this post is the one time I'm asked or its going to be as short visit

its also incredibly hard to read and not clear whether the space between words is needed