View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001579||Composr||captcha||public||2014-02-24 17:18||2019-06-26 01:35|
|Reporter||Chris Graham||Assigned To||Chris Graham|
|Fixed in Version|
|Summary||0001579: CAPTCHA supplement: Per-site Q&A|
|Description||In addition to the CAPTCHA, have per-site entered questions and answers. This means even if the CAPTCHA is broken, the hacker would need to work out the Q&A's for each individual site they were targeting.|
Full write-up is on forum: http://ocportal.com/forum/topicview/misc/addons/addon_suggestions/registration-questions.htm?post_id=-2#first_unread
|Additional Information||I have a suggestion of an add-on (or perhaps part of the core product). Here it is, broken down into easy to digest parts.|
1. Ability to set questions that must be answered during registration to regesture for an account on your Composr powered community
2. The questions have a set of answers that you set up before hand
3. The number of questions that you set up are up to you, could be as low as 1
4. The questions and answers should simple enough that real people would be able to easily figure them out based on the content of your site
The idea here is simple, you have a question or two in your registration process that the prospective member must answer to register. If they are a real person, they could easily look through the forum for that answer. If they are a spambot, they will most likely put some stupid link or something in it, and thus not get registered!
This is something that I've seen (and use) elsewhere that works great! I haven't had a single spam bot registration since - though they try daily! This is really important to me because while I love Composr (and miss using it dearly), I hate spambots and spending all day fighting them instead of enjoying my site. If Composr had such a tool to help make it harder for spambots to register, I'd be in heaven... and I bet other sites would benifit from this increased protection with the growing onslaught of spambots everywhere!
|Time estimation (hours)||4|
The link above errors:
A field that was supposed to be an integer (for our purposes, a whole number between -2147483648 and 2147483647) was no
||I'll fix the link.|
||I strongly support this feature though nonetheless. It could even be used as an indirect confirmation someone read the rules (you can ask a question about the rules) in addition to keeping spammers out.|
I have added a very primitive version of this, with a novel twist, as a developer addon. This addon is running here. This is what is now in the docs...
[title="2"]Per-site Q&A / Probation / Shadow-banning (advanced)[/title]
There is a developer addon, [tt]antispam_question[/tt], which checks the value of a custom profile field to see if it matches a pre-defined setting. If it does not, it puts the member in the Probation usergroup only.
You could then then configure your forum permissions so there is only a single forum these members see, that normal members don't. This effectively works as a shadow-ban. You can then move people out of Probation manually if you need to.
The developer addon hard-codes the CPF ID being checked against, and the expected value, and the ID of the usergroup to put failing members in (the default Probation usergroup). It would be fairly easy to customise with minimal coding skills.
|2016-06-08 00:17||Chris Graham||Tag Attached: Type: Spam|
|2016-06-08 00:17||Chris Graham||Tag Detached: Type: Security|
|2016-06-08 01:35||Patrick Schmalstig||Note Added: 0004009|
|2016-06-08 23:17||Chris Graham||Note Added: 0004017|
|2016-06-08 23:22||Patrick Schmalstig||Note Added: 0004018|
|2018-03-07 03:48||Chris Graham||Note Added: 0005561|
|2019-06-26 01:35||Chris Graham||Assigned To||=> Chris Graham|
|2019-06-26 01:35||Chris Graham||Status||non-assigned => resolved|
|2019-06-26 01:35||Chris Graham||Resolution||open => fixed|