MyBB Community Forums

I've only really just started to customize my forum, but I've noticed that the captcha does hardly anything to prevent forum bots.

A simple Neural Network can learn image recognition of the most complex captcha...
The harder we make the captcha image, the harder and more frustrating it is for real users to join.

I'm not in favor of captcha (since it seems to do nothing / very little to stop bots) and every thing to stop real humans from registering. However, I am in favor of intelligent custom registration, that is very quick and simple to use for humans but hard to code against for spam bots.


One of the things I've done is a simple registration customization. All the user has to do it un-tick a box (an "I am a bot" box), there is also a hidden box with the same question.
-If the user manages to change the value of the hidden box, then they are very likely to be a bot => don’t register
-If the user forgets to change the value of the displayed tick box then they are they have either made a mistake, or are also bots.

Customization works much better than captcha. If everyone uses the same mechanism, then eventually it we be worth designing bots to beat these mechanism. Individual customizations (rather than common plugins or captcha) is the only way to go to prevent bots from registering

- I could make this more complex for bots buy having lots of different hidden boxes, some ticked some not. If this hidden box is change the user must be a BOT. I could also use lots of hiding methods (display: none, lower z-index value than the page, hidden type.. etc), by having lots of boxes that shouldn't be changed, it makes it very hard for the bot to figure out which box it needs to untick.. the combination go up by a power of 2 for each tick box.... at the same time making it very simple for humans to untick the non-hidden box

Captcha gets rid of users who can't spell or read well at least.

I don't see how this can prevent bots really. From what I understand from your post, you can have 50 hidden fields, but there's only going to be one that really matters. Unless the visible field is going to be in a random order around the hidden fields, with a constant changing name, it's definitely going to be easy to figure out. Even the scenario of the random position and name, the pattern can still be figured out.

You need to remember that humans create these bots; if a human can figure your pattern out easily, then your spam preventative measure can deem useless.

(2011-06-14, 05:04 PM)Imad Jomaa Wrote: [ -> ]You need to remember that humans create these bots; if a human can figure your pattern out easily, then your spam preventative measure can deem useless.

That's exactly my point, humans create these bots, and they create them to spam many forums. They don't just try to spam one forum, but millions of forums, hence since the masses use captcha, captcha doesn't work very well.... individual customisation works better

... the other negative side of captach, is that 'better' and more obscure the captchas might be better at getting rid of bots, but this may also have a human price (people cant always be bothered to fill these things in, especially if its too complex)

(2011-06-14, 05:04 PM)Imad Jomaa Wrote: [ -> ]I don't see how this can prevent bots really. From what I understand from your post, you can have 50 hidden fields, but there's only going to be one that really matters.

No they all matter, bots cant always tell which are visible and which aren't (if they havent been disgned to), and there are many ways to hide things from humans. So it might try to randomly tick / untick invisible fields that humans would never touch... if it does this, it is a bot

Also, if it doesn't untick the one visible box (which is very easy for a human to do), then it is also a bot

For a BOT to get through this system, it must untick ONLY the correct visible box.. if it does this without unticking the "invisible" boxes, it gets through... There are many ways to hide things, which makes this a very hard job for the bot to figure out which boxes are really hidden, and which combination it should tick / untick

For a Human to get through, they only have to untick one box "I am a bot", this is very easy for humans and very hard for bots
Captacha is increasingly hard/annoying for humans, and a fun changeling (but becoming a bit too easy) for neural network designers

This isnt a system designed to stop people designing bots against your ONE forum (but nobody designs bots against individual forums). This is a system designed to stop bots that are built against 'many' forums.

---

(2011-06-14, 04:54 PM)Aristotle Wrote: [ -> ]Captcha gets rid of users who can't spell or read well at least.

I'm sure it does, it probably gets rid of many groups of people
"grammatically weak people" (much like myself )
"dyslexic people" (quite possibly myself )
"red-green colour blind people"
"people that are rushed" (often much like myself )
"people that are easily frustrated" (also often much like myself )

.. captcha is basically just not designed to be efficient and easy for humans (especially humans like me)
.. personally I would like all of these groups of people to join my forums if they contribute something useful

One line commenters that are just in it to get a signature link or spam a url pointing to their site, are the only users I want to not allow to join / post.


I just dont think there is a future in Captcha

I think the future is smart captcha's. Instead of letters, it would be like

Car, bike, hat, ball, etc.

(2011-06-14, 08:32 PM)Aristotle Wrote: [ -> ]I think the future is smart captcha's. Instead of letters, it would be like

Car, bike, hat, ball, etc.

http://www.webdesignbeach.com/beachbar/a...ery-plugin

(2011-06-14, 08:32 PM)Aristotle Wrote: [ -> ]I think the future is smart captcha's. Instead of letters, it would be like

Car, bike, hat, ball, etc.

funny you should say that, this is the sort of thing that drives some ANN designers... its actually what ANN are great at: "recognition"

Comparing a car, bike, hat, ball, elephant is relatively simple and not really a challenge for the future. I do like this concept though...

I once saw a spinning captcha that only revealed parts of the full word, but was very quick, and to a human the whole word was quite easy to figure out (easy for humans, hard for bots... this is a good rule of thumb)

That being said, words/images/movies/sounds can all be "recognised" with an Artificial Neural Networks and some of these NN have been written in javascript making it extremely easy for people to copy / re-adopt

captach is not the way forward, but making it easy for users to customise the registration page and place their own REQUIRED user input fields would certainly help to make it harder to code forum bots against

I plan on making this plugin. I don't plan on releasing it. The answer is ununiformity, everyone using something different.

Most bots nowadays aren't actually bots as per say, they're people paid to spam sites. In essence, you're still dealing with humans.

Paid posters (the ones that try to spam forums with links) are something different... these are often put off when they realise you cant have a signature / post / profile link until you've posted x posts and been on the board for x weeks... These types of spammers are quite easy to get rid of.

When you say "most", I think it must really depend on your forum. I had gigs going out on a monthly basis to automated bots (this wasn't a MyBB forum, but I can see this happening with my new MyBB forum)

The first 50 or so users on my new MyBB forum were all automated bots (not paid posters / link spammers), and I haven't even started it... let alone promoted it

(btw, I dont mean that all paid posters are spammers, some are quite good, I might even hire some form my own forum)