This may be common sense, but I developed a clever trick to reduce spam bots.
I use an all CAPS word with 2 short puzzle questions to obtain the 2 letter answer.
Do not use these examples since they may not be highly secured with new creative ones.
Ex.1) "MYBB" 1.) Write the 1 + 0 = _st letter as a lowercase. 2.) Write the most common letter as displayed.
Answer: mB
Ex.2) "GOOGLE" 1.) Write the 5th letter as displayed. 2.) Write the letter that looks like a number lowercase.
Answer: Go
Too long of a question might not correctly display the whole question.
I do not believe this is too complicated, the user must follow the two directions carefully to get the correct letters.
I hope this gives you guys better ideas on security questions.
(2018-07-07, 05:26 AM)Robbie626 Wrote: [ -> ]This may be common sense, but I developed a clever trick to reduce spam bots.
I use an all CAPS word with 2 short puzzle questions to obtain the 2 letter answer.
Do not use these examples since they may not be highly secured with new creative ones.
Ex.1) "MYBB" 1.) Write the 1 + 0 = _st letter as a lowercase. 2.) Write the most common letter as displayed.
Answer: mB
Ex.2) "GOOGLE" 1.) Write the 5th letter as displayed. 2.) Write the letter that looks like a number lowercase.
Answer: Go
Too long of a question might not correctly display the whole question.
I do not believe this is too complicated, the user must follow the two directions carefully to get the correct letters.
I hope this gives you guys better ideas on security questions.
Here's how I have mine setup. Notice... this is only a partial list of my security questions. I have 10 security questions in all.
Also, look at how many Incorrect Answers showed up in some of those questions.
You would think that people would be smarter than this. Sighs...
![[Image: 6a4f5ac583a483b89071916afbe1d416.png]](https://camo.mybb.com/a6d7255ea658e5a81821524dfd3db2f33af325c4/68747470733a2f2f692e6779617a6f2e636f6d2f36613466356163353833613438336238393037313931366166626531643431362e706e67)
There is no right or wrong answer to security questions as in the end they are there as human verification nothing more or less.
You can have anything even simple like the answer is 'BCDA', as long as the bot isn't scanning for a common 'the answer is' phrase in the description easily fixed, and it would achieve the same result as a question.
You could even have, are you a bot? if not type 'I am not a bot' and it would achieve the exact same effect.
All security questions are is to stop automated signups which Serpius is how you have incorrect answers, as they are bots trying automated responses like the default 2.2 question.
In the end no automated process can answer a turing test which is any question or answer out of the norm not programmed into its system as a given response, we haven't reached that level of AI yet.
Even online experimental chat bots to improve AI still have issues with responding to questions like the one 4chan made to answer everything with Nazi quotes etc.
While yes we are programming bots to recognise things on their own they are relying on collective data streams to compare those things to like image and other forms of search which can compare similar visual and audio etc things.
This is a area I have been half following for a few years with Japan's robots HRP-4C, Actroid etc etc etc and would love to go into details with you guys and how robots are being developed for various social interactions, hospitals, sex & companion bots, housework maid bots etc etc which I may do on my site at some stage.
So there is no right or wrong questions to as pretty much anything works.
The only time you need to actually put any thought into the question is a stupidity or human scammer test if you want people with only a certain level of knowledge or whatever to join.
Then again nearly everything can be googled for the answer so even that is moot.
Basically anything not commonly used works as a bot isn't programmed for and they are only programmed with common responses as the developers of these spam bots analize common terms as well as default forum response settings.
Anything outside of that is fair game for to use as simple as you want.
One of our security questions is: "What weekday is this year's Good Friday?" -- 67% fail rate, both for bots and human spammers.
(2018-07-08, 09:38 AM)linguist Wrote: [ -> ]One of our security questions is: "What weekday is this year's Good Friday?" -- 67% fail rate, both for bots and human spammers.
That is slightly confusing english when you think about it with grammar.
As weekday could be the day number rather than the name which I would image people are using
Its either friday or the actual day number which this year was Friday, 19 April, next year is the same, then in 2020 the date becomes Friday 10 April for good friday.
So any combination of that date and day name both number and text is what people have been trying.
Remember to use correct grammar and stuff which can't be confused between day name and day date or can be interpreted in multiple responses.
Especially from people all round the world they will take that term slightly different in culture with how they respond to that.
I was born and brought up in GB English here in Australia as opposed to US English, as my primary language (I don't speak or write any others)
So the question itself can be slightly misleading and confusing so you need to more specific.
(2018-07-08, 09:49 AM)drguild Wrote: [ -> ] (2018-07-08, 09:38 AM)linguist Wrote: [ -> ]One of our security questions is: "What weekday is this year's Good Friday?" -- 67% fail rate, both for bots and human spammers.
That is slightly confusing english when you think about it with grammar.
As weekday could be the day number rather than the name which I would image people are using
Its either friday or the actual day number which this year was Friday, 19 April, next year is the same, then in 2020 the date becomes Friday 10 April for good friday.
So any combination of that date and day name both number and text is what people have been trying.
Remember to use correct grammar and stuff which can't be confused between day name and day date or can be interpreted in multiple responses.
Especially from people all round the world they will take that term slightly different in culture with how they respond to that.
I was born and brought up in GB English here in Australia as opposed to US English, as my primary language (I don't speak or write any others)
So the question itself can be slightly misleading and confusing so you need to more specific.
Well, actually... the answer is in the question itself.
It's like asking when did the 'War of 1812' start?
Duh... the answer is in the question. If a human can't figure that out, then we are in deep doo-doo.
(2018-07-08, 09:38 AM)linguist Wrote: [ -> ]One of our security questions is: "What weekday is this year's Good Friday?" -- 67% fail rate, both for bots and human spammers.
I find this one very funny!
67% fail rate?? Wow! Talk about dumb bots!!! (and humans)
I mean it's like... DUH! The answer is in the question. Sighs...
(2018-07-08, 09:49 AM)drguild Wrote: [ -> ] (2018-07-08, 09:38 AM)linguist Wrote: [ -> ]One of our security questions is: "What weekday is this year's Good Friday?" -- 67% fail rate, both for bots and human spammers.
That is slightly confusing english when you think about it with grammar.
As weekday could be the day number rather than the name which I would image people are using
Its either friday or the actual day number which this year was Friday, 19 April, next year is the same, then in 2020 the date becomes Friday 10 April for good friday.
So any combination of that date and day name both number and text is what people have been trying.
Remember to use correct grammar and stuff which can't be confused between day name and day date or can be interpreted in multiple responses.
Especially from people all round the world they will take that term slightly different in culture with how they respond to that.
I was born and brought up in GB English here in Australia as opposed to US English, as my primary language (I don't speak or write any others)
So the question itself can be slightly misleading and confusing so you need to more specific.
Well, the word 'weekday' is implied (at least here in the USA) that one is looking for the actual wording of the day of the week. Sunday, Monday, and etc.
If the word 'date' is implied, then I would take it as the actual date April 19, 2018 (using USA date formatting) or similar date formatting that is used internationally. The point is, the security question asked specifically for the which day (weekday) of the week Good Friday falls on, not the actual date of this year's Good Friday.
That's how I read it.
Ya, i translated the question. In our forum, it is in German and less ambiguous. The only correct answer is "Friday", otherwise i'd have to update the answer settings every year and i'm too lazy for that.
Of course the answer is in the question! That is the beauty of it. We are a linguist(ic)s forum after all, so legitimate users should be able to get past this rather obvious thing quite easily, while human spammers – who more often than not don't speak German – will most likely reply with the date (which will be counted as wrong) and AI bots will "assume" the answer to be too trivial to be the right one in such a context.
Another note you should also have a range of security questions and rotate them periodically.
What I have just come across is while my post above is true that the difficulty level of answering security questions means jack to bots.
What some spammers are doing is using humans to sign up on your site then they automate that sign up for automated forum spam bots who then take over.
I have just found that on my site that there was a referral link on yandex (no longer available luckily) with the values of a registration and the security question base encoded that bots could access and automate.
So you really need a bunch of simple rotating questions as well as to change the entire lot when it starts becoming problematic.
That way they would be forced to send more human spammers to gather the information to automate your site again.
As mentioned bots cannot do turing tests and automatically come up with the answers unless its brute force attacks which I'm sure we have a reg lockout after soo many incorrect attempts of not MyBB needs to add it.
So what usually happens is they send humans to gather that info for the bots and add it to a script.
So you guys need to know this also.
It's not the level of question difficulty as you can just automate it copy/paste to a script, it's the number of questions and rotation that's important.
(2018-07-15, 06:26 AM)drguild Wrote: [ -> ]Another note you should also have a range of security questions and rotate them periodically.
What I have just come across is while my post above is true that the difficulty level of answering security questions means jack to bots.
What some spammers are doing is using humans to sign up on your site then they automate that sign up for automated forum spam bots who then take over.
I have just found that on my site that there was a referral link on yandex (no longer available luckily) with the values of a registration and the security question base encoded that bots could access and automate.
So you really need a bunch of simple rotating questions as well as to change the entire lot when it starts becoming problematic.
That way they would be forced to send more human spammers to gather the information to automate your site again.
As mentioned bots cannot do turing tests and automatically come up with the answers unless its brute force attacks which I'm sure we have a reg lockout after soo many incorrect attempts of not MyBB needs to add it.
So what usually happens is they send humans to gather that info for the bots and add it to a script.
So you guys need to know this also.
It's not the level of question difficulty as you can just automate it copy/paste to a script, it's the number of questions and rotation that's important.
I was under the impression that if you had more than one security question listed... it would automatically be rotated anyways.
I could be wrong... but that's what I thought.
Yep it does rotate randomly.
Doesn't stop the bots trying over a few days till the programmed question comes up.
Also a reason why one may get soo many questions wrong, the bot could be inputting the answer hoping that question comes up.
Also a human spammer may just sit on the registration area rotating the questions programming the responses if the question text is X input X as the answer.