[wp-forums] Support forum registration now has a re-captcha on it
Daniel Fenn
danielx386 at gmail.com
Tue Jan 8 04:17:42 UTC 2013
Well in phpbb (by default) they got it so that the first 3 or so posts
needs to be approved so that wouldn't be a bad idea.
On Tue, Jan 8, 2013 at 3:12 PM, Mika Epstein <ipstenu at ipstenu.org> wrote:
> Require a valid credit card at signup.... (Okay that's sarcasm).
>
> I have a lot of thoughts on the matter, but it really boils down to a few
> practical concerns.
>
> * Putting barriers between the legit users and making accounts is bad.
> * Captchas are broken (and not accessibility friendly)
> * IP blocking/blacklists are imperfect
>
> Akismet does things with the right idea, going by behavior among other
> measurements, and I'm presuming we have an akismet check on the
> registration page. (Don't we, Otto?) I don't really have an answer. I've
> tried all sorts of things, and always ended up hurting real users, which
> isn't acceptable to me :/
>
> The one thing that comes to mind is changing bbPress to have the first
> post require approval. That would stop the obvious spammers that we're
> missing anyway.
>
> On Jan 7, 2013, at 6:56 PM, Drew <xoodrew at gmail.com> wrote:
>
> > @ozh has a pretty good "matching" captcha over on http://scr.im but I
> think
> > he told me it was proprietary when I asked about it one time.
> >
> > A matching approach as opposed to typing in letters might be something
> > worth looking at too.
> >
> >
> > On Mon, Jan 7, 2013 at 7:05 PM, Aaron Nimocks <aaron_nimocks at yahoo.com
> >wrote:
> >
> >>>> On 1/8/13, Otto <otto at ottodestruct.com> wrote:
> >>>>> I know, but dammit, this is ridiculous.
> >>>>>
> >>>>> Alternative approach suggestions would be welcome.
> >>>>>
> >>>>> Sorry for the brevity and typos, sent from my phone.
> >>
> >> Well the best way to avoid these also takes some programming and might
> be
> >> kind of in depth depending on how the user system is done.
> >>
> >> But the bots work by getting the name and ID of the fields to fill or
> >> field position. So right now the user name is user_login which is
> pretty
> >> easy. To make it harder you have to randomize these names and positions
> >> each load.
> >>
> >> So there are 11 fields to fill, you would randomize their position where
> >> they are displayed.
> >>
> >> Then the 11 fields you randomize the ID/NAME for each field with some 8
> >> character random code. The hard part is when you submit the form all
> those
> >> ID/NAMES need to match on the processing side. So this is where the
> time
> >> consuming programming change would come in.
> >>
> >> There's how you can avoid the majority of spam registrations. Too bad
> it
> >> isn't as simple to implement.
> >>
> >> You can manually change some positions and the ID/NAME of user name to
> see
> >> how many less you get just to see if you think it is viable.
> >>
> >>
> >> Aaron
> >> _______________________________________________
> >> wp-forums mailing list
> >> wp-forums at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-forums
> >
> >
> >
> > --
> > -- I've kinda got a thing for WordPress > http://www.drewapicture.com
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
More information about the wp-forums
mailing list