[wp-forums] Support forum registration now has a re-captcha on it

Mika Epstein ipstenu at ipstenu.org
Tue Jan 8 04:12:08 UTC 2013 

Require a valid credit card at signup.... (Okay that's sarcasm).

I have a lot of thoughts on the matter, but it really boils down to a few practical concerns.

* Putting barriers between the legit users and making accounts is bad.
* Captchas are broken (and not accessibility friendly)
* IP blocking/blacklists are imperfect

Akismet does things with the right idea, going by behavior among other measurements, and I'm presuming we have an akismet check on the registration page. (Don't we, Otto?) I don't really have an answer. I've tried all sorts of things, and always ended up hurting real users, which isn't acceptable to me :/ 

The one thing that comes to mind is changing bbPress to have the first post require approval. That would stop the obvious spammers that we're missing anyway.

On Jan 7, 2013, at 6:56 PM, Drew <xoodrew at gmail.com> wrote:

> @ozh has a pretty good "matching" captcha over on http://scr.im but I think
> he told me it was proprietary when I asked about it one time.
> 
> A matching approach as opposed to typing in letters might be something
> worth looking at too.
> 
> 
> On Mon, Jan 7, 2013 at 7:05 PM, Aaron Nimocks <aaron_nimocks at yahoo.com>wrote:
> 
>>>> On 1/8/13, Otto <otto at ottodestruct.com> wrote:
>>>>> I know, but dammit, this is ridiculous.
>>>>> 
>>>>> Alternative approach suggestions would be welcome.
>>>>> 
>>>>> Sorry for the brevity and typos, sent from my phone.
>> 
>> Well the best way to avoid these also takes some programming and might be
>> kind of in depth depending on how the user system is done.
>> 
>> But the bots work by getting the name and ID of the fields to fill or
>> field position.  So right now the user name is user_login which is pretty
>> easy.  To make it harder you have to randomize these names and positions
>> each load.
>> 
>> So there are 11 fields to fill, you would randomize their position where
>> they are displayed.
>> 
>> Then the 11 fields you randomize the ID/NAME for each field with some 8
>> character random code.  The hard part is when you submit the form all those
>> ID/NAMES need to match on the processing side.  So this is where the time
>> consuming programming change would come in.
>> 
>> There's how you can avoid the majority of spam registrations.  Too bad it
>> isn't as simple to implement.
>> 
>> You can manually change some positions and the ID/NAME of user name to see
>> how many less you get just to see if you think it is viable.
>> 
>> 
>> Aaron
>> _______________________________________________
>> wp-forums mailing list
>> wp-forums at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-forums
> 
> 
> 
> -- 
> -- I've kinda got a thing for WordPress > http://www.drewapicture.com
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums

More information about the wp-forums mailing list