Current SMF Verification feature takes ages?

Started by sirtbhopal, October 16, 2017, 03:10:50 AM

Previous topic - Next topic

sirtbhopal

Experts..... Can't SMF use any other verification feature instead of the current ones.

It takes ages to get the post reply verified plus sometimes it gets to annoying....

The text based verification is also good option to have.....

Please comment....

Looking

You can choose different options, it all depends on what you want. One good verification question can be better than 5 others.

Shambles


Steve

Other methods are being discussed but for now it will remain what it is to prevent spamming and unproductive posts.
DO NOT pm me for support!

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Just Another Member

I actually joined a file download site just because the damned new Google "find all the cars" etc. method is so damned annoying. I wish Google would get with it and find another method.

Part of my problem is many of the images are ambiguous (like find the boats) and also I'm partially color blind and have difficulties seeing some of the images.

One time I had to just give up because I couldn't prove I'm a human. :(

Arantor

That system that you're talking about is actually used to improve the data on Google Maps by being able to identify the things Google isn't so sure about with its machine learning.

Just Another Member

Arantor, that is quite interesting. I'd like to hear more if you want to type more.

What would be strange/exciting is if the whole system is heuristic! In other words, let it train itself! :)

I found it odd that sometimes street names on signs were obviously obliterated.

Heck, it makes no nevermind to me now. I was just trying to get over the 10 post hump and become a full member so I could post meaty topics instead of posting la ti dah replies to gain 10 posts.

I'm sorry about that but you create an obstacle course of hoops for new members to jump through, a grrl like me just does the dog training trick until she gets her way.

Now that I'm a general member I sympathize with others but just in an academic way now. I made the grade. Suzy always makes the cut.

Arantor

Well, the original reCAPTCHA when Carnegie Mellon University set it up was for crowd-sourced reading of old books. You'd have two words, one it knew, one it didn't and expect you to type both - the idea being that collectively it would take the most common answer as the 'correct' word.

The last iteration would show you a street number and ask you to translate it. Partly so that you couldn't easily do things like OCR on it and partly to provide some backing for Google's neural network stuff.

This iteration is reliant more on images that are sourced out of Street View and I wouldn't be surprised if this were training for self-driving car materials.

The risk with self-training networks is that once a flaw is introduced, it is compounded (a neural network variation of the butterfly effect)

Just Another Member

I wrote the best CAPTCHA I know of. It was for my buddy's vB forum and it relies on mouse usage which itself is a big impediment against 'bots using scripted attacks, and it also relied on color perception. It used an image map and depended on clicking the right colors. It worked well on vB although I never translated it into an SMF mod package. He used it to cover file download URLs and prevent them from being robo-searched.

Even if I translated into my site how much trouble would spammers go to for just two sites?

That's the flaw with Google anything. Too many people using it, too attractive to not crack.

I would like to hook up with mod authors or teams on your site who are selling mods. I have a lot of good ideas and working code for mods you never thought of (or dreamed of) but I don't want to be an SMF mod author.

Arantor

I'm glad to know that it would block me from your site too. And it would block a number of people I know who don't use a mouse, it would likely block people who use mobile devices depending on how you implemented it, and it would block people using text readers because of disabilities.

And if you base it on colour perception, you risk alienating a further percentage of people who are colour blind.

Just Another Member

Quote from: Kindred on December 23, 2017, 07:56:24 PM
Except that you clearly did not read all of his posts as he has tried to do both of those, based on our suggestion to do the same thing....   I know that you were trying to get your post count up, but please read the entire thread before posting like this.

Please make it less difficult for non-spammers to join your forum. You reward posts like mine.

Just Another Member

 Yep you got me just right. Guilty! No mouse and you are out of here. No color perception and you are out of here. I think mobile devices would handle it though. But, how many mobile devices have places to store files?  None I know of. I am on an iPad right now and if I were to try to download a file I have no idea where it would go.  I hope it wouldn't go up my skirt, LOL! ;)

That Google thing is just nasty! I'm glad I was on the laptop when I tried to pass that one, and I failed dozens and dozens of times before I finally made it through 10 posts.

Well never mind, I made 10 posts so now I don't have to worry about it anymore!

Aleksi "Lex" Kilpinen

Pretty much any mobile device not starting with an i will have dedicated storage space for files.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Arantor

There are browsers on iPhone/iPad that can download files just fine - just not Safari. Though even then it depends on the file: pictures, PDFs etc. can be downloaded.

But it's also a reminder that that there are always caveats to any solution.

Arantor

#15
Quote from: Susan Addams on December 23, 2017, 09:54:18 PM
Please make it less difficult for non-spammers to join your forum. You reward posts like mine.

I don't think you realise how big the spam problem is here.

Just Another Member

It's also a reminder that there are probably never any solutions that work in all situations all the time.

There remains the fact that the fewer sites that use any CAPTCHA the less reason hackers have to crack it because the payoff is not worth it.

The site my CAPTCHA went into is the second largest adult site on the Internet. The user base is almost 100% desktops. The owner of the site is my mentor. He has given me countless step-by-step instructions on setting up servers, convinced me nginx is better than Apache, helped me through every difficulty I've encountered. I wrote the CAPTCHA code for him just to return the favor, yet when we got it working he sent me $100 in BTC just as a tip! I never expected anything except to return the favors he had given me.

You surely understand that Google is designed to work in many, most or all environments. My CAPTCHA was designed for a specific audience, a specific user base, and it works so well that he is still using it years later to protect his file host info from being skimmed. In the end it met its goal: it works.

I' don't know how mobile friendly your site is. It was difficult to use from my iPad but not impossible, particularly considering I was voicing my posts, not typing them. And it was helpful that I could "unpinch" to expand screen areas and see more closely what I was doing.

I don't generally get on forums from bed, I usually use that quality time for shopping at Amazon, LOL! :)

But still, site was usable from my iPad. I love iPads so much I have two of them, both sizes. I was on my mini 4 last night. It worked. That's all that counts. It got the job done, your site got the job done.

Just Another Member

Quote from: Arantor on December 24, 2017, 04:51:30 AM
I don't think you realise how big the spam problem is here.
Take another think. I do realize, yet you won't give me credit for realizing it.

Just also give me credit that I had the determination to convince you I am not a spammer, and I had to jump through the hoops you designed to prove it. Yes I made a bunch of low quality posts. I admit it. I just wanted to break the 10 post barrier that was preventing me from accessing full functionality on the forum.

Now that I have it my future posts will be higher quality. It will be up to your opinion to decide if I deliver.

But please don't blame me for the low quality posts I had to put up to make it through the hoops and prove I'm not a spammer.


Hey, I wrote a mod that allows me to ban entire countries! :) I can't help if some country sends me more spammers than members. I think for 5 countries everything on my server is just a black hole for them, no response, just a connection that shuts down when their browser reaches its limit. That's what I do with countries with high spammer to quality member ratios.

Arantor

Even with the multiple measures that are here, there are new spammers literally every day. I've seen cases where a single spammer has gotten through and made 50 posts before anyone banned them.

And that's nothing to do with the 10 posts for the profile.

You'll also note that we can't just black-hole countries the way you do, nor really follow any of the methods that might work for you.

Just Another Member

No, you can't do a lot of things I do, hehe! ;) For one, I doubt you would look good in makeup! :P

I have a specialty forum that caters to mostly English speakers. When I get a bunch of spam from say Ukraine or Moldova, I see I have no members from there, so buh bye.

I understand SMF is multi-lingual, and by the way I complement the way you handled it with the $txt[] system. I learned a lot of code tricks writing mods for my own site. (I work part time as an IT contractor writing corporate apps.) Now all my PHP content delivery systems have the $context[] array.

You have nothing to worry about me. Follow me if you wish and see. I'll admit I was steaming a bit after having to run the gamut but I always cool off the next day, and everybody in my book always gets a new chance even if it's their 5th or 9th time they annoyed me. You just poison yourself by taking yesterday's hate or problems or hard feelings into today.

Sir Osis of Liver

#20
It's actually not that difficult to block spammers completely if you have basic coding skills.  Just develop your own verification gimmick, doesn't have to be too elaborate as long as it's unique.  Bots will not recognize it, and spammers won't bother trying to beat it if it's a one-off.  I never get spammers on my forums, or the few client forums I've installed it on, and I've been using it for years. 
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Just Another Member

Quote from: Sir Osis of Liver on December 24, 2017, 03:30:03 PM
It's actually not that difficult to block spammers completely if you have basic coding skills.  Just develop your own verification gimmick, doesn't have to be too elaborate as long as it's unique.  Bots will not recognize it, and spammers won't bother trying to beat it if it's a one-off.  I never get spammers on my forums, or the few client forums I've installed it on, and I've been using it for years.
Same here. Just start out with the standard verification questions. Get 20, 30, 40 questions and then use them maybe 3-4 at a time, random. It takes a bot master weeks to figure it out, and then you just change all the questions slightly and they are back to square one. I do that every several months and it keeps the botnets off me. Plus I have good staff one who which watches the botnet attack building, and then I change all the answers and kick off the bots.

They do that, they'll mine you and set up a few dozen bots with accounts, ready to hit you. Then I LMAO and delete all the accounts I've already singled out and change the verification questions. I really appreciate a good staff! It leaves me free to work on forum development and make the call on difficult member problems.

And funny thing. Most of the time all those botnet attacks come from one country! When some country starts getting too big for their britches I just ban the whole country unless any of my membership comes from there. Which hasn't happened yet.

Sir Osis of Liver

I cobbled together some odd bits that were leftover from another project, made a keypad verification gimmick (you can try it here).  Once in a while, when I'm sufficiently bored, I drag out the code and tinker with it some more.  There are 10 numbered versions, and many more in between.  Good thing about it it's 100% effective against bots; bad thing is I can no longer remember exactly how it works (getting old).  Someone who knows how could probably beat it fairly easily, but no one's bothered so far, and the earliest files I have for this are dated 2011.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

I wrote a CAPTCHA, released it here... it's since been beaten by bots :(

Sir Osis of Liver

I've seen it, it's a different captcha, but still captcha, and it's running on enough forums to attract attention.  If every forum ran a unique verification method, bots would be screwed.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Just Another Member

Quote from: Arantor on December 24, 2017, 05:22:44 PM
I wrote a CAPTCHA, released it here... it's since been beaten by bots :(
Ohhhh... Poor baby! I'm sorry the bots infested your site.

Write your own CAPTCHA and don't share and you'll be good to go hun! :)

Just Another Member

Quote from: Sir Osis of Liver on December 24, 2017, 05:26:31 PM
I've seen it, it's a different captcha, but still captcha, and it's running on enough forums to attract attention.  If every forum ran a unique verification method, bots would be screwed.
Exactamentey what I said.

Arantor

I also wrote the support for multiple language Q&A in SMF so... problem solved ;)

Just Another Member

Quote from: Arantor on December 25, 2017, 04:38:50 PM
I also wrote the support for multiple language Q&A in SMF so... problem solved ;)
Is the anti-spam verification questions I use? I think it comes right with the standard SMF code, as many questions as you want to add, then pick how many at random you want to verify registration.

If so I have made quite successful use of that feature and found it very effective in preventing spammers from joining, particularly if you have an English language forum and they spammer has poor English.

I think what would be highly amusing would be to take my "ban a country" mod package and combine it with a multi-question verification system, but use my banned country feature to keep giving the spammers fake grading and tell them they failed when they actually passed. You know, really mess with their minds! LOLOL! :D

Of course spending any time on this other than getting rid of spammers would be a waste of time that could be more productively used elsewhere. That is why I generally just hang up on telemarketing calls instead of venting on them. Come to think of it, telemarketers and spammers must be almost the same species.

I am lucky that the nature of my forum allows me the luxury to ban entire countries. At the other end of the spectrum that would be totally unacceptable at SimpleMachines.

Arantor

I meant the upgraded version in 2.1 (which is also available as a mod for 2.0) where you can set different questions per language, and also set multiple correct answers per question. I didn't write the original 2.0 version.

But yeah, I also did my own CAPTCHA, which I think got to be popular enough that it got broken, as well as a few more not-so-obvious measures that definitely seem to help (some of which are bundled in SMF 2.1)

The anti spam arms race has been very interesting for the last decade. I particularly enjoyed the people who broke Google reCAPTCHA by using Google image search for the images displayed and feeding some of it into one of the AI vendors (DeepMind IIRC, which might even be Google owned) to be able to beat reCAPTCHA. But against people who will pay $2 for 1000 solved CAPTCHAs, it's hard to go against that.

Gwenwyfar

#30
I made use of the multi QA questions to add images (not searchable and highly stylized drawings), and asked something about the image. And they still fell down once in a while to human spammers (or paid ones). No anti-spam can beat real humans at the end of the day :P

Never had any trouble with spambots though, nor mass-spamming. They did seem to run some tests with the spam accounts occasionally, possibly to test their bots for use elsewhere, trying to post something relevant to the topic (but was still gibberish and nonsense most of the time). One of the members had a job running bot scripts (for multiple purposes, some analytical), and when he put one to work on the forum, it was the most useful "member" in some topics. Funny to watch, troublesome to moderate.
"It is impossible to communicate with one that does not wish to communicate"

Just Another Member

Quote from: Arantor on December 27, 2017, 09:25:37 AM
I meant the upgraded version in 2.1 (which is also available as a mod for 2.0) where you can set different questions per language, and also set multiple correct answers per question. I didn't write the original 2.0 version.

But yeah, I also did my own CAPTCHA, which I think got to be popular enough that it got broken, as well as a few more not-so-obvious measures that definitely seem to help (some of which are bundled in SMF 2.1)

The anti spam arms race has been very interesting for the last decade. I particularly enjoyed the people who broke Google reCAPTCHA by using Google image search for the images displayed and feeding some of it into one of the AI vendors (DeepMind IIRC, which might even be Google owned) to be able to beat reCAPTCHA. But against people who will pay $2 for 1000 solved CAPTCHAs, it's hard to go against that.
Yeah, that is definitely a good feature/mod for multilingual forums. I too have been interested in the arms race because of a few spammer swarms I've fought off, and also my own CAPTCHA which is still in use to prevent harvesting of file download links on just one forum. For that reason it's not worth cracking.

That's an interesting story about the cracking of reCAPTCHA. I can tell you for sure I really dislike being on the receiving end of the new one. I get frustrated when I've used up all my attempts and I AM HUMAN. At times it can be too hard for me to convince a website I'm not a bot.

And like you said, spammers can always buy cheap cattle to post spam. That characterizes the countries I have banned, the combination of poverty and cheap labor, which is also why there are few people from those countries who utilize my forum.

Just Another Member

Quote from: Gwenwyfar on December 27, 2017, 09:48:29 AM
I made use of the multi QA questions to add images (not searchable and highly stylized drawings), and asked something about the image. And they still fell down once in a while to human spammers (or paid ones). No anti-spam can beat real humans at the end of the day :P

Probably paid spammers unless you have a very popular site. My forum had an Alexa of about 70,000 which isn't all that much but was still attractive enough to try to spam me.

Quote from: Gwenwyfar on December 27, 2017, 09:48:29 AM
Never had any trouble with spambots though, nor mass-spamming. They did seem to run some tests with the spam accounts occasionally, possibly to test their bots for use elsewhere, trying to post something relevant to the topic (but was still gibberish and nonsense most of the time). One of the members had a job running bot scripts (for multiple purposes, some analytical), and when he put one to work on the forum, it was the most useful "member" in some topics. Funny to watch, troublesome to moderate.
All I know is a couple times I had somebody packing my member lists with bots and I figured they were getting ready for an onslaught. Like a long campaign where they just switch accounts when I ban one. My sharp Admin spotted the activity and I did the extermination job.

Advertisement: