MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > Great security questions needed
Full Version: Great security questions needed
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Hugop

2016-06-29, 02:50 PM
Bots are bypassing Google ReCaptcha and my security questions without failing. I can't believe they are really bots, they are way to smart.

Security question I had:
Bots nowadays are way to smart and know the answer of most questions, right? Type agree if you agree.

I thought bots would answer this with yes/no, but they win.

Could anyone suggest me some security questions?

MikeInToshx

2016-06-29, 03:51 PM
I think the questions should be simple enough for users to answer, without having the answer in the question.

I got a question in Dutch on my forum where I give the short word 'pc' for example, and they have to type the full word so 'computer'.

Didn't have a bot try to sign up ever since.

laie_techie

2016-06-29, 08:08 PM
Ask simple questions about your forum's subject matter.

SEO is the abbreviation for what?
* Search Engine Optimization
* Search Engine Optimisation

Have multiple questions.

Paradigm

2016-06-30, 11:06 AM
Bots will become more and sophisticated you can only do some much to protect against them. I would always suggest that they require email activation as well to ensure they are even less likely to make it to the member status.

miniml

2016-07-01, 12:28 AM
Switch to noCaptcha, they won't get around that.

katos

2016-07-01, 03:32 PM
As Miniml suggest, switch to noCaptcha - I won't suggest that they won't get round it (since bots will develop over time, and eventually work out ways past systems like this).
Also, try adding stop forum spam, or something similar

Hugop

2016-07-04, 12:08 AM
I have e-mail verification and noCaptcha, nothing helps. Most mail addresses are unique gmail/hotmail/outlook/yahoo addresses.

This is the year we are in, the only thing that may save us are the security questions. I was thinking of site specific questions like "What is the color of the header?" (Bots are going to spam with colors) or "How to spell the site's name backwards?" (Bots may know what the site's name is via URL).

Couldn't find anything human friendly and bot safe, sadly.

katos

2016-07-04, 10:39 AM
(2016-07-04, 12:08 AM)Hugop Wrote: [ -> ]I have e-mail verification and noCaptcha, nothing helps. Most mail addresses are unique gmail/hotmail/outlook/yahoo addresses.

This is the year we are in, the only thing that may save us are the security questions. I was thinking of site specific questions like "What is the color of the header?" (Bots are going to spam with colors) or "How to spell the site's name backwards?" (Bots may know what the site's name is via URL).

Couldn't find anything human friendly and bot safe, sadly.

As recommended, try to install stopforumspam or clean talk. These will filter registrations based on email and IP reputation and should help to reduce the risk of bot registrations

Hugop

2016-07-06, 06:56 AM
(2016-07-04, 10:39 AM)katos Wrote: [ -> ]
(2016-07-04, 12:08 AM)Hugop Wrote: [ -> ]I have e-mail verification and noCaptcha, nothing helps. Most mail addresses are unique gmail/hotmail/outlook/yahoo addresses.

This is the year we are in, the only thing that may save us are the security questions. I was thinking of site specific questions like "What is the color of the header?" (Bots are going to spam with colors) or "How to spell the site's name backwards?" (Bots may know what the site's name is via URL).

Couldn't find anything human friendly and bot safe, sadly.

As recommended, try to install stopforumspam or clean talk. These will filter registrations based on email and IP reputation and should help to reduce the risk of bot registrations

That is an option, however, it doesn't solve the fact that my/our security questions are useless. I would like to have a great question that most bots fail.

katos

2016-07-06, 11:56 AM
(2016-07-06, 06:56 AM)Hugop Wrote: [ -> ]
(2016-07-04, 10:39 AM)katos Wrote: [ -> ]
(2016-07-04, 12:08 AM)Hugop Wrote: [ -> ]I have e-mail verification and noCaptcha, nothing helps. Most mail addresses are unique gmail/hotmail/outlook/yahoo addresses.

This is the year we are in, the only thing that may save us are the security questions. I was thinking of site specific questions like "What is the color of the header?" (Bots are going to spam with colors) or "How to spell the site's name backwards?" (Bots may know what the site's name is via URL).

Couldn't find anything human friendly and bot safe, sadly.

As recommended, try to install stopforumspam or clean talk. These will filter registrations based on email and IP reputation and should help to reduce the risk of bot registrations

That is an option, however, it doesn't solve the fact that my/our security questions are useless. I would like to have a great question that most bots fail.

Bots can sadly find ways around questions. 
Here's some I use:

Name an admin on this site
What software do we use
Spell out our forum name with no spaces
Spell out our forum name with spaces after each letter
What colour is our logo
How many admins do we have
What year did MyBB first start?

Hope this helps a little! :-)
Pages: 1 2
MyBB Community Forums > 1.8 Support > Security Management and Support > Great security questions needed