Captcha for 1.3 ? (Page 1 of 2)

Hi,

I applied the askimet anti-spam and it worked for quite some time, but after few days I reliazed that users and spammers both were unable to make posts because while askimet was checking it used to time out and then the posts would'nt get submitted. Weird. Anyways if there's some simple captcha thign for 1.3 then it will help.

Thanks.

Hi,

Will this work on 1.3 also ?

Thanks.

Is it possible to imagine that 1.3 will be installed automatically with an anti-spam extension? (or with an automatic anti-spam proposal?)

It should be a good idea: this extension can be kept, can be removed, or can be replaced by another anti-spam extension. But the giant advantage is that a non-geek person will immediatly be able to use FluxBB. Because some Punbb/FluxbB modes cannot be used without modification (i.e. the "guest authorised to post" mode cannot be used).

You decided to not include anti-spam as a core function because there is no real universal answer to fight spam. This is true. But keep in mind than you will lose a lot of users:

I saw an example few days ago (http://ljouanneau.com/blog/post/2008/10 … -vs-phorum - Sorry, it a French example). After 5 year with phorum and without spam, the author decided to try to use punbb on another server. Spam was immediately coming and its first idea was to remove punbb. Eventually he decided to add a captcha. But in the comments we can found another pesrson saying "[...]Now 10 spams per day... forum becomes unusable [...] I will use another system [...]"

Don't you think it may be sad to lose or repel some users as quickly?

The another solution (better?): at the end of the installation, a window asks to the user "It could be a good idea to install now an anti-spam extension. You can install one of the following ones: .....(*) or pass this step (at your own risk)."

(*) Here, the list of all the official anti-spam extensions.

Last edited by Gil (2008-12-12 22:41:43)

Gil: The problem is that whatever anti-spam method we include by default becomes a target. So it doesn't eliminate the people complaining about spam, it just means that our anti-spam measures work for a time and then don't.
Different forums require different features. I don't think a CAPTCHA should be included by default for that reason. Same argument for Akismet or other anti-spam services. However, the options need to be easily accessible for people who need it.

You didn't read exactly what I said. OK, I can understand that you don't want to include "in the core" one particular anti-spam method among others (it could be discutable, but I can understand). But to include "in the core" during FluxBB installation the automatic ability to install one of the official anti-spam extension seems to be a very good (of course, it is mine ) idea:

      [no core impact - your wish:]

• no particular method in the core, or even fixed or imposed,

• each extension can be modified, corrected, upgraded without changing the core,

• the list of proposed methods (extensions) can be modified or increased without changing core too.

      [user-friendly:]

• a new user is warned it is advisable to install an anti-spam method,

• this user has the choice of anti-spam method among officials ones,

• his choice is totally guided,

• the installation after the choice is totally automatic,

• the user can bypass this installation, if he do not want anti-spam, or if he want to install non-official extension,

Of course, the consequence is that FluxBB during installation should be able to automatically connect official site and to list among officials extension the anti-spam ones (but it can, if offline, display an advertisement).

The point is what you think should be included others don't, thats why they're better as extensions in the first place.

Hi,

In the end i would say that a simple captcha with enable / disable in admins should be there for at the new user registration. If you cannot put this for any reason then its very sad. Every forum that is coming out has this basic functionality.

You should put atleast the basic security features in the script so it shows that it can do some thing instead of giving your personal reasons. You say if you put anti-spam it will be broken, but till its broken it will stop the spammers. And i have seen that mostly the simple md5 based captcha's are broken by spammers. Almost every site is now a days using image based captcha's so whats the issue with punbb ?

You think simple md5 captcha's will be broken ? Put some random key thing in it, so on everywebsite the catcha is unique, if you know what i mean ? Admin can put his own random words which will mix with original captcha text so that the resulting md5 code is always unique on each website.

Rest is upto you, but remember fluxbb / punbb are the most easiest resource for spammers. I had punbb and fluxbb on 2 different websites and i noticed the registration of spammers on both sites at the same time. This clearly shows how much pun/fluxbb is being hit by spammers.

We're you're users! We're giving you feedback on your script. Make it better!

You can use recaptcha if you want, should be pretty easy to integrate.

red rag to bull.

but everyone is not doing it - proof - I'm not.

Security is for stopping malicious code, not spammers

until its broken perhaps. Not all spam comes from automated means though.

captcha's are broken all the time, even those that look like they can't be cracked. there is a page somewhere that lists a lot of them.

HUH! by your definition then a lot of the extensions should become core - which rather misses the point somewhat. Why add this one, and not that one, or this one over here - it would become an endless list. This is why there is an extension system.

see answer to point 5.

Surely just adding an extension, which anyone that wishes to use it is far far easier than what you are suggesting.

scuse me?