MyBB Community Forums

I'll jump straight into what ideas I have in mind..

- Give administrators the ability to enable captcha on the login form regardless of failed logins, this is currently NOT a feature in MyBB, but thanks to Jordan Mussi's patch it's a possibility. However if this was implemented in the core of MyBB 2.0 we webmasters would benefit greatly!

- Enabling the captcha on the contact form (contact.php), regardless of failed contact attempts or if the admin wants to set it to show after X amount of failed contact attempts.

- Show the captcha on the login form, on no permission login forms.. (The page guests view telling them they must login to view that page, the login form) - if you don't understand what i'm on about; logout, try access /modcp.php and you should be granted a login form. thats the form in talking about.

- Allow the forum administrator to make users have to complete a captcha on the newthread.php so they MUST complete the captcha or they can set it so display the captcha after X amount of failed attempts.

How this will benefit the forum administrator(s):

- Captcha's massively prevent bruteforce, botting, spamming etc so I shouldn't even have to explain the possibilities this captcha suggestion would bring to the board.

MyBB 1.8 had captcha functionality however it wasn't that useful, with 2.0 we can make this a possibility so please leave feeedback below. Also throughout this suggestion by captcha I have been refering to Google's ReCaptcha, or the MyBB integrated captcha system!

(2016-05-14, 12:22 PM)Consaholic Wrote: [ -> ]- Give administrators the ability to enable captcha on the login form regardless of failed logins, this is currently NOT a feature in MyBB, but thanks to Jordan Mussi's patch it's a possibility. However if this was implemented in the core of MyBB 2.0 we webmasters would benefit greatly!

I've visited a lot of websites but none requires solving a captcha on login. As a user it would annoy me while it doesn't make the forum more secure at all. MyBB already has an effective brute force protection and has a captcha on registration.

(2016-05-14, 12:22 PM)Consaholic Wrote: [ -> ]- Enabling the captcha on the contact form (contact.php), regardless of failed contact attempts or if the admin wants to set it to show after X amount of failed contact attempts.

I have no idea what you mean with "contact attempts" but there is already a captcha for guests.

(2016-05-14, 12:22 PM)Consaholic Wrote: [ -> ]- Allow the forum administrator to make users have to complete a captcha on the newthread.php so they MUST complete the captcha or they can set it so display the captcha after X amount of failed attempts.

That would be even more annoying than your first suggestion. Also automatic scripts are already capable of solving captchas on registration so they simply would solve these captchas, too.

Damnn if this was in use on any forum, i will simply close the forum tab and browser somewhere else. Super duper annoying . Sorry but bitter truth

for the contact form if Captcha is required for members then find below code twice in contact.php file

if($mybb->settings['captchaimage'] && !$mybb->user['uid'])

and change to

if($mybb->settings['captchaimage']) // && !$mybb->user['uid'])

thanks for the constructive criticism.

however the bruteforce protection on mybb forums is not at all very good. my friends could easily grab the POST data and create a configuration for sentry mba.

thanks anyways.

If an attacker gets to know the password there is literally nothing we can do to stop them using it. A captcha certainly doesn't help either.

A captcha would prevent the bruteforce in the first place.

I don't see the harm in letting the admin CHOOSE IF THEY WANT to have captcha enabled on the login at all times.

So those who find it annoying, don't have to.

But many like me would absolutely love it.

p.s. by captcha im refering to google's recaptcha nocaptcha of course.

I agree with more fine-tuned configuration options for CAPTCHA:

• new thread / new poll (based on user group)
  
• new reply (based on user group)
  
• contact us (based on user group)
  
• register
  

I also agree that if an admin requires CAPTCHA too often, the forum's active membership will dwindle.