Skip to main content
What to do about ... CAPTCHA Started by Spuds · · Read 21882 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

What to do about ... CAPTCHA

Another curiosity ...

Is anyone using the built in CAPTCHA function?  That is where you see a random set of letters for your users to guess.  It goes from simple to extreme.

The issues with it are many, the worst  being its easily guessed by:robot:, while being difficult for users to correctly enter (depending on the level).  Several things have been done over the years to harden the code (new fonts, more colors, more noise) but the end result is that bots can still guess the code better than humans :P  The higher levels also fail with php 8+.  The PHP issues can be fixed but why?

I appreciate that some folks do not want to use a service for the CAPTCHA but one of the most effective deterrents is the question and answer verification, or first post moderation, or admin account approval, ....

For 2.0 I've added reCaptcha, hCaptcha and keyCaptcha to the available verification methods.  You do have to "sign up" for the services.  Of those I like hCaptcha the most.  Note that reCaptcha is the V2 level, not the latest V3 which seems a bit, lets say inquisitive.

Anyway, I think its time to remove the old built in Captcha code (its the only thing left in graphics.subs) and just use the service level captcha services above, or any of the other local options available.

Re: What to do about ... CAPTCHA

Reply #1

Two things Spuds -  First, I control access to the forum via directory access, so no, I don't use captcha..

Second, the links in the email I received are  :huh:

<> You can see this message by using this link:
https://www.elkarte.net/community/index.php?topic=6163.new#new

 <> You can go to your first unread message by using this link:
https://www.elkarte.net/community/index.php?topic=6163.new#new

Click either one, and  :tongue:
// Deep inside every dilemma lies a solution that involves explosives //

Re: What to do about ... CAPTCHA

Reply #2

Hey @Spuds !
I use the "Question&Answer" function very effectively, nothing else. Knock out the outdated captcha code. ;)

Re: What to do about ... CAPTCHA

Reply #3

Q and A is where it's at!

Re: What to do about ... CAPTCHA

Reply #4

Thanks for the feedback ... going to do some removal today  :partying_face:

Re: What to do about ... CAPTCHA

Reply #6

Quote from: Spuds – Thanks for the feedback ... going to do some removal today  :partying_face:
The thanks goes to you, for all the heavy lifting!

Re: What to do about ... CAPTCHA

Reply #7

I am not using the built in captcha because
Quote from: Spuds – result is that bots can still guess the code better than humans

I am using Google Captcha combined to Q&A, not the perfect solution since some spam member can still register and post on forum. I'm not sure if they are bots or humans, I guess the second one.
Quote from: Spuds – For 2.0 I've added reCaptcha, hCaptcha and keyCaptcha to the available verification methods.  You do have to "sign up" for the services.  Of those I like hCaptcha the most.
Agree, I also prefer hCaptcha

Don't forget that captcha is not only for registration, can be used on contact page or can be requested for the the first X posts of a new member.
sorry for my bad english

Re: What to do about ... CAPTCHA

Reply #8

Quote from: Spuds –
Quote from: Steeley – Second, the links in the email I received are
Those seem to work for me ?

Actually, for some reason, when I hover over the top link ('see this message'), the displayed URL is https://www.elkarte.net/community/index..php?topic=6163.new#new. but only in THAT message. Click it and it generates the dreaded 404 (of course)
The bottom one ('first unread') is fine.  They are the same displayed link, because the message is both.

Ah, I found it..

--ELK-cb0ab3f7a1c48991f7624c6d7c70
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: Quoted-Printable

Code: [Select]
......<snip> /www.elkarte.net/community</a><br /><br /><*> You can see this message by =
using this link:<br />    <a href=3D"https://www.elkarte.net/community/inde=
x..php?topic=3D6163.new#new">https://www.elkarte.net/community/index.php?to=
pic=3D6163.new#new</a><br /><br /><*> You can go to your first unread messa=
ge by using this link:<br />    <a href=3D"https://www.elkarte.net/communit=
y/index.php?topic=3D6163.new#new">https://www.elkarte.net/community/index.p=
hp?topic=3D6163.new#new</a><br /><br /><*> Unsubscribe to this Board by usi=
ng this link:<br />  

I do not see the "index..php" repeated in any other message, but they aren't the first message in the thread either, and none contain line breaks at "inde= to orphan the 'x' to the next line.

So I'm not sure if it's me or EH.. no idea what caused that.. :zany_face:
// Deep inside every dilemma lies a solution that involves explosives //
 

Re: What to do about ... CAPTCHA

Reply #9

That double .. is strange.  Not sure where that is coming from !

Re: What to do about ... CAPTCHA

Reply #10

Quote from: Steeley –
I do not see the "index..php" repeated in any other message, but they aren't the first message in the thread either, and none contain line breaks at "inde= to orphan the 'x' to the next line.

So I'm not sure if it's me or EH.. no idea what caused that.. :zany_face:


@Spuds  It appears to be related to word-wrap orphaning the "x." of 'index.php' ( "inde=x..php" ). Other emailed posts (first in topic or not) don't replicate the problem, but they don't wrap at exactly that point in the link, either.

Maybe the "f'-up fairy" was just passing through...   :rolleyes:   (happens to me a lot..)
// Deep inside every dilemma lies a solution that involves explosives //

Re: What to do about ... CAPTCHA

Reply #11

That could be!

The wrapping is what quoted-printable encoding does to a text string.  That a built in function for the language, not something I wrote :innocent:  I'll do some more looking at the code, especially new topic and see if I can repo this on my local.  I did take the string you posted and ran it though a quoted printable decode, and its all right other than those (2) ".." 

Its been a couple of weeks, so I need to re-state, I hate email :P

Re: What to do about ... CAPTCHA

Reply #12

Back in the TCPIP/telenet days of BSD and VAX-VMS SYS36, etc.., when unix shipped with u/p guest/guest, and every access port wide open (and nobody cared) I was working with some lads out of XDS and Lockheed's Skunkworks, and I was running a Z80 processor on a CP/M box with a Bell acoustic coupler, "email" was logging in on someone's computer, navigating to their personal message folder and dropping a text file in it, then navigating to yours and see if anything was there for you to copy to your floppy disk (no hard drive).. 
For amusement we had contests to see how many college and defense computers we could daisy-chain together in a big loop and eventually log back in to the first computer system we accessed, log and count the hops and the miles  (and continents) and see who could top it.  And then back out of the loop in reverse order without disconnecting and severing the chain in the middle by mistake (disqualification). All command line..  Those were the days...

They could have left it all like that, it was all fine and fun and games, but then someone started selling game software (worm, space invader and something else in a 3 game package for $20 (heresy.. you write and share software, only dweebs BUY IT!!), and the lads thought automating text file transfers in scheduled relays all over the State of California would be cool (and low and behold, what we constructed in CP/m got ported to DOS which had just come out, eventually to become RBBS).., and it's been all going down hill ever since..  I blame Gates, honestly.

Ray Tomlinson wasn't part of our happy little group, but he was fairly well known to several of the guys at XDS. I mostly just beta-tested their stuff, once I proved I've little talent for programming - I'm a hardware guy - but I'm really adept at finding bugs (or them finding me) and breaking other-people's software. Ray left the planet 6 years ago, and I wouldn't be surprised to learn he wasn't fond of what his "invention" turned into either.  You want to move binary files, that's what FTP is for, and HTML is for web documents, not email

Oh, and everyone needs to stay off my lawn, too. :: curmudgeon ::
Last Edit: September 16, 2022, 04:40:13 am by Steeley
// Deep inside every dilemma lies a solution that involves explosives //

Re: What to do about ... CAPTCHA

Reply #13

Ah the old acoustic coupler, in all its 110 baud glory !  Surpassed by the Hayes 300 and the ultimate daddy 1200 :P  And who can forget the fun of trying to get to computers to transfer a binary file via xmodem

I bet if I look around I can find an old copy of RBBS, back when it was CP/M, but really never used it.

Oh and to somewhat close out the captcha thing,  for 2.x its all been replaced with the 3rd party ones I outlined in a previous post (re/h/key captcha).  Allowed removing a bundh of files and fonts.  Need to check they work fine in the contact  / search and any other areas, but they should be fine.

For 1.1.9 (yes there will be one) I was kind of required to update it so it worked with 8.1.  In doing that I replaced a couple of the TTF fonts as they were not the best choice for scaling and rotating (they were difficult to read to begin with).  Anyway it seems better behaved now, although just bot candy.

Re: What to do about ... CAPTCHA

Reply #14

Quote from: Spuds –
I bet if I look around I can find an old copy of RBBS, back when it was CP/M, but really never used it.


RBBS would have been DOS, I think I have its CP/m precursor still, but it's on a double-side single density 5 1/4 floppy for CP/m and while I still have a CP/m box (Xerox 820), the dual-drives no longer work so I can't be sure what's on what any more. (FWIW, I turned my IBM PC Jr into a planter, but my ZDS XT still works, with a Hayes 9600 Smartmodem 10 MB hard drive running DOS Wildcat BBS - that was wizbang stuff there boy.... but now there's just nothing to dial into any more..  :cry:  )

And now captcha support goes away? Gosh, whatever does the future hold for us now?   :nerd:
// Deep inside every dilemma lies a solution that involves explosives //