[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
- To: "Berkeley Linux Users Group (BerkeleyLUG)" <berkeleylug@googlegroups.com>
- Subject: Fwd: Simple Math Captcha added to registration: Re: BerkeleyLUG site anti-spam enabled, comments & registration / sign-up opened up.
- From: "'Michael Paoli' via BerkeleyLUG" <berkeleylug@googlegroups.com>
- Date: Sun, 13 Jul 2025 20:29:19 -0700
- Arc-authentication-results: i=2; gmr-mx.google.com; dkim=pass header.i=@berkeley.edu header.s=google header.b=G2PUsS0M; spf=pass (google.com: domain of michael.paoli@berkeley.edu designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=michael.paoli@berkeley.edu; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=berkeley.edu; dara=pass header.i=@googlegroups.com
- Arc-authentication-results: i=1; gmr-mx.google.com; dkim=pass header.i=@berkeley.edu header.s=google header.b=G2PUsS0M; spf=pass (google.com: domain of michael.paoli@berkeley.edu designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=michael.paoli@berkeley.edu; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=berkeley.edu; dara=pass header.i=@googlegroups.com
- Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:content-transfer-encoding :to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=RJkm8518EQMYKDNUP85jz3igOrlSYuqEJRZfWyXZ8fU=; fh=LlwYyKtcLMSmkx/QPXhaIoJF+OdeMi92GTwfe64HStc=; b=D/KRFCigRAsOD3cCOlmqjJOzR1A8//4tqK6UZQeHKwDwHJ6do39G4dzJd7rZchJRUM FHxxptcYOOjH1e/KcM+MFXSRlBK4Wb9sw/aYDlJvavpVawfRaMhjDpRFRkRgNrOM4xWq AevxiesT1SuY0EWj3PVzGs6c4eR0zysyIoXbtvXT3kEqkEAbcmIkg4l6hKom9T5kO/P6 R9MEy2hBh6lsPh7f+GkBom4DMlj/btkEji4dtp0XE2wOu0jEQLDWWSfeo0n0TAJJ+uQE SjGJr/PPrwrI2jFfQArouKqqiQuzPC/wQb+QGyHd1SCrveDAawb9jp8sDWCvJWGyiTXP g6Cw==; darn=netisland.net
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=638USqaWtxdK263tfpXX2OMuAO5zm2pArmBsVt6fPBA=; fh=sML/OULlfnWITsGkMh+cjofqEO0XhR1yO0lIVYTCoc4=; b=OD4FmDP21zafOUoBvbl26EI/mMA++0qOWJa/cKIgEVfxpBs3htGkDliBLcOeJrFz/u /Ab0kTwHW/BSGFYZDwOZpVwiKA/dogL/+SMbbDkRiWMc/4aplTGUWO8XOZCrsMtnG11x ysTqkrGK/KzKFX60L/F5mJoUUXBQ5ug8WCbw/zoSAiz44ZNpUa45+p8PB/TzyRUfvvDz J5NkYvZml0+4IC7Ybzyfhjop97RKnPWsFM6ojZUgPjfQauRSdzj3UzCUBXBziBanay7M HDIMn1VTNXIiBRcpXacIImOtRMBa3sUdgdWkTxp/qRiX7tCJJrehFp6GoZzWr/Qg+fSP xM/g==; dara=google.com
- Arc-seal: i=2; a=rsa-sha256; t=1752463801; cv=pass; d=google.com; s=arc-20240605; b=XbxYSRJT9EXdnvzoUXy5NRlGZVgrbEC6dF4hzhVhuO0ee5Lfk915wcF6JUsTTPPXJS H7ZZ9FTJikMxnfDGCg60kVymkySC1Dw6pAsI9qfzqcfj3SnfDOkok7K47URrr11YCA2O eUfjAsWqiFVaIdntTyzT5PvI5YlReJlp+I0RXTuvEpBSQWM/id0M16ZE3RkQVG7LHeAz w3I69jFfIurTNatQnw4/OK7jHuIYj2LPeTaHSVYmVtW+bMYapyc/5lgkE63B/PNLC88D M3SNHPgBg82glbu75WJsF5pmfqBjrBVLITh+Il5kOyFWKiW7dExXnDWLfbA6+i/lIVKr aXIg==
- Arc-seal: i=1; a=rsa-sha256; t=1752463797; cv=none; d=google.com; s=arc-20240605; b=JYDbH1mqGRQRoYZ3gGkrvY4eFGAYZKbVCOUjMaZkwhoinXDdAyNvde5ian4kNoQXnx lvH9dEwVIe6SXo3GvQK+Vpo+hJNeLWrOn3txDG/EbJAE+OD42ddFGCdulB4p3VZxk58V +006Tcdv2frfeKVzjAQ5Oq1f77zSlyBvmbAnruD8oJKyFQPuCxoRcGfFLFWvMoBlreOr uA50z8+VM9FemtbLcchKXjP/5AelP5DziGzQde2Io7jHbdIFhc9JOVlmxOvHTHEGEMAy 8v3qvdQdaLpLRRiE/KpbaxttU1aJYfb03GrFGAl6NDQID1CFo2VO3fEaLvx8lMmWcIeu WzoQ==
- Delivered-to: historian@entropia.netisland.net
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1752463801; x=1753068601; darn=netisland.net; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RJkm8518EQMYKDNUP85jz3igOrlSYuqEJRZfWyXZ8fU=; b=Gd6fyW52Yskr9kzjFOfPzGVRxP7Faet5w8d7VPnbILqo6I586g29pwlQ0Z2USZtQpS iCp2k6jI3BmEOlTvCUL2hPC1y5XKjsgRHSS4nA7LPEsIF4lhg6BrGTX31OyU0DzvLVpL mWDIjk85lAyidh1FxHNgqjd4DuIqFzkSwfZWEYfdc5VWg5uM5sn9nP0zDnMp1L1m6kzV aPC8nXQ35ICng7BilpmRagpA3mJK+Jteo52JI50NnfCsChyKx+KSHmsKMJUdJ6QGRC69 VmnHeyVsihaA8A7BxfKY1UijA8CAT4C9xS7E3FYGtZSkN4AfRsJK2fmrmS+603Tf5kEK QbTg==
- In-reply-to: <20190913081735.1882710zquoywu8f@webmail.rawbw.com>
- List-archive: <https://groups.google.com/group/berkeleylu>
- List-help: <https://groups.google.com/support/>, <mailto:berkeleylug+help@googlegroups.com>
- List-id: <berkeleylug.googlegroups.com>
- List-post: <https://groups.google.com/group/berkeleylug/post>, <mailto:berkeleylug@googlegroups.com>
- List-subscribe: <https://groups.google.com/group/berkeleylug/subscribe>, <mailto:berkeleylug+subscribe@googlegroups.com>
- List-unsubscribe: <mailto:googlegroups-manage+61884646931+unsubscribe@googlegroups.com>, <https://groups.google.com/group/berkeleylug/subscribe>
- Mailing-list: list berkeleylug@googlegroups.com; contact berkeleylug+owners@googlegroups.com
- References: <20190828065407.10407kf5hvlhjrk8@webmail.rawbw.com> <20190830072521.21241miuqsibqbwg@webmail.rawbw.com> <20190902183537.78777xjklubwg6zk@webmail.rawbw.com> <20190911221004.11961o2kox7xbvwk@webmail.rawbw.com> <20190912080641.GU6980@linuxmafia.com> <20190913081735.1882710zquoywu8f@webmail.rawbw.com>
- Reply-to: Michael Paoli <michael.paoli@berkeley.edu>
So, at some point along the way, likely some upgrades or the like,
Simple Match Captcha, most notably on the WordPress registration, broke.
Anyway, have now fixed that.
Additionally, I disabled the setting option:
Hide for logged in users
Enable to hide captcha for logged in users.
Would you like to hide captcha for logged in users?
Notably so to avoid having a logged in user (e.g. bot),
massively registering additional users - with no further captcha
to register them, as they were already logged in.
Yeah, we now have 941 users:
All (941) | Administrator (3) | Editor (2) | Author (1) | Subscriber (935)
And likely the vast overwhelming majority not legitimate, but bots.
So, I expect I'll be cleaning that up soonish, as I believe I did
likewise before.
---------- Forwarded message ---------
From: Michael Paoli <Michael.Paoli@cal.berkeley.edu>
Date: Fri, Sep 13, 2019 at 8:17 AM
Subject: Simple Math Captcha added to registration: Re: BerkeleyLUG
site anti-spam enabled, comments & registration / sign-up opened up.
To: BerkeleyLUG <berkeleylug@googlegroups.com>
I added a simple Math Captcha to registration.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.
As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s). Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the users that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.
We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted. "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.
This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available. Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).
> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: BerkeleyLUG site anti-spam enabled, comments &
> registration / sign-up opened up.
> Date: Thu, 12 Sep 2019 01:06:42 -0700
> Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
>
>> o add some captcha or the like to raise the bar sufficiently on
>> registration / sign-up
>
> It usually ends up being a CAPTCHA implementation people add for this
> purpose, because it's difficult to find a modest, _simple_ plug-in for
> WordPress, only baroquely complex ones. But a complete solution would
> be anything that asks the user to answer a simple question that isn't
> standard across everyone else's WordPress, like 'What is 4+5?' and
> require a correct answer before the form submission gets processed.
>
> Bruce Schnier on his blog ('Schneier on Security') has a simple hack
> where you are asked to answer the question 'The title of this blog is
> "Schneier on ________". What is that word?' (I paraphrase.) Works
> perfectly -- because it's not necessary to defeat custom attacks, just
> comment-bots aimed at commodity software.
--
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/berkeleylug/CAPU_E%2BdqHOFD26oa%2BDjDNMCj5Ph5dsOtr1Z2QUzwsGmgiAtNEA%40mail.gmail.com.