2011-06-14, 11:20 AM
I've only really just started to customize my forum, but I've noticed that the captcha does hardly anything to prevent forum bots.
A simple Neural Network can learn image recognition of the most complex captcha...
The harder we make the captcha image, the harder and more frustrating it is for real users to join.
I'm not in favor of captcha (since it seems to do nothing / very little to stop bots) and every thing to stop real humans from registering. However, I am in favor of intelligent custom registration, that is very quick and simple to use for humans but hard to code against for spam bots.
One of the things I've done is a simple registration customization. All the user has to do it un-tick a box (an "I am a bot" box), there is also a hidden box with the same question.
-If the user manages to change the value of the hidden box, then they are very likely to be a bot => don’t register
-If the user forgets to change the value of the displayed tick box then they are they have either made a mistake, or are also bots.
Customization works much better than captcha. If everyone uses the same mechanism, then eventually it we be worth designing bots to beat these mechanism. Individual customizations (rather than common plugins or captcha) is the only way to go to prevent bots from registering
- I could make this more complex for bots buy having lots of different hidden boxes, some ticked some not. If this hidden box is change the user must be a BOT. I could also use lots of hiding methods (display: none, lower z-index value than the page, hidden type.. etc), by having lots of boxes that shouldn't be changed, it makes it very hard for the bot to figure out which box it needs to untick.. the combination go up by a power of 2 for each tick box.... at the same time making it very simple for humans to untick the non-hidden box
A simple Neural Network can learn image recognition of the most complex captcha...
The harder we make the captcha image, the harder and more frustrating it is for real users to join.
I'm not in favor of captcha (since it seems to do nothing / very little to stop bots) and every thing to stop real humans from registering. However, I am in favor of intelligent custom registration, that is very quick and simple to use for humans but hard to code against for spam bots.
One of the things I've done is a simple registration customization. All the user has to do it un-tick a box (an "I am a bot" box), there is also a hidden box with the same question.
-If the user manages to change the value of the hidden box, then they are very likely to be a bot => don’t register
-If the user forgets to change the value of the displayed tick box then they are they have either made a mistake, or are also bots.
Customization works much better than captcha. If everyone uses the same mechanism, then eventually it we be worth designing bots to beat these mechanism. Individual customizations (rather than common plugins or captcha) is the only way to go to prevent bots from registering
- I could make this more complex for bots buy having lots of different hidden boxes, some ticked some not. If this hidden box is change the user must be a BOT. I could also use lots of hiding methods (display: none, lower z-index value than the page, hidden type.. etc), by having lots of boxes that shouldn't be changed, it makes it very hard for the bot to figure out which box it needs to untick.. the combination go up by a power of 2 for each tick box.... at the same time making it very simple for humans to untick the non-hidden box