The current spam attack is forcing me to go back to some old-school, manual methods for weeding out sleeper spambots that don't post immediately upon sign-up. The last time I did this, I accidentally banned a handful of lurker members for having no posts and screen names that filled the bill. I check IP's, but I'm just a hairless monkey and I make mistakes like all hairless monkeys. If you find yourself banned for reasons unknown to you, please email the staff at writingforumsstaff@gmail.com I can quickly un-ban you if it happens and I have direct access to that email. Apologies in advance, Wrey
Might be an idea for us to take note of that email address now. If we get accidentally banned, we won't be able to get onto the site to get the email address to report the mistake, will we? Or will we? Hairy monkeys make mistakes as well. In fact, they made a big one. They evolved....
Until @Daniel pops in, the suggestion remains just that. He is the only member with the accesses to change such things.
One would still be able to see this thread and post even from a logged-out position. Only the Workshop and the Contest Areas are closed to access when not logged in.
You should be able to access the site, but not log in (unless they do an IP ban, which is generally a bad idea since IPs are dynamic and may change).
CAPTCHA is virtually useless these days. Good OCR software can decode mangled text better than most humans. And if it fails a couple times, the software can try again. Spammer tools have more patience than typical new users.
That's why the suggestions concerns replacing the image captcha with a Q&A captcha, where a proper questions is asked rather than an image shown. The bot would then need to be able to read the questions, interpret it and find the correct answer in order to bypass the system.
Q & A schemes have a limited, closed repertoire of Q/A pairs. Spambots work a volume business, and it's no big obstacle to train the bot to recognize the questions and come up with acceptable responses a high enough percentage of the time. Remember, a spambot that succeeds in creating an account 1% of the time can still flood a site very effectively.
I think when you are banned you can read but not post. I may be mistaken but the forum is open (except the members only sub-forums) to the public at large. As I see has already been addressed.
Just out of curiosity, are the bots reading the captcha? I suppose it was only a matter of time. Time for our side to up the arms race. I like the Q&A captcha idea.
Though maybe a Q&A captcha is still stronger than an image captcha and would help a little? And eventually maybe we'll get an even better captcha system, like a combined Q&A + image captcha (say, "What animal is in this image?"). That ought to be even more secure, but probably more of a chore to implement. Yup, the bots can read the captchas. Somehow.
This captcha implementation seems to be a bit more clever than the usual image types : http://www.u229.no/stuff/Captcha/
Looks pretty interesting, though there is a potential drawback. Since the captcha is based on HTML code generated by JavaScript it is injected into the document as normal HTML. This means that if you look at the code for the live document (Right click -> Inspect Element, not Right Click -> View source) the captcha letters can be found in three lines right after each other. HTML: <div id="lccvpcnubsat"> <span class="jikdzdszygij">G</span> <span class="kwsrwfmxrwhf">Y</span> <span class="noynpwumsfft">D</span> </div> I suppose that the reason it works is because of the randomisation of the actual code that is involved (random css class names, for instance) that makes it difficult for a bot to recognise what part of the page is the captcha-HTML. Though when a bot actually finds the correct div-element the code is written out in plain sight. And finding that element could be done by looking for an element with a randomised id attribute (e.g. id="lccvpcnubsat"). Or a bot could look for a bunch of elements containing only single letters.
@Komposten : the developer writes that "The user will not always be asked to simply enter the displayed characters, but also the color of one of the characters. These questions are randomized as well." and "The characters are not always printed as plain ascii letters, sometimes their hexadecimal or decimal values are used." so it's not that straightforward to break this captcha. @Cogito : you are right, the time of images with distorted text is over. However it's just a method that doesn't work well any more, but captcha is more than that. You can forget text and use pictures or geometrical objects asking questions about the image. Questions like "What is the color of the biggest triangle?" or "How many sheeps are in the picture?" will be much more difficult to answer than just reading crappy letters. Asking "Who wrote Romeo and Juliet?" and check if the reply contains the word "Shakespeare" may work for a few years, until artificial intelligence advances so much that the bots can answer these with a Google search (if you search for the above question and copy the first hit's first sentence to the reply field it will pass). The creators of these spiders/bots do not invest too much effort to break one site's anti-bot defense. They break the commonly used forum engines and commonly used captcha types. A non popular or standalone solution can keep them away. This is a writers' forum so I'm sure members would collect hundreds and thousands of Q&A for the captcha. So we are waiting for @Daniel to share his opinion, as I see.
Oh, I must have missed that part (didn't read everything). The built-in question system is definitely a big plus since it combines as Q&A system with the "image" captcha system. As for the "sometimes their hexadecimal or decimal values are used" part, it doesn't really matter. The code I quoted in my previous post was generated using hexadecimal values for the characters, but when they are added to the page HTML they are (apparently) replaced by the ascii/unicode representation and thus the characters are plainly visible. Though maybe this is not always the case.
Well, we could banter back and forth about the theoretical efficacy of Q&A captchas, or someone could spend the sixty seconds it would take to activate it on this site and find out if it helps. As I stated before, I have never seen a successful bot registration on a Q&A captcha-enabled forum.
@stevesh : that "someone" you mentioned is @Daniel. As Wrey stated he is the only one who can activate such functions. But everyone (including myself) like to add our 2 cents (our it's just we love our voices).
@Komposten : it can be as simple as displaying a rectangle and asking the user to tell it's color. A bot can be easily trained to solve this captcha but it requires the bot's owners to develop a custom solution just for this particular site. I don't think they would bother investing that effort.
I think I mentioned somewhere that it could work with a "Q&A image captcha" where a question is asked based on an image (like "what colour is this triangle?"). Though asking for colours is probably a pretty bad idea since there are colour blind people. But I still get your point, and since it seems a quite simple solution maybe it's worth trying.
@Komposten : ohhh, I totally forgot that not everyone see all colors properly. Let's come up with new types of questions : - Which is the biggest letter? - How many triangles are there? - Add these two numbers! (3 +5) - What is the next one? (2, 4, 6, ?)
