Hey everyone,

Much as I love SMF, and think we should all worship it as the new messiah, you have to admit the anti spam measures are outdated, and it shows. Unmodded, SMF's captcha system is almost antique, for one.

...Well, okay, so antique might be a bit of a hyperbole, but even so, today I reported around half a dozen spam posts on simplemachines.org alone. That ain't a good advertisement for SMF folks

How feasible would it be to integrate reCAPTCHA into SMF, as seen here?

What I mean is, of course, having it as a default feature, as it already is in, say, vBulletin.

Personally, I don't exactly want to install mods just to keep my forum spam free; it makes sense to always have the latest CAPTCHA available as a default feature to prevent spam.
I quote Wikipedia:

QuoteCurrently, CAPTCHA creators recommend use of reCAPTCHA as the official implementation

So yeah. How feasible is this?

As far as i know for  reCAPTCHA you'll need a  key,so i don't think it'll be a default feature by SMF but there are another options to prevent spam like Anti-Spam questions,which is built-in feature by SMF 2.0 branch

...

Why didn't I think of that?

Either way, hm, well, I suppose it'd be possible still. In that case, you'd need an "Insert your key here" field for reCAPTCHA to be activated I guess.

And yeah, I know about them anti-spam questions; they work miracles. Still, my users ended up complaining about my anti spam questions, so yeah.

Oh well, thanks for the answer

Whatever Captcha measures are implemented in the core of software generally get defeated.
The more people using the same anti-spam measure the more profitable it is to develop spam-bots for it.
The best thing to do is make your forum unique by using different anti-spam measures to everyone else.

Popularity = profitability to develop spambots

With ever increasing accuracy/success bots are going after hotmail, gmail, recaptcha.

In essense its like defending a castle.  We've already lost the outside defences, so instead of trying to build them up again, we need to focus on inside to measures to restrict the damage. (not just smf, but the whole internet).

Eg prevent posting links until x posts
- remove the benefit for spammers (not passing pagerank, non-active links)
- auto detect possible spam and remove it
- not showing posts until after approval
- using 3rd party bot detectors so once they've signed up on one, it prevents signing up elsewhere.
- limiting profile access until can be trusted.

Hopefully this is something that we can address for the next iteration of smf after 2.0

QuoteWhatever Captcha measures are implemented in the core of software generally get defeated.

Admittedly, yes. And there are already bots capable of passing a reCAPTCHA. Even so, using an outdated captcha system won't help any more than one that is currently slowly being defeated. Following your castle analogy though, using bow and arrows because the enemy has defenses against both catapults and arrows won't help much. Captcha's are made to be used and defeated, until a new one is developed, after all.

As for those unique anti-spam measures, yes, I might get back to my annoying anti-spam questions ("Are you human? Please answer this question only by inputting a single dot." etc). Even so, I still think it'd be a good idea for SMF to use the latest CAPTCHA software.

You guys' call though

Historically, SMF has avoided using external services in the core product. There are many installations of SMF that are used for intranet purposes with no external connectivity (for security reasons). Adding a dependency on an external service to the core of SMF could have a large negative impact on SMF's range of uses.

Now, this avoidance might change in the future, but i don't see it as something that will be changing very soon. There are currently plenty of add-ons to bring these dependencies to SMF if you wish to rely on them.

Fair enough.


Thanks for the answer