[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.

To: BerkeleyLUG <berkeleylug@googlegroups.com>
Subject: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
Date: Fri, 13 Sep 2019 08:17:35 -0700
Arc-authentication-results: i=2; gmr-mx.google.com; spf=neutral (google.com: 198.144.192.42 is neither permitted nor denied by best guess record for domain of michael.paoli@cal.berkeley.edu) smtp.mailfrom=Michael.Paoli@cal.berkeley.edu
Arc-authentication-results: i=1; gmr-mx.google.com; spf=neutral (google.com: 198.144.192.42 is neither permitted nor denied by best guess record for domain of michael.paoli@cal.berkeley.edu) smtp.mailfrom=Michael.Paoli@cal.berkeley.edu
Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:user-agent :content-disposition:mime-version:in-reply-to:references:subject:to :from:date:message-id:sender:dkim-signature; bh=ce48lyE8TRY+7B4Z6BJ0OjueJt4+BpGSFdG9eIWo6tI=; b=J/5yevJmJYXoikRT+QQKIA0wLci3WWg/NYkHgFIipcCS4qyl1P4W50BA/o1tiC2Itf NxgL+BXJBuf8TFSc+HrDjdkoRN9phYMi34BJA7uUfuPtjqBWtvlwOSV5mJaWmdZsKH/T 6UqbVbn7b3TKfyq5AlMMmEYenLTPnCUz0rOygfYUWBsB14CIsREiz640EO78d/wu4fFv NEJaKarmREWJCQ7DtiJGz1lDF8WVy048+CmTEA33sRLm1gRQYR0sU3jrnvMMHdc2FcE4 8AzCxelGX5WQidHlWjTsm34Cwnph1p517rJv7rhI/J+oTEKxcl72SRjqWPZAR2dCCRSl 7FOA==
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:content-transfer-encoding:content-disposition :mime-version:in-reply-to:references:subject:to:from:date:message-id; bh=nnKiKQfzTTEemNDJNQflZGbNF4fnv0OfUlZMKKtEOA0=; b=oCGVikLleSsL1ma59dEboXcP4gR2+DKk6+UGS8gguGZQYh0oKVhRi0+Yyo5ieL4RkB /Ve3huCK2wq93e82l600Pvrjpmy/BkNxptcg04fF8p+ZJt5HbuCCYX1+ox0qDYPwWQVD FtpnmeiEK1Ji4VnJan3JecU1Vtnw42JdgB07e6Rkdmqf046JKbVNt5/7YANQGvpbhgjw a3plTxkAFvOi5/pwiialHBVmtEW58jNI58QGbbbkVB02PmV7LbjMnwjhtWxoI2zvJ3GT MOcAB7DZGkX6Vte6cIBMnzGIELCsGcRm5OLp08r77ztA5rgajEaSWwgFZ81lij0O9gDt nW7A==
Arc-seal: i=2; a=rsa-sha256; t=1568387857; cv=pass; d=google.com; s=arc-20160816; b=ZQpahQpLDsqmyXlo6Y9VWYNuNgrcUHY0qauG9+2997mwOKglb8dJfWb4iI5zK1oSeq T4gtaqyp8ufTHx8n8JPcP2xz+4aX8pYvftnYOLNyb7biGM8A2knIRFFwW/D7i70Bgqrs TvuPzLbe/BfSLi84QVFZmQUuzZuu3UzoJYQ7QAuc4qIrlyt/FAhT1IxN+owEsX12ll4s 2a6vf/jIB5rYhRGtxQf2cl3a2HsFt0Dvmud32GAb23gvU6maCGncJid5BG6elEpl0R2u XSi2lBl04e+BLs6NyVfCn3rq4QG3e/2ZZWLEJfUQesmnii51CbS0Pirkh8UFSANkLzFo qalw==
Arc-seal: i=1; a=rsa-sha256; t=1568387856; cv=none; d=google.com; s=arc-20160816; b=k38bmmwFsHfh2Ck6rmgb4Arj6v/cabgd6UqW337jcImMLvLApw4usy0QkzgN+5IfgS LWpp8eNjTcqni0CE/mmmkKrVG4txZuQcTrF8/qntHIGchaYhAH3Ypqy5n5CSLIpKIraW LVqPnkeKUNius7vJe4DSbapKeG1F7KEMiGN8Tpkx8VVP0Zrcrged/Ed/+8RRix/VBscd H3H6lFPKBPKo7v9cwm1y9NlCOcHS1Be2tcDE4ePH5ctOqrBSvCNzYkMzT4lpuCUkH3jy XJLeTgwBe/msPMGCLMpa8F095iDNlQHpLcNYo1I4UAALSVi9q0bC0bVZzzpSxxIRmWMu sYYw==
Delivered-to: historian@entropia.netisland.net
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:message-id:date:from:to:subject:references:in-reply-to :mime-version:content-disposition:user-agent:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe; bh=ce48lyE8TRY+7B4Z6BJ0OjueJt4+BpGSFdG9eIWo6tI=; b=XWVRxJ55El0TUw5doRKPEHb0qndrX1yyHOC+HU5fqHJKiPHsI3fMX55GRCgDhsvcgt Vhf/g0WzgWVJ7ZUg5ZZXDKuUIobR2WQOgb/mH5iIGrfk/ogfGU1xCGkzMEV087d7MLjS stYh9khNGdgryev3GMHGteRQ41Lhz1t69f/eqi8hpdpwLH0pJ1wjm427JzzhhVX3BH2Y K7UYRQCcO74htatPYli+cmewRnauKyHXghn+7tOxUKfntAFDc2JxCS0UP77fB2eWM61g Zrx+UCNxfs+WGm+85z06HjjjScPLv45Id95EcAV3Jhg9mYQH1UySIunJuCzb3Uj+FKgZ aDCg==
In-reply-to: <20190912080641.GU6980@linuxmafia.com>
List-archive: <https://groups.google.com/group/berkeleylu>
List-help: <https://groups.google.com/support/>, <mailto:berkeleylug+help@googlegroups.com>
List-id: <berkeleylug.googlegroups.com>
List-post: <https://groups.google.com/group/berkeleylug/post>, <mailto:berkeleylug@googlegroups.com>
List-subscribe: <https://groups.google.com/group/berkeleylug/subscribe>, <mailto:berkeleylug+subscribe@googlegroups.com>
List-unsubscribe: <mailto:googlegroups-manage+61884646931+unsubscribe@googlegroups.com>, <https://groups.google.com/group/berkeleylug/subscribe>
Mailing-list: list berkeleylug@googlegroups.com; contact berkeleylug+owners@googlegroups.com
References: <20190828065407.10407kf5hvlhjrk8@webmail.rawbw.com> <20190830072521.21241miuqsibqbwg@webmail.rawbw.com> <20190902183537.78777xjklubwg6zk@webmail.rawbw.com> <20190911221004.11961o2kox7xbvwk@webmail.rawbw.com> <20190912080641.GU6980@linuxmafia.com>
Reply-to: berkeleylug@googlegroups.com
Sender: berkeleylug@googlegroups.com
User-agent: Internet Messaging Program (IMP) H3 (4.2.1-RC1)

I added a simple Math Captcha to registration.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.

As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s).  Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the user that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.

We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted.  "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.

This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available.  Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).

From: "Rick Moen" <rick@linuxmafia.com>
Subject: Re: BerkeleyLUG site anti-spam enabled, comments &registration / sign-up opened up.
Date: Thu, 12 Sep 2019 01:06:42 -0700

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

o add some captcha or the like to raise the bar sufficiently on
  registration / sign-up


It usually ends up being a CAPTCHA implementation people add for this
purpose, because it's difficult to find a modest, _simple_ plug-in for
WordPress, only baroquely complex ones.  But a complete solution would
be anything that asks the user to answer a simple question that isn't
standard across everyone else's WordPress, like 'What is 4+5?' and
require a correct answer before the form submission gets processed.

Bruce Schnier on his blog ('Schneier on Security') has a simple hack
where you are asked to answer the question 'The title of this blog is
"Schneier on ________".  What is that word?'  (I paraphrase.)  Works
perfectly -- because it's not necessary to defeat custom attacks, just
comment-bots aimed at commodity software.


--
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20190913081735.1882710zquoywu8f%40webmail.rawbw.com.

Follow-Ups:
- Re: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
  - From: Rick Moen <rick@linuxmafia.com>

References:
- BerkeleyLUG site/WordPress migration
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- BerkeleyLUG site/WordPress migrated!
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
  - From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
- Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: One off Pi Day
Next by Date: Re: One off Pi Day
Previous by thread: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
Next by thread: Re: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
Index(es):
- Date
- Thread