1. Wreybies
    Offline

    Wreybies The Ops Pops Operations Manager Staff Contest Administrator Supporter Contributor

    Joined:
    May 1, 2008
    Messages:
    18,911
    Likes Received:
    10,104
    Location:
    Puerto Rico

    Accidentally banned lurkers...

    Discussion in 'Support & Feedback' started by Wreybies, Oct 28, 2014.

    The current spam attack is forcing me to go back to some old-school, manual methods for weeding out sleeper spambots that don't post immediately upon sign-up. The last time I did this, I accidentally banned a handful of lurker members for having no posts and screen names that filled the bill. I check IP's, but I'm just a hairless monkey and I make mistakes like all hairless monkeys. If you find yourself banned for reasons unknown to you, please email the staff at writingforumsstaff@gmail.com

    I can quickly un-ban you if it happens and I have direct access to that email.

    Apologies in advance,
    Wrey
     
  2. jannert
    Offline

    jannert Contributing Member Supporter Contributor

    Joined:
    Mar 7, 2013
    Messages:
    7,821
    Likes Received:
    7,345
    Location:
    Scotland
    Might be an idea for us to take note of that email address now. If we get accidentally banned, we won't be able to get onto the site to get the email address to report the mistake, will we? Or will we?

    Hairy monkeys make mistakes as well. In fact, they made a big one. They evolved....
     
    123456789 likes this.
  3. stevesh
    Offline

    stevesh Banned Contributor

    Joined:
    Mar 17, 2008
    Messages:
    968
    Likes Received:
    646
    Location:
    Mid-Michigan USA
    Any progress on the Q&A captcha ?
     
  4. Wreybies
    Offline

    Wreybies The Ops Pops Operations Manager Staff Contest Administrator Supporter Contributor

    Joined:
    May 1, 2008
    Messages:
    18,911
    Likes Received:
    10,104
    Location:
    Puerto Rico
    Until @Daniel pops in, the suggestion remains just that. He is the only member with the accesses to change such things.
     
  5. Wreybies
    Offline

    Wreybies The Ops Pops Operations Manager Staff Contest Administrator Supporter Contributor

    Joined:
    May 1, 2008
    Messages:
    18,911
    Likes Received:
    10,104
    Location:
    Puerto Rico
    One would still be able to see this thread and post even from a logged-out position. Only the Workshop and the Contest Areas are closed to access when not logged in.
     
    jannert likes this.
  6. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    You should be able to access the site, but not log in (unless they do an IP ban, which is generally a bad idea since IPs are dynamic and may change).
     
  7. stevesh
    Offline

    stevesh Banned Contributor

    Joined:
    Mar 17, 2008
    Messages:
    968
    Likes Received:
    646
    Location:
    Mid-Michigan USA
    Ah, OK. Maybe he should think about deputizing one of you guys to make simple changes like that.
     
    Okon likes this.
  8. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    +1 for CAPTCHA
     
  9. Cogito
    Offline

    Cogito Former Mod, Retired Supporter Contributor

    Joined:
    May 19, 2007
    Messages:
    35,935
    Likes Received:
    2,043
    Location:
    Massachusetts, USA
    CAPTCHA is virtually useless these days. Good OCR software can decode mangled text better than most humans. And if it fails a couple times, the software can try again. Spammer tools have more patience than typical new users.
     
  10. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    That's why the suggestions concerns replacing the image captcha with a Q&A captcha, where a proper questions is asked rather than an image shown. The bot would then need to be able to read the questions, interpret it and find the correct answer in order to bypass the system.
     
  11. Cogito
    Offline

    Cogito Former Mod, Retired Supporter Contributor

    Joined:
    May 19, 2007
    Messages:
    35,935
    Likes Received:
    2,043
    Location:
    Massachusetts, USA
    Q & A schemes have a limited, closed repertoire of Q/A pairs. Spambots work a volume business, and it's no big obstacle to train the bot to recognize the questions and come up with acceptable responses a high enough percentage of the time.

    Remember, a spambot that succeeds in creating an account 1% of the time can still flood a site very effectively.
     
  12. GingerCoffee
    Offline

    GingerCoffee Web Surfer Girl Contributor

    Joined:
    Mar 3, 2013
    Messages:
    17,605
    Likes Received:
    5,879
    Location:
    Ralph's side of the island.
    I think when you are banned you can read but not post. I may be mistaken but the forum is open (except the members only sub-forums) to the public at large.

    As I see has already been addressed. :oops:
     
  13. GingerCoffee
    Offline

    GingerCoffee Web Surfer Girl Contributor

    Joined:
    Mar 3, 2013
    Messages:
    17,605
    Likes Received:
    5,879
    Location:
    Ralph's side of the island.
    As we have seen time and time again.
     
  14. GingerCoffee
    Offline

    GingerCoffee Web Surfer Girl Contributor

    Joined:
    Mar 3, 2013
    Messages:
    17,605
    Likes Received:
    5,879
    Location:
    Ralph's side of the island.
    Just out of curiosity, are the bots reading the captcha? I suppose it was only a matter of time.

    Time for our side to up the arms race. I like the Q&A captcha idea.
     
  15. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    Though maybe a Q&A captcha is still stronger than an image captcha and would help a little?
    And eventually maybe we'll get an even better captcha system, like a combined Q&A + image captcha (say, "What animal is in this image?"). That ought to be even more secure, but probably more of a chore to implement.

    Yup, the bots can read the captchas. Somehow. :(
     
  16. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    This captcha implementation seems to be a bit more clever than the usual image types : http://www.u229.no/stuff/Captcha/
     
  17. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    Looks pretty interesting, though there is a potential drawback. Since the captcha is based on HTML code generated by JavaScript it is injected into the document as normal HTML. This means that if you look at the code for the live document (Right click -> Inspect Element, not Right Click -> View source) the captcha letters can be found in three lines right after each other.

    HTML:
    <div id="lccvpcnubsat">
      <span class="jikdzdszygij">G</span>
      <span class="kwsrwfmxrwhf">Y</span>
      <span class="noynpwumsfft">D</span>
    </div>
    I suppose that the reason it works is because of the randomisation of the actual code that is involved (random css class names, for instance) that makes it difficult for a bot to recognise what part of the page is the captcha-HTML. Though when a bot actually finds the correct div-element the code is written out in plain sight. And finding that element could be done by looking for an element with a randomised id attribute (e.g. id="lccvpcnubsat"). Or a bot could look for a bunch of elements containing only single letters.
     
  18. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    @Komposten : the developer writes that "The user will not always be asked to simply enter the displayed characters, but also the color of one of the characters. These questions are randomized as well." and "The characters are not always printed as plain ascii letters, sometimes their hexadecimal or decimal values are used." so it's not that straightforward to break this captcha.

    @Cogito : you are right, the time of images with distorted text is over. However it's just a method that doesn't work well any more, but captcha is more than that. You can forget text and use pictures or geometrical objects asking questions about the image. Questions like "What is the color of the biggest triangle?" or "How many sheeps are in the picture?" will be much more difficult to answer than just reading crappy letters.
    Asking "Who wrote Romeo and Juliet?" and check if the reply contains the word "Shakespeare" may work for a few years, until artificial intelligence advances so much that the bots can answer these with a Google search (if you search for the above question and copy the first hit's first sentence to the reply field it will pass).

    The creators of these spiders/bots do not invest too much effort to break one site's anti-bot defense. They break the commonly used forum engines and commonly used captcha types. A non popular or standalone solution can keep them away.

    This is a writers' forum so I'm sure members would collect hundreds and thousands of Q&A for the captcha. So we are waiting for @Daniel to share his opinion, as I see.
     
  19. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    Oh, I must have missed that part (didn't read everything). The built-in question system is definitely a big plus since it combines as Q&A system with the "image" captcha system. As for the "sometimes their hexadecimal or decimal values are used" part, it doesn't really matter. The code I quoted in my previous post was generated using hexadecimal values for the characters, but when they are added to the page HTML they are (apparently) replaced by the ascii/unicode representation and thus the characters are plainly visible. Though maybe this is not always the case.
     
  20. stevesh
    Offline

    stevesh Banned Contributor

    Joined:
    Mar 17, 2008
    Messages:
    968
    Likes Received:
    646
    Location:
    Mid-Michigan USA
    Well, we could banter back and forth about the theoretical efficacy of Q&A captchas, or someone could spend the sixty seconds it would take to activate it on this site and find out if it helps. As I stated before, I have never seen a successful bot registration on a Q&A captcha-enabled forum.
     
    Okon likes this.
  21. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    Well, we'll need something to do while waiting for those sixty seconds to pass... ;)
     
  22. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    @stevesh : that "someone" you mentioned is @Daniel. As Wrey stated he is the only one who can activate such functions. But everyone (including myself) like to add our 2 cents (our it's just we love our voices).
     
  23. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    @Komposten : it can be as simple as displaying a rectangle and asking the user to tell it's color. A bot can be easily trained to solve this captcha but it requires the bot's owners to develop a custom solution just for this particular site. I don't think they would bother investing that effort.
     
  24. Komposten
    Offline

    Komposten Insanitary pile of rotten fruit Staff Supporter Contributor

    Joined:
    Oct 18, 2012
    Messages:
    1,584
    Likes Received:
    670
    Location:
    Sweden
    I think I mentioned somewhere that it could work with a "Q&A image captcha" where a question is asked based on an image (like "what colour is this triangle?"). Though asking for colours is probably a pretty bad idea since there are colour blind people. But I still get your point, and since it seems a quite simple solution maybe it's worth trying.
     
  25. Vandor76
    Offline

    Vandor76 Contributing Member

    Joined:
    May 5, 2014
    Messages:
    264
    Likes Received:
    189
    Location:
    Hungary
    @Komposten : ohhh, I totally forgot that not everyone see all colors properly. Let's come up with new types of questions :
    - Which is the biggest letter?
    - How many triangles are there?
    - Add these two numbers! (3 +5)
    - What is the next one? (2, 4, 6, ?)
     
    Komposten likes this.

Share This Page