View Issue Details

IDProjectCategoryView StatusLast Update
0001579Composrcaptchapublic2019-06-26 01:35
ReporterChris GrahamAssigned ToChris Graham 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0001579: CAPTCHA supplement: Per-site Q&A
DescriptionIn addition to the CAPTCHA, have per-site entered questions and answers. This means even if the CAPTCHA is broken, the hacker would need to work out the Q&A's for each individual site they were targeting.

Full write-up is on forum:

Repeated below...
Additional InformationI have a suggestion of an add-on (or perhaps part of the core product). Here it is, broken down into easy to digest parts.

1. Ability to set questions that must be answered during registration to regesture for an account on your Composr powered community

2. The questions have a set of answers that you set up before hand

3. The number of questions that you set up are up to you, could be as low as 1

4. The questions and answers should simple enough that real people would be able to easily figure them out based on the content of your site

The idea here is simple, you have a question or two in your registration process that the prospective member must answer to register. If they are a real person, they could easily look through the forum for that answer. If they are a spambot, they will most likely put some stupid link or something in it, and thus not get registered!

This is something that I've seen (and use) elsewhere that works great! I haven't had a single spam bot registration since - though they try daily! This is really important to me because while I love Composr (and miss using it dearly), I hate spambots and spending all day fighting them instead of enjoying my site. If Composr had such a tool to help make it harder for spambots to register, I'd be in heaven... and I bet other sites would benifit from this increased protection with the growing onslaught of spambots everywhere!
TagsType: Spam
Attach Tags
Time estimation (hours)4
Sponsorship open


Patrick Schmalstig

2016-06-08 01:35

administrator   ~0004009

The link above errors:

A field that was supposed to be an integer (for our purposes, a whole number between -2147483648 and 2147483647) was no

Chris Graham

2016-06-08 23:17

administrator   ~0004017

I'll fix the link.

Patrick Schmalstig

2016-06-08 23:22

administrator   ~0004018

I strongly support this feature though nonetheless. It could even be used as an indirect confirmation someone read the rules (you can ask a question about the rules) in addition to keeping spammers out.

Chris Graham

2018-03-07 03:48

administrator   ~0005561

I have added a very primitive version of this, with a novel twist, as a developer addon. This addon is running here. This is what is now in the docs...

[title="2"]Per-site Q&A / Probation / Shadow-banning (advanced)[/title]

There is a developer addon, [tt]antispam_question[/tt], which checks the value of a custom profile field to see if it matches a pre-defined setting. If it does not, it puts the member in the Probation usergroup only.

You could then then configure your forum permissions so there is only a single forum these members see, that normal members don't. This effectively works as a shadow-ban. You can then move people out of Probation manually if you need to.

The developer addon hard-codes the CPF ID being checked against, and the expected value, and the ID of the usergroup to put failing members in (the default Probation usergroup). It would be fairly easy to customise with minimal coding skills.

Issue History

Date Modified Username Field Change
2016-06-08 00:17 Chris Graham Tag Attached: Type: Spam
2016-06-08 00:17 Chris Graham Tag Detached: Type: Security
2016-06-08 01:35 Patrick Schmalstig Note Added: 0004009
2016-06-08 23:17 Chris Graham Note Added: 0004017
2016-06-08 23:22 Patrick Schmalstig Note Added: 0004018
2018-03-07 03:48 Chris Graham Note Added: 0005561
2019-06-26 01:35 Chris Graham Assigned To => Chris Graham
2019-06-26 01:35 Chris Graham Status non-assigned => resolved
2019-06-26 01:35 Chris Graham Resolution open => fixed