Another curiosity ...
Is anyone using the built in CAPTCHA function? That is where you see a random set of letters for your users to guess. It goes from simple to extreme.
The issues with it are many, the worst being its easily guessed by :robot:, while being difficult for users to correctly enter (depending on the level). Several things have been done over the years to harden the code (new fonts, more colors, more noise) but the end result is that bots can still guess the code better than humans :P The higher levels also fail with php 8+. The PHP issues can be fixed but why?
I appreciate that some folks do not want to use a service for the CAPTCHA but one of the most effective deterrents is the question and answer verification, or first post moderation, or admin account approval, ....
For 2.0 I've added reCaptcha, hCaptcha and keyCaptcha to the available verification methods. You do have to "sign up" for the services. Of those I like hCaptcha the most. Note that reCaptcha is the V2 level, not the latest V3 which seems a bit, lets say inquisitive.
Anyway, I think its time to remove the old built in Captcha code (its the only thing left in graphics.subs) and just use the service level captcha services above, or any of the other local options available.
Two things Spuds - First, I control access to the forum via directory access, so no, I don't use captcha..
Second, the links in the email I received are :huh:
<> You can see this message by using this link:
https://www.elkarte.net/community/index.php?topic=6163.new#new
<> You can go to your first unread message by using this link:
https://www.elkarte.net/community/index.php?topic=6163.new#new
Click either one, and :tongue:
Hey
@Spuds !
I use the "Question&Answer" function very effectively, nothing else. Knock out the outdated captcha code. ;)
Q and A is where it's at!
Thanks for the feedback ... going to do some removal today :partying_face:
Those seem to work for me ?
The thanks goes to you, for all the heavy lifting!
I am not using the built in captcha because
I am using Google Captcha combined to Q&A, not the perfect solution since some spam member can still register and post on forum. I'm not sure if they are bots or humans, I guess the second one.
Agree, I also prefer hCaptcha
Don't forget that captcha is not only for registration, can be used on contact page or can be requested for the the first X posts of a new member.
Actually, for some reason, when I hover over the top link ('see this message'), the displayed URL is https://www.elkarte.net/community/
index..php?topic=6163.new#new. but only in THAT message. Click it and it generates the dreaded 404 (of course)
The bottom one ('first unread') is fine. They are the same displayed link, because the message is both.
Ah, I found it..
--ELK-cb0ab3f7a1c48991f7624c6d7c70
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-Printable
......<snip> /www.elkarte.net/community</a><br /><br /><*> You can see this message by =
using this link:<br /> <a href=3D"https://www.elkarte.net/community/inde=
x..php?topic=3D6163.new#new">https://www.elkarte.net/community/index.php?to=
pic=3D6163.new#new</a><br /><br /><*> You can go to your first unread messa=
ge by using this link:<br /> <a href=3D"https://www.elkarte.net/communit=
y/index.php?topic=3D6163.new#new">https://www.elkarte.net/community/index.p=
hp?topic=3D6163.new#new</a><br /><br /><*> Unsubscribe to this Board by usi=
ng this link:<br />
I do not see the "index..php" repeated in any other message, but they aren't the first message in the thread either, and none contain line breaks at "inde= to orphan the 'x' to the next line.
So I'm not sure if it's me or EH.. no idea what caused that.. :zany_face:
That double .. is strange. Not sure where that is coming from !
@Spuds It appears to be related to word-wrap orphaning the "x." of 'index.php' ( "inde=x..php" ). Other emailed posts (first in topic or not) don't replicate the problem, but they don't wrap at exactly that point in the link, either.
Maybe the "f'-up fairy" was just passing through... :rolleyes: (happens to me a lot..)
That could be!
The wrapping is what quoted-printable encoding does to a text string. That a built in function for the language, not something I wrote :innocent: I'll do some more looking at the code, especially new topic and see if I can repo this on my local. I did take the string you posted and ran it though a quoted printable decode, and its all right other than those (2) ".."
Its been a couple of weeks, so I need to re-state, I hate email :P
Back in the TCPIP/telenet days of BSD and VAX-VMS SYS36, etc.., when unix shipped with u/p guest/guest, and every access port wide open (and nobody cared) I was working with some lads out of XDS and Lockheed's Skunkworks, and I was running a Z80 processor on a CP/M box with a Bell acoustic coupler, "email" was logging in on someone's computer, navigating to their personal message folder and dropping a text file in it, then navigating to yours and see if anything was there for you to copy to your floppy disk (no hard drive)..
For amusement we had contests to see how many college and defense computers we could daisy-chain together in a big loop and eventually log back in to the first computer system we accessed, log and count the hops and the miles (and continents) and see who could top it. And then back out of the loop in reverse order without disconnecting and severing the chain in the middle by mistake (disqualification). All command line.. Those were the days...
They could have left it all like that, it was all fine and fun and games, but then someone started selling game software (worm, space invader and something else in a 3 game package for $20 (heresy.. you write and share software, only dweebs BUY IT!!), and the lads thought automating text file transfers in scheduled relays all over the State of California would be cool (and low and behold, what we constructed in CP/m got ported to DOS which had just come out, eventually to become RBBS).., and it's been all going down hill ever since.. I blame Gates, honestly.
Ray Tomlinson wasn't part of our happy little group, but he was fairly well known to several of the guys at XDS. I mostly just beta-tested their stuff, once I proved I've little talent for programming - I'm a hardware guy - but I'm really adept at finding bugs (or them finding me) and breaking other-people's software. Ray left the planet 6 years ago, and I wouldn't be surprised to learn he wasn't fond of what his "invention" turned into either. You want to move binary files, that's what FTP is for, and HTML is for web documents, not email
Oh, and everyone needs to stay off my lawn, too. :: curmudgeon ::
Ah the old acoustic coupler, in all its 110 baud glory ! Surpassed by the Hayes 300 and the ultimate daddy 1200 :P And who can forget the fun of trying to get to computers to transfer a binary file via xmodem
I bet if I look around I can find an old copy of RBBS, back when it was CP/M, but really never used it.
Oh and to somewhat close out the captcha thing, for 2.x its all been replaced with the 3rd party ones I outlined in a previous post (re/h/key captcha). Allowed removing a bundh of files and fonts. Need to check they work fine in the contact / search and any other areas, but they should be fine.
For 1.1.9 (yes there will be one) I was kind of required to update it so it worked with 8.1. In doing that I replaced a couple of the TTF fonts as they were not the best choice for scaling and rotating (they were difficult to read to begin with). Anyway it seems better behaved now, although just bot candy.
RBBS would have been DOS, I think I have its CP/m precursor still, but it's on a double-side single density 5 1/4 floppy for CP/m and while I still have a CP/m box (Xerox 820), the dual-drives no longer work so I can't be sure what's on what any more. (FWIW, I turned my IBM PC Jr into a planter, but my ZDS XT still works, with a Hayes 9600 Smartmodem 10 MB hard drive running DOS Wildcat BBS - that was wizbang stuff there boy.... but now there's just nothing to dial into any more.. :cry: )
And now captcha support goes away? Gosh, whatever does the future hold for us now? :nerd:
What does the clean talk mod do for spam?
It works insanely well for my wiki, Wordpress or SMF installs?
Does it just check messages against a database?
Never heard of it before.
Appears to be a pay for service, which means they are part of the deep state that actually creates the spam, they don't want to stop it, they want moar :P
A quick look ... It appears to send the full post to the service to be checked. So it would have to be some form of checks in place for the ip, email, password, name, other? Honestly I'm a tad leery of sending a users data to another site.
I just wondered if it was doing anything clever. It seems to work incredibly well.
They probably are ... but they are not giving away their secret sauce.
1) send them the post, 2) :magic_wand: magic happens, 3) get your result
May be good idea for an addon.
What about Turnstile from Cloudflare?
I've seen many websites using this solution?
I've seen that quite a lot as well.
TBH I find it a bit intrusive, seems to take to long at times. That said I'll see if I can add that to 2.0's list of captcha agents :D
Here ya go .... http://addons.elkarte.net/security/turnstile.html
Give it a try and let me know (I'll open an addon thread)