Spambot questions

[uteck]

Since I changed the forum settings so new accounts have to be authorized, I am getting a flood of mail from bots trying to make accounts. Looking back at new accounts over the last few months it seems this has been on the increase as the number of new accounts created has increased from 1-2 a week to a about 1-4 spambots trying to make accounts each hour. Clearly the captcha being used has been broken by the bots and is not slowing them down.


Flagg has updated the forum software and now there is a question and answer option that a new user will have to solve to make a new account. So what questions should be in the pool to choose from? I was thinking of asking for a word from a specific page from the main book, but I have seen a few posts were people do not own a copy of the books, so that may not work in all cases.


So I throw it out to the people here, what question should a person have to answer to make an account here that is not easily solvable by a spambot? For best security PM me your suggestions, but try to avoid yes/no questions or something that only Wordman or Plague of Hats could answer.


Once I have a dozen or so questions I will change the new user registration to ask questions so I don't have to authorize each new user. I will keep new user posts set to be approved by a moderator for their first post.

 

[Thanqol]

what is delicious


the answer is candy


candy is delicious

 

[Inverse]

I don't thing replacing CAPCHA with a dozen static keywords that allow access will work out well at all. The whole point of CAPCHA was that only humans could figure out the ever-changing keywords to get through, right? Having only a dozen question/answers won't stop spambots that can get through basic CAPCHA, since any Spambot Overlord (the future belongs to Cyborg-AI) could easily just make the spambots spam those 12 answers and get through super-easy. If you want something better than standard CAPCHA, I suggest finding some experts in the tubes to help out. (I'm 100% sure there are some Jedi-Geeks out there who would help.)


P.S. I spent way too much time writing this. I think I've been using internet forums for too long.... :|

 

[uteck]

Captcha was broken when a spambot takes the captcha image and displays it on a porn site. In return for entering the capcha you get access to free pr0n, thus the machines have turned us against each other.


And the questions and answers are changeable, but by making the questions Exalted specific we can weed out the bot and humans that do not play the game and can't answer the question.

 

[wordman]

Who is the woman on the cover of the First Edition book?


Who will soon Return?


Name the solar caste that rules the battlefield/sneaks around/sanctifies oaths.


Which god exalted the solars?


Which city must be destroyed?


Alternately, you could make these really obscure, as some sort of perverse "initiation" that makes people earn the unlimited glories that is an ECR acccount, like:


Correctly spell the name of the Great Maker.


If a terrestrial with Dex 4, MA 5 and no specialties has Five-Dragon-Blocking Technique active, how much can she raise her parry DV with the Third Martial Arts Excellency?


On tick 0, A grapples B. On tick 5, A must roll to maintain the clinch, but fails, so B elects to break the clinch. On what tick(s) do A and B next act?

 

[Virjigorm]

You could make new users put in an Exalt type, Caste/Aspect, and city of origin. The city has to be from the Exalted setting and the Type + Caste must match up or the account is rejected.

 

[magnificentmomo]

Well whatever you are going to do, do it soon because we have a new friend, and if you haven't noticed he has been busy.

 

[Cag]

Well, something Exalted related is definitely a must, since then you'd need to make a spambot specifically to enter this website. And yeah, Captcha-code has been broken as a security measure. Any code is bound to be broken sooner or later, but if the effort to break the code is more than you can gain, then no-one will be willing to break it.


Other than exalted questions, something that can be easily googled can help, but we need to stay away from memes. I mean, there is prolly one guy who has no idea what the city that must be destroyed is, and it'd turn them away if they had to figure it out


Another way of testing it out is to ask people to make acronyms, so you can ask them to make an acronym of the First and Forsaken Lion.

 

[uteck]

Well, something Exalted related is definitely a must, since then you'd need to make a spambot specifically to enter this website. And yeah, Captcha-code has been broken as a security measure. Any code is bound to be broken sooner or later, but if the effort to break the code is more than you can gain, then no-one will be willing to break it.
Other than exalted questions, something that can be easily googled can help, but we need to stay away from memes. I mean, there is prolly one guy who has no idea what the city that must be destroyed is, and it'd turn them away if they had to figure it out


Another way of testing it out is to ask people to make acronyms, so you can ask them to make an acronym of the First and Forsaken Lion.

Woho!, the first person since I made changes last week to post something that was was not spam!


So far of the 150 or so requests for new members I have approved 30ish, and out of them some just return and add spam links in their profile so they get deleted.


Cag is first real person to return to the site and post something that is not spam.


The acronym idea is interesting, but is too easy for a spammer to solve.

 

[uteck]

I added 20 questions so far, and can edit or add more as needed.


I switched the forum over to it, and not to ask for approval of new users but their first post will still need a moderator to approve it.


That should stop the flood on my inbox and stop the bots from registering accounts.

 

[Mr. S]

I saw these posts and wanted to try out the question system, but it looked to my untrained eye as if the registration system was bugged. It asked for a code to be typed into a field, but I did not see the field that the question indicated would be above it. In addition it displayed something along the lines of "if you have vision problems please contact %board administrator%". This seems like an error.

 

[uteck]

Thanks for testing this out. It seems that the latest update of the forum software might have broken theme and captcha compatibility. We are working on a solution.

 

[Cryoseraph]

We currently have tow spammers on the site now. They are: Anefagencassy and Heanofefabato. Please handle them accordingly, thank you.