#1579 - CAPTCHA supplement: Per-site Q&A
-
By Chris Graham
- Added
- 10 views
| Identifier | #1579 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | CAPTCHA supplement: Per-site Q&A |
| Status | Completed |
| Tags |
Type: Spam (custom) |
| Handling member | Chris Graham |
| Addon | captcha |
| Description | In addition to the CAPTCHA, have per-site entered questions and answers. This means even if the CAPTCHA is broken, the hacker would need to work out the Q&A's for each individual site they were targeting.
Full write-up is on forum: http://ocportal.com/forum/topicview/misc/addons/addon_suggestions/registration-questions.htm?post_id=-2#first_unread Repeated below... |
| Steps to reproduce | |
| Additional information | I have a suggestion of an add-on (or perhaps part of the core product). Here it is, broken down into easy to digest parts.
1. Ability to set questions that must be answered during registration to regesture for an account on your Composr powered community 2. The questions have a set of answers that you set up before hand 3. The number of questions that you set up are up to you, could be as low as 1 4. The questions and answers should simple enough that real people would be able to easily figure them out based on the content of your site The idea here is simple, you have a question or two in your registration process that the prospective member must answer to register. If they are a real person, they could easily look through the forum for that answer. If they are a spambot, they will most likely put some stupid link or something in it, and thus not get registered! This is something that I've seen (and use) elsewhere that works great! I haven't had a single spam bot registration since - though they try daily! This is really important to me because while I love Composr (and miss using it dearly), I hate spambots and spending all day fighting them instead of enjoying my site. If Composr had such a tool to help make it harder for spambots to register, I'd be in heaven... and I bet other sites would benifit from this increased protection with the growing onslaught of spambots everywhere! |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
A field that was supposed to be an integer (for our purposes, a whole number between -2147483648 and 2147483647) was no
[title="2"]Per-site Q&A / Probation / Shadow-banning (advanced)[/title]
There is a developer addon, [tt]antispam_question[/tt], which checks the value of a custom profile field to see if it matches a pre-defined setting. If it does not, it puts the member in the Probation usergroup only.
You could then then configure your forum permissions so there is only a single forum these members see, that normal members don't. This effectively works as a shadow-ban. You can then move people out of Probation manually if you need to.
The developer addon hard-codes the CPF ID being checked against, and the expected value, and the ID of the usergroup to put failing members in (the default Probation usergroup). It would be fairly easy to customise with minimal coding skills.