CAPTCHA FOR POSTS?

Posts

Pages: first 12 next last
Seeing a lot of bots around these parts, I reckon we could just put a captcha for regular forum posting? Probably won't keep everything at bay but idk, might as well.

Drawback is having to captcha per post but I personally don't mind it and other forums do it as well.
Google's reCaptcha is fairly easy to implement! I'd be willing to help get it set up.
I hate captchas mostly because I use a non-standard browser that always feels the need to do like five of them before it goes through. (I assume Google's captchas don't want non-chrome browsers on the internet)
Marrend
Guardian of the Description Thread
20053
In a general sense, I'm not really sure I like the idea of having to solve a captcha for every post I might make.

As a measure to slow/prevent bot interaction with the site, I will note that bots have a tendancy to add spam to previously established threads, blogs, or what-have-you, and there is certainly less protections/security in those situations. In that respect, I can see the logic for wanting to add a captcha to posts as a preventative measure against this tenancy. Though, every so often, a bot starts new thread that eventually get tossed into Archives, and I'm pretty sure those require passing a captcha. So, I guess I'm not really sure how effective this proposed measure is against the behavior we want to see prevented/stop.
Maybe the captcha is omitted for users with >100 makerscore or something?
There's also the thing where I think there's a captcha for creating accounts and a link sent to e-mail you need to click and also captchas for creating topics and the spammers get through all of those fine. What it mostly does is inconvenience actual users more than it probably does the spammers.
Now that I look into it, they're bypassing captcha by simply hiring workers in developing countries to solve them manually in a really expedient way via an API so the bot does the rest after it gets in. There's a whole industry around this now (pretty fascinating). I'm gonna guess it'll require serious anti botting services beyond the usual google stuff. At the very least you're costing the spammers more money with it?
I guess it's cheaper to hire people to do it than to program bots to do it. There was some podcast I listened to a couple of years ago that really jumped into that world and had an interview with someone who does that stuff for a living (for a given value of "for a living")
We usually get about 100 bots or so per day trying to get on the site. One or two get through. Our security measures are pretty good in that regard but it's hard to combat actual people doing stuff. As it stands we have a forced slow-down on new users posting so that bots don't just spam the site if they do make it through.

Having an MS amount remove some security would be a nice idea - maybe asking new people to post in the introduction forums and getting a badge worth 50MS if they do that removes captcha and post slow-down is an idea?

Throw down a few ideas you guys, if you have them. Maybe it'll twig something useable.
I wonder if a custom captcha (just a random simple math question) in combinations with the google captcha will work, the google captcha is universal, meaning the 1-2 bots that do get in are probably utilizing a captcha farm method but if theres a unique custom captcha it might slow them down. Sure that could be bypassed eventually but they have to take time to code something for just one site, and I'd assume the site is on a long list of sites they might not even notice. It sounds obvious but idk, sometimes simple works.

I've heard of the honeypot method where you exploit the fact that bots will auto fill in every field, but you hide a "trap" field with css code, meaning the human user won't see it but the bot can access it and if they can then you got a bot. Dunno if that's been tried before.
I'm pretty sure there is a honeypot in place here already. After all the fact is as Libby says, we catch about 95% of all the spammers. I feel, considering the fact that some of the spammers that do get through edit spam into their posts sometimes days after the initial (seemingly innocent) post, that most of the things that do get through are done by actual people by now.
I like narcodis idea "No captcha for users with 100+ MS".

To prevent a new account to set up a bot, the captcha for new posts and post edits could be something like:

Solve this equation "here is a simple math question as image file", add the cube of two to the result and type the answer in roman numeral.

With just a few variations in the math question image and the written extra operation, you'll give a really hard time to the bot.
Honestly, I'm with Shinan thinking that we catch the bots. It seems the ones that make it through have a more human touch to them, being that they edit posts. Maybe we should lock new members from editing posts while on probation? Then they'd just put links in posts in the first case, I guess.

I don't think captcha's are going to stop the ones that come through already because they already made it through captcha's to post in the first place. Image captcha's at that.
Editing posts is not the issue. The problem is having web links in the original post or the edit.

Is there a way to automatically detect and remove web links in posts or edits made by new users ?
Marrend
Guardian of the Description Thread
20053
I'm not sure if locking out the ability to edit one's own posts in regards to new users is the right move. I feel that would ultimately encourage double-posting from those users, when the preference is to use the edit function.

I'm also not sure if it's wise to automatically remove links on posts from new users. That may stop some bots, but, I'm having a lot of trouble imagining how such a system would be able to tell between a spam-link that should be edited out versus a more legit link to, say, their game's website on RMW, the game's Steam page, perhaps an external walkthrough, an external FAQ, or what-have-you.
How many new human users are there compared to the 2 bots per day? I think that will determine how strict measures like having to post an obligatory introduction post or something would be. I can't really imagine many scenarios where someone makes a new account on RMN and they have this NEED to post an innocent url like right away.

Also I guess I assume most people make accounts just so they can ask for help on a game on its respective page but I have no idea, again what average behavior new human users do is worth knowing.
There's really no easy way to tell unless they post, and some people just don't bother posting. Some people are just here to download games or sign up to a site just in case they need to post/want to put up their game/etc.


The thing is that our member list shows only the usernames, whilst the autoban list shows only the email addresses used, so while I could correlate through looking manually at each and every person who signed up in the past day, there's about 100 of them to do that for which would take me at least an hour, if not more, to check just to answer this question.

There's no easy way to check the member list, either. We do have an easy way to check users in general and search for a specific user, but the list is in alphabetical order, not by date. I can find the dated version by going through another part of the site but that doesn't show what dates they joined, it's just in order of date joined, so I'd also have to check each one manually to find the cut-off for a day of people joining.

If I have a spare hour I'll give it a shot to get a general idea, though. Just... it's not something that can be easily checked. >.<;
Could you send me the unsorted list (or a dummy list that has the same data structure if you don't want to disclose the user list). I'll try to build a program to do the sorting for you.
Alternate solution to forum spambots. (example outside of rmn)

New members are required to know a set password to join the forums.
To find that password, new users can ask for it over the discord channel.
Password may be changed on a necessary basis. (if spam got through)
author=Irog
Could you send me the unsorted list (or a dummy list that has the same data structure if you don't want to disclose the user list). I'll try to build a program to do the sorting for you.

The list is basically made up of 20 names a page. Not something that's easily compiled. orz

Actually, it was pointed out to me that we have another list that I completely overlooked. That's a lot better!
Still means that the steps would be:
- open a tab for the dated list
- open a tab for the user searchable list
- find user, check their hidden profile page for their email
- cross-reference that against the failed registration list of only emails
- cry as you do this manually for about 100 users per day



Anyway, I spent the time to do a quick numbers check for yesterday's sign-ups.
Keep in mind that this isn't a full number proper because there's multiples of the same email attempting at times, but the numbers are basically thus:

on the 28th we had
192 Failed registrations
59 accepted registrations

of those that made it through to be accepted, we had, iirc, 3 spam accounts that were dealt with.

Now keep in mind that some of those 59 could end up being more spam accounts, but until they post we can't be sure.

They could also be bots that got past our sign-up protections but couldn't get past the captcha requirements for posting in the forums.
Pages: first 12 next last