We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

keyCAPTCHA is needed | Forum

Topic location: Forum home » Support » General Questions
SPIDER-L33T
SPIDER-L33T Jan 31 '13

For registration forms needed alternative protection module (instead captcha). 

keyCAPTCHA - good idea.


The standard captcha module in the registration form some bots easily leave.

#1
Stuart
Stuart Jan 31 '13
I agree, the current capture is totally inadequate. I have added a required custom sign-up question and this has stopped spam.


It is an indication that the standard capture has been targeted and exploited. The capture needs to be taken out of the core and placed as a plugin.


Diversity is the only way as spammers will exploit known defaults. 

#2
Alia Team
Alia Feb 1 '13
Spider-L33t  and Stuart, almost any Captcha can be hacked.

If you would like to user another Captcha, you just need to replace current Php Captcha by another one within the software's source code.
#3
Stuart
Stuart Feb 1 '13
That is great all I am saying is that it would be great to have the capture functionality exposed to the plugin structure. That way oxwall and the developer community can diversify.


I am aware it is impossible for any capture to stay hack proof. All I am saying is that it is pretty obvious what we have has been hacked. Prob the screen location is known and maybe it might be a bot doing OCR. I dunno.


If we had the capture as a plugin then we could gain diversity through the oxwall store.

#4
Purusothaman Ramanujam
Purusothaman Ramanujam Feb 3 '13

Quote from Aliia almost any Captcha can be hacked.

+1. There is a link in the internet which compares the hacking % of various captcha methods. Based on those checklist, captcha used by Oxwall is much better.
#5
Stuart
Stuart Feb 3 '13
Puru, Aliia, I love oxwall think its great but I have no idea what it is. As soon as a default oxwall goes out there I am hit with spam generally.


For signup the captch is required and it doesn't seem to do a thing. A custom required signup question stops spam completely.


That result is indicative that the oxwall capture isn't doing a thing for me and from what I read on the forum others either.


How many of the community get better results or no spam from a custom required sign-up question?


Please post so we can get some results.


We need the capture code removed from the core and placed as a plugin mechanism so it is easy for us all to change and diversify capture methods and placement and style.

#6
Purusothaman Ramanujam
Purusothaman Ramanujam Feb 3 '13
custom required sign-up question helps for many of my clients. I know hackers will become smart to update their script to bypass that too. But it still helps you for long time untill they discover it.
#7
Stuart
Stuart Feb 3 '13
For me it would seem the hackers are aiming spam at the default site. This is the same for any common piece of software. Its the ironic thing about being good and popular as it paints a target.

I must be missing some reasoning here as I do think the spam is due to popularity and do understand the irony of providing good software.


What I don't understand is the reluctance to remove the capture from the core and allow diversity through capture plugins?


#8
Alia Team
Alia Feb 4 '13
Stuart, I understand your point.

Diversification of CAPTCHA is a good idea and we will keep it mind.

However, currently we are developing another solution to bypass spammers and bots and we don't have resources to create a CAPTCHA plugin yet.



#9
cit27
cit27 Feb 4 '13

Quote from SPIDER-L33T

The standard captcha module in the registration form some bots easily leave.

(I have added a required custom sign-up question and this has stopped spam only for day/week in my site. The Spam come back again)..

I do not mean to promote..
->If your goal is to prevent spam and bots, you can try antispammer plugin ... I tried it and  work until now...


#10
Stuart
Stuart Feb 4 '13
Antispammer is good and I also have it running, paul has done an excellent job. Paul has his work cut out as it is always a game of catchup with the spammers. The honeypot idea is an excellent idea (oxpot) I have several domain pointing to his honeypot.


Allia I don't think oxwall should create another captcha, just to move the current captcha mechanism out of the core and place it as a plugin. That way developers can provide the diversity and lessen the work for oxwall.

#11
SPIDER-L33T
SPIDER-L33T Feb 5 '13
Quote from Stuart I don't think oxwall should create another captcha, just to move the current captcha mechanism out of the core and place it as a plugin. That way developers can provide the diversity and lessen the work for oxwall
+1.

Move captcha to the plugin and allow the administrator to change it to its decision without making changes to the core.

#12
Ox Generator
Ox Generator May 25 '13

Quote from SPIDER-L33T KeyCAPYCHA - good idea
Not to me or my users.
This is backdoor for external provider with doubtful rep for webscraping private vistors' data, track them and sell this info to god knows whom
#13
SPIDER-L33T
SPIDER-L33T May 31 '13
Quote from Ox Generator
Quote from SPIDER-L33T KeyCAPYCHA - good idea
Not to me or my users.
This is backdoor for external provider with doubtful rep for webscraping private vistors' data, track them and sell this info to god knows whom

tnx
#14
ross Team
ross Jun 3 '13
We've added a new post on antispam solutions: http://www.oxwall.org/forum/topic/11284 . Please, take your time to read it. 
#15
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software