How to use only custom verification Question without CAPCHA image.?

Started by danster, December 21, 2014, 01:38:56 PM

Previous topic - Next topic

danster

When register new member how to use only our custom verification questions without CAPCHA images
i mean how to disable CAPCHA and onlu enable custom security verification questions on registration form..?


Burke ♞ Knight

There's a drop-down for Visual verification image to display that has NONE at the top in,
Administration Center » Security and Moderation » Anti-Spam

Although, it is NOT recommended to disable it.

danster

Thank you for quick respond yes i think it's less security if it's unable..

Thank you...

Kindred

Bk?

Why is it not recommended to disable it? Captcha is utterly useless as an antispam measure, at this point. I have had it disabled on 6 sites for the past two years...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

It may get bypassed by most, but not by all.
It's still a good idea to have more than just the questions, is more what I was meaning.

Arantor

Indeed but at this point, the CAPTCHA image is not something worth having in addition to the questions.

Burke ♞ Knight

Then, if that is the case, has it been effectively removed or replaced in 2.1?
If it's that useless, may as well.

Arantor

The answer to your question is no, but I CBA to explain the reason because you'd find ways to disagree with me.

Burke ♞ Knight

Trust me, I know some of the reasons... However, they just point to the point I'm trying to make.

If the CAPTCHA system SMF has now, is totally useless, then it really needs to be removed, or changed.
reCAPTCHA is at least working better, why not change to that, since anyone can get keys to enter into the settings.

Arantor

If you knew the reasons, you would not make any of the points you have just made. But since you don't appear to understand, let me explain.

1. There is a strict policy against third party dependencies in the core. This rules out reCAPTCHA.
2. Having zero protection out of the box is a bad idea. This rules out reCAPTCHA and questions.
3. There needs, then, to be some kind of CAPTCHA in the core that does *something* because having no line of defence is worse than a bad line of defence and there are bots that can't break the one we have.

So unless someone implements a better image CAPTCHA (and this is far from impossible as anyone who looks at my mod list can attest), the one that is there should remain.

Burke ♞ Knight

Quote from: Arantor on December 21, 2014, 03:58:55 PM
3. There needs, then, to be some kind of CAPTCHA in the core that does *something* because having no line of defence is worse than a bad line of defence and there are bots that can't break the one we have.


And this is why I said it is not recommended for the OP to disable it.
Yet, the project manager went and said otherwise, which is why this whole thing went to where it is now.

I do agree with Kindred's point, though, that the basic CAPTCHA is virtually useless, but it, like you said, is better than nothing. :)

Okay, if not able to use 3rd party, and if you were able to make a better one, then I see no reason why the Dev team can't.
So I have a hope that 2.1 may introduce a new version of it in the future. :)

Arantor

-sigh-

It is recommended to disable it if you have something better. It is not recommended if you don't have *anything*.

I would be extremely surprised to see it added to 2.1 because beta implies feature complete but buggy.

Also, making a CAPTCHA from scratch that isn't entirely useless is surprisingly difficult. Mine took weeks of research and experimentation and balancing - and it's far from perfect.

Burke ♞ Knight

Well, the OP never mentioned replacing it with anything other than the questions, so I took it to mean there was nothing at this time.

And as for the other two points, true, and I thought it would be a pain, but it is something that should be talked about, as the current one does need replacing. Either that, or someone get a reCAPTCHA mod out soon, as well as yours for 2.1 when you can. :)

Arantor

Since you're so damned pushy about this, why don't *you* invest some time in the matter instead of volunteering our time on it?

Kindred

Questions alone can handle the majority of the spambots, assuming you change them regularly and use good questions.

I have also added stop spammer (SFS) and bad behavior + httpBL and, with the exception of the recent question database updates which allows spambots to answer questions which had been in place for a while, I have had zero spammers get through...   And I use no form of captcha at all.

However, as Arantor alreayd pointed out... Using reCAPTCHA in the core would violate SMF's policy about requiring third party systems.  Our only exception to that is PayPal.. And even that causes regular trouble when PayPal changes their API
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

If I knew how to code like that, I would.

My point of all this, to begin with, was that I will ALWAYS say it is not recommended to disable the CAPTCHA, unless the poster states it's being replaced.

As for replacing it in SMF, I wish I could code that, and you do not realize how freaking lucky you are, to be able to code like you are. Some of us, only wish we could do a fraction of what you can do. If I think something needs to be done, I'll state my mind about it. I'm not saying that people have to drop things to do it, I just feel that they need to be dealt with, when they can.

Arantor

QuoteSome of us, only wish we could do a fraction of what you can do.

Let me explain something to you. I started writing PHP in 2003. Before I did PHP, I was writing Classic ASP with VBScript, before that Visual Basic itself, before that... my point is, there is no LUCK here. I am at the point I am at because I worked damned hard to get here and put a not inconsiderable amount of my life into this programming malarky.

If you do something for over a DECADE, you *should* be good at it, right? What if you've been doing it for two decades?

Kindred

Exactly...   Skills are learned, not inherent.

Mastery takes a minimum of 10,000 hours of practice.
Some folks may have some amount of natural talent... But even that will never lead to mastery, without practice.
But anyone can master any skill with that practice, you just have to be willing to put in the effort.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

Well, try as some want, there's some people that do have learning disabilities, that make it hard to to get there.
Take it from someone who's been there, done that.

Where all have I come, since I first started? And it's not lack of trying, it's lack of ability to grasp....

Deaks

danster did any of this help you? as you have not responded I have marked this as solved.
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

Advertisement: