Anti Spam measurement beyond captcha or email validation

  • App
    WoltLab Suite Forum

    I would VERY much like to see some form of anti spam measurement added into the core, beyond just any form of captcha; which is often easy for bots to pass through, yet hard for real people who want to join.

    Spam bots have become so good, at email validation they can do in their sleep... If they slept, which is a problem, they don't, but you and your staff do.

    I would like to check Stop Forum Spam (StopForumSpame.com) against known email addresses, since IP changes happen faster than new email addresses. Of course IP checks also be a valid option check, though I would like the option between one or both.

    Akismet (akismet.com) is also something I would like to see incorporated into the core registration. This has become the default in WordPress, but also many alternative addons.

    I stress this need because recently, the ONLY anti spam add on for Woltlab has been discontinued. This leaves a large void, but further stresses the point on why such an important feature should not be left to chance.

  • I've had WBB for six months and have daily probes by spam bots but not a single one has been able to get past a simple question to register. This isn't a problem with this software so far. With Joomla the spam bots were registering every day. The question at registration, rechaptcha and email validation are solid security so far.

  • Which is why they should put in the effort now to have these features in place. If they want WBB to take off, or if it does take off, it starts becoming the target of spammers.

    Part of the reason why these basic level anti-spam features work is that few spammers are programming bots to handle this software specifically. That will not be the case if WBB manages to find more success in the market.

    Right now, they can advertise some spam resistance due to newness, but later on that marketing point goes away as soon as they're big enough for spammers to notice.

  • The problem i see is, that you only can choose one or another. So either you use the reCaptcha or the Question/Answer system.


    Actually that's a big "flaw" in the system and I tried to get an answer if it would be possible to do both...
    Otherwise most of the users stick to recaptcha + the plugin of @Christopher Walz or @Markus Zhang

  • I've had WBB for six months and have daily probes by spam bots but not a single one has been able to get past a simple question to register. This isn't a problem with this software so far. With Joomla the spam bots were registering every day. The question at registration, rechaptcha and email validation are solid security so far.


    If your site welcomes ANY language, that is not a valid method.

  • Why? If your intelligent enough to be on a forum you should be intelligent enough to use google translate to answer a simple question.


    My use of the German language here should be proof enough that Google's translate is more than often inadequate. I wish it was more dependable, but regrettably it is not. So using a translation is not always going to yield the correct answer.

    Mein Verwendung der deutschen Sprache sollte hier Beweis genug, dass die Google-Übersetzen mehr als oft unzureichend ist sein. Ich wünschte, es war mehr zuverlässig, aber leider ist es nicht. Also mit einer Übersetzung wird nicht immer die richtige Antwort zu erhalten.


  • My use of the German language here should be proof enough that Google's translate is more than often inadequate. I wish it was more dependable, but regrettably it is not. So using a translation is not always going to yield the correct answer.

    My use of the German language should here proof enough that Google Translate is to be more and more insufficient.


    I just Copied and pasted your German into Google. While not a perfect translation anyone with enough intelligence will understand the translation to answer a "simple" question.


    "My use of the German language should here proof enough that Google Translate is to be more and more insufficient . I wish there was more reliable, but unfortunately it is not. So with a translation does not always get the right answer."

  • Make sure you don't ask questions like

    1) What is the meaning of it all?
    2) How many licks does it take to get to the center of a Tootsie roll pop?
    3)


    3 reason why that isn't good enough

    1) Without copying and pasting, please enter the following characters

    Д Я

    עִבְרִ

    2)  Please find the translation for the word uncensored in Ubru, for example.

    Answer: You cannot because there is no such word in that language. For some languages there are no word to replace them, so you cannot translate.

    The closest translation is: not censor

    There other languages that translate that word as simply, inappropriate (which would also be wrong). Of course this is only 1 example of many different words for many different languages.


    3) Most important -----

    You want registration the be EASY (very easy), this means LESS fields upon registration. Ideally the only field should be

    name
    email
    password
    date of birth

    The fewer fields, the easier to register and most importantly, the more willing someone is to complete registration.

  • Trying to organize chaos just creates chaos. I really think your fixing a non problem here.


    It is problem and I am offering a fix.

    Adding better anti spam measurements removes the chaos altogether. It does not add further chaos and rather simplifies the registration process.

    This is done by not depending on Q&A. With Stop Forum Spam or Akismet, you set it and forget it and you do not have to worry about it ever again.


  • Stopforumspam ist still in developing the IP6 validity.
    https://twitter.com/StopForumSpam/status/537910567986790401

    But they are working on it. That is actually the only reason why @SoftCreatR finished it yet.


    Yes, but it is currently not available, nor are any of his add ons at the moment (he removed them).

    For something this important, I think it should be added into the core. Because right now, there are people buying WBB with no option at all to such anti spam add ons.

    Of course, if this is added to the core, I support the idea of an option to enable or disable. I do not understand why some people wouldn't want this, but support the idea to turn it off for the few who would wish it.

  • Not even in WordPress Aksimet is activated by default.
    WBB4 also has a mechanism which is called Honeypot, which makes it way harder for Bots to register.

    I dont think that there are that many Bot Problems in here, so those mechanism are pretty fine ... for the moment.
    But i think that @Alexander Ebert or @Marcel Werk could tell us more.


    But Akismet is bundled with WordPress, but default. ;) So I'd like to see the same with Woltlab. If too can be left off by default, just like WordPress.

    The url of where you have your software matters. Woltlab.com may not be hit by spam hard, but my site is; as I would imagine so are others.

  • Akismet is part of SASS, which is in development.


    As well as Stop Forum Spam?

    I'm concerned... I do not know why you originally pulled all your addons. So this is something I would REALLY like to see in the core. OR at the very least, someone else develop an alternative ... So if one were to mysteriously vanish, the other would be around.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!