[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.

I added a simple Math Captcha to registration.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.

As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s).  Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the user that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.

We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted.  "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.

This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available.  Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).

From: "Rick Moen" <rick@linuxmafia.com>
Subject: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
Date: Thu, 12 Sep 2019 01:06:42 -0700

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

o add some captcha or the like to raise the bar sufficiently on
  registration / sign-up

It usually ends up being a CAPTCHA implementation people add for this
purpose, because it's difficult to find a modest, _simple_ plug-in for
WordPress, only baroquely complex ones.  But a complete solution would
be anything that asks the user to answer a simple question that isn't
standard across everyone else's WordPress, like 'What is 4+5?' and
require a correct answer before the form submission gets processed.

Bruce Schnier on his blog ('Schneier on Security') has a simple hack
where you are asked to answer the question 'The title of this blog is
"Schneier on ________".  What is that word?'  (I paraphrase.)  Works
perfectly -- because it's not necessary to defeat custom attacks, just
comment-bots aimed at commodity software.

You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20190913081735.1882710zquoywu8f%40webmail.rawbw.com.