reCAPTCHA was cracked months ago (story) - it's basically useless now as anyone who runs a forum with reCAPTCHA on registration will tell you. Google's best attempt at fixing it seems to be just to distort the images beyond a human-readable point. In light of said story, is it really necessary to require reCAPTCHA on new topic creations?
Yeah it still needed. While reCAPTCHA has been cracked, it doesn't mean it's crackable by anyone (I know *I* couldn't... not that I've tried). If that were the case, you wouldn't be asking this question I assume since you could just automatically crack it yourself too. That being said, we have been looking at various other options. Key Captcha looks fairly interesting... rather than distorted letters, you assemble a simple picture... https://www.keycaptcha.com/demo-free/
My coding skills don't really extend beyond html, css and jQuery so I wouldn't even know where to start lol. I just know that spam registrations on forums with recaptcha are WAY up in the last few months. The best solution (at least in the phpBB community) seems to be implementation of Q&A Captcha. That looks pretty neat, if not a bit of fun too. Similar to the WDB Fancy Captcha in many ways. As I said Q&A Captcha might be worth investigating too. "Spell DigitalPoint backwards" or "If I had 10 apples and took 3 away, how many are left?" etc..
The problem with Q&A captchas is that you have a finite number of questions... which means a spammer can simply answer all the questions once, and then they can just reference their little answer database. The problem with WDB Fancy Captcha, is you ultimately have a 20% chance of getting it right by randomly guessing... when it comes down to the core of it, it's a multiple choice question with 5 presented answers to choose from. Making it slick with the dragging of the picture to the target really doesn't chance the fact that at the core it's still a multiple choice question with 5 possible answers.
Sure. I think the idea though is to make it unguessable by bots. Bots are pretty smart, which is why the likes of "What is 1+1? are you human? What colour is this website?" are so easily guessed. At least by requiring a human level of interaction means the spam is reduced down to human-only registrations. Then when the idle account login credentials get fed back to the bot database, when it comes crawling to post spam it gets stumped by the Q&A. Seems to work wonders for my crappy little blog / support forum - perhaps it's not solid enough for a site this size though. When I put this particular captcha forward, I wasn't (and still am not) fully versed in the range of technologies bots have at their disposal (drag & drop etc). Perhaps a better solution to the original problem is to simply 'not' show any captcha to logged in users above x approved posts when creating a topic?
Several years ago Google was experimenting with a rotating image for captcha. Humans could tell when the image was upright, but bots had a very difficult time. I don't know if they implemented it. If you could simply hold down a key to rotate an image and stop when it was upright, it seems like that would be an easy method for captcha. But the bots keep getting "smarter" and some systems that generate enough traffic can simply pay someone to look at and break the captcha. It's the old battle between the forces of good and evil...
I went ahead and switched to Key Captcha (I already had it installed since I was testing it prior)... we'll see how it does.
Key Captcha looks cool and might keep the morons busy for a while. Unfortunately, as a lot of the idiots believe digitalpoint is "dofollow" and signature links are visible when logged out, they will keep at it. Just went into the Google section to read some posts and maybe make some of my own. Instead, you've got a nice pile of spam reports from me. (Really, why do I keep looking in that spamfest section?)
That is exactly the problem... the fact that the users spewing out crap/low quality posts are actually not that intelligent when it comes down to it. I'm certainly open to ideas on how to educate them... I just haven't come up with something realistic yet. I thought about maybe adding a quiz you need to take upon registration about nofollow links and as part of that, make it clear all links here are nofollow. The problem with that is there is a high percentage of the good users have no clue what nofollow/dofollow means (people aren't all here because they know anything about webmastering or SEO). Thankfully, a *very* high percentage of low quality posts come from certain geographical regions of the world. So we have been able to build some stuff that keys on that fact (the new stuff isn't rolled out yet, but coming soon).
Yes, you're right. Anyway, I always have fun when a spammer realises that their signature junk isn't visible when logged on. Not that many would read it, but perhaps a note (and check box "I understand") that "signatures are not visible when logged out" for when editing the signature? I can't see this being a problem for non-SEO/webmaster visitors. How this person managed with Key Captcha I have no idea. Is there a baby level setting? http://forums.digitalpoint.com/showthread.php?t=2613370
I almost think anyone that starts a post as, "please suggest me" or "hello dears" should just be automatically banned. Of course, in the case above, they can't even spell "please" right, so their stupidity would have saved them.
Do you guys test key captca on android? I can't open new thread using my galaxy tab because key captcha
Do you have some sort of really old Android? I tested it on iPhone, iPad and Android and it worked fine for me.
Hello Kiosukia, Sure, KeyCAPTCHA works on android based devices. We have thousands correct solutions from Galaxy tab per day. Could you please specify the following: 1. Full name and version of your browser. 2. Full version of your android. 3. Full name of your device. Best regards, KeyCAPTCHA Team
Sorry guys,i think my slow internet connection cause this issue (<128 kbps). Well done key captcha. Happy New Year
Can I just say that I find the new keycaptcha system to be very frustrating. My time is precious. I dislike having to spend it solving fiddly children's puzzles just so I can post a new thread. What's wrong with the captchas where you have to enter difficult to read numbers and/or letters?
Recaptcha is easier to break programmatically (the previous one). But I'd also say Key Captcha (the new one) is faster to solve for a human... often Recaptcha gives you stuff you can't even read.