Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Captcha ... or Not
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback
View previous topic :: View next topic  
Author Message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 135
Location: India

PostPosted: Sun Mar 01, 2020 4:49 am    Post subject: Captcha ... or Not Reply with quote

User: ElliottT
Reason: Spam

Banned, and cleaned up, thanks.

Catchpa discussion split split to its own topic from the Report topic.
-- NeddySeagoon

_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
Old School
Apprentice
Apprentice


Joined: 20 Nov 2004
Posts: 252
Location: West Bank of the Coast Fork

PostPosted: Sun Mar 01, 2020 6:14 am    Post subject: Reply with quote

User: ElliottT
Topic: Avengers Quicksilver Cosplay Costumes : Cosplaymade.com
Post: post 8425820
Reason: New user spambot, this is the first of 15 spams
_________________
www.otw20.com

The further a society drifts from truth, the more it will hate those who speak it.
George Orwell
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 515
Location: Quantum Flux

PostPosted: Sun Mar 01, 2020 6:42 am    Post subject: Reply with quote

Old School wrote:
User: ElliottT
Topic: Avengers Quicksilver Cosplay Costumes : Cosplaymade.com
Post: post 8425820
Reason: New user spambot, this is the first of 15 spams
currently OTW flooded by this user with 20 new threads.
this could be handled automatically. no human opens that many so fast.
_________________

Flux & Contemplation - Portrait of an Artist in Isolation

Back to top
View user's profile Send private message
Amity88
Apprentice
Apprentice


Joined: 03 Jul 2010
Posts: 265
Location: Third planet from the Sun

PostPosted: Sun Mar 01, 2020 7:08 am    Post subject: Reply with quote

Topic: Are You Kidding Me?
Reason:

Bot is spamming our forums with junk.
_________________
Ant P. wrote:
The enterprise distros sell their binaries. Canonical sells their users.


Also... Be ignorant... Be happy! :)
Back to top
View user's profile Send private message
Amity88
Apprentice
Apprentice


Joined: 03 Jul 2010
Posts: 265
Location: Third planet from the Sun

PostPosted: Sun Mar 01, 2020 7:12 am    Post subject: Reply with quote

e3k wrote:
Old School wrote:
User: ElliottT
Topic: Avengers Quicksilver Cosplay Costumes : Cosplaymade.com
Post: post 8425820
Reason: New user spambot, this is the first of 15 spams
currently OTW flooded by this user with 20 new threads.
this could be handled automatically. no human opens that many so fast.


Yup, it's prolly about time that we add a reCaptcha.

Not only is the bot spamming, the contents are totaly unreadable. The least they could do is to attack us with something that posts readable junk :P
_________________
Ant P. wrote:
The enterprise distros sell their binaries. Canonical sells their users.


Also... Be ignorant... Be happy! :)
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22717

PostPosted: Sun Mar 01, 2020 6:06 pm    Post subject: Reply with quote

Amity88 wrote:
Yup, it's prolly about time that we add a reCaptcha.
Absolutely not. Google captchas are a bane on the Internet and should never be used. They are broken with Javascript blocked. They require a graphical browser. We have historically kept the forums working for users who block Javascript and for users who are stuck using text-only browsers during early system setup. Enabling a Google reCaptcha would turn away users who need help during the install.

That doesn't even touch on the issues that some users have with interacting with Google as a gatekeeper.
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 515
Location: Quantum Flux

PostPosted: Sun Mar 01, 2020 6:52 pm    Post subject: Reply with quote

Hu wrote:
Amity88 wrote:
Yup, it's prolly about time that we add a reCaptcha.
Absolutely not. Google captchas are a bane on the Internet and should never be used. They are broken with Javascript blocked. They require a graphical browser. We have historically kept the forums working for users who block Javascript and for users who are stuck using text-only browsers during early system setup. Enabling a Google reCaptcha would turn away users who need help during the install.

That doesn't even touch on the issues that some users have with interacting with Google as a gatekeeper.
simple statistics would put a hold on such behavior. what was your AI doing?! did you know the NASA coding guidelines do not allow endless loops?
_________________

Flux & Contemplation - Portrait of an Artist in Isolation



Last edited by e3k on Sun Mar 01, 2020 7:13 pm; edited 1 time in total
Back to top
View user's profile Send private message
Tony0945
Watchman
Watchman


Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA

PostPosted: Sun Mar 01, 2020 6:59 pm    Post subject: Reply with quote

Thank You thank You Thank You, Hu!

What is a "street sign?" Any sign on a street? A sign giving the name of a street? Official signs on the street? Captcha does not seem to define that consistently.
What is a vehicle? Is a bicycle a vehicle? Is the front end of a car barely visible a vehicle?
I would think that bots have tried every combination and noted how to answer these. The same pictures are used. Just need a database with the answers. I hate spending 5 minutes on "try it again". No problem with the phrase Captcha's, but what if one is deaf? Or unfamiliar with English pronunciations?
A scourge on the internet.

If need be, I'd much rather see two factor identification to log on. Or a whitelist of IP addresses (won't help if mobile or using VPN).
Two factor identification won't help if a user is having e-mail trouble.


Last edited by Tony0945 on Sun Mar 01, 2020 7:01 pm; edited 1 time in total
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Sun Mar 01, 2020 7:01 pm    Post subject: Reply with quote

We could have an ArchLinux-style captcha (random obvious questions that take 5 seconds to answer, like "what name does Gentoo use for the arch commonly referred to as x86-64?")

It'd probably get rid of the random windows lusers that occasionally show up here too.
Back to top
View user's profile Send private message
Tony0945
Watchman
Watchman


Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA

PostPosted: Sun Mar 01, 2020 7:03 pm    Post subject: Reply with quote

Ant P. wrote:
We could have an ArchLinux-style captcha (random obvious questions that take 5 seconds to answer, like "what name does Gentoo use for the arch commonly referred to as x86-64?")

I'll bite. What name DO we use?
Back to top
View user's profile Send private message
Muso
Veteran
Veteran


Joined: 22 Oct 2002
Posts: 1052
Location: The Holy city of Honolulu

PostPosted: Sun Mar 01, 2020 7:24 pm    Post subject: Reply with quote

Tony0945 wrote:
Ant P. wrote:
We could have an ArchLinux-style captcha (random obvious questions that take 5 seconds to answer, like "what name does Gentoo use for the arch commonly referred to as x86-64?")

I'll bite. What name DO we use?


amd64
_________________
"You can lead a horticulture but you can't make her think" ~ Dorothy Parker
2021 is the year of the Linux Desktop!
Back to top
View user's profile Send private message
Old School
Apprentice
Apprentice


Joined: 20 Nov 2004
Posts: 252
Location: West Bank of the Coast Fork

PostPosted: Sun Mar 01, 2020 9:31 pm    Post subject: Reply with quote

Tony0945 wrote:
Thank You thank You Thank You, Hu!

What is a "street sign?" Any sign on a street? A sign giving the name of a street? Official signs on the street? Captcha does not seem to define that consistently.
What is a vehicle? Is a bicycle a vehicle? Is the front end of a car barely visible a vehicle?
I would think that bots have tried every combination and noted how to answer these. The same pictures are used. Just need a database with the answers. I hate spending 5 minutes on "try it again". No problem with the phrase Captcha's, but what if one is deaf? Or unfamiliar with English pronunciations?
A scourge on the internet.

If need be, I'd much rather see two factor identification to log on. Or a whitelist of IP addresses (won't help if mobile or using VPN).
Two factor identification won't help if a user is having e-mail trouble.
++
_________________
www.otw20.com

The further a society drifts from truth, the more it will hate those who speak it.
George Orwell
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470

PostPosted: Mon Mar 02, 2020 6:10 am    Post subject: Reply with quote

I don't really see the problem
* someone flooding OTW with threads
* the threads are just junk
* mostly done by non gentoo user

isn't that OTW normal life?
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 515
Location: Quantum Flux

PostPosted: Mon Mar 02, 2020 9:13 am    Post subject: Reply with quote

well you have the flood protection at irc or search delay at forums. why not do the same for opening new threads.
_________________

Flux & Contemplation - Portrait of an Artist in Isolation

Back to top
View user's profile Send private message
389292
Guru
Guru


Joined: 26 Mar 2019
Posts: 504

PostPosted: Mon Mar 02, 2020 9:13 am    Post subject: Reply with quote

Ant P. wrote:
We could have an ArchLinux-style captcha (random obvious questions that take 5 seconds to answer, like "what name does Gentoo use for the arch commonly referred to as x86-64?")

I would fail this one. It should be better paraphrased - "Another name for x86-64 architecture?".
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3449

PostPosted: Mon Mar 02, 2020 7:43 pm    Post subject: Reply with quote

Tony0945 wrote:
Ant P. wrote:
We could have an ArchLinux-style captcha (random obvious questions that take 5 seconds to answer, like "what name does Gentoo use for the arch commonly referred to as x86-64?")

I'll bite. What name DO we use?

I've seen some of those on other forums too, questions based on local community stereotypes.
What does ATI do? (A: sucks - from a gaming forum)
Any my personal favorite: Which is our capital city? (A: the ugly one - i hope I haven't butchered this one in translation, Poles will understand :lol: )


Still, I'd rather not have captcha unless it's really REALLY necessary. Hopefully upgrading the scripts will be enough to keep the vast majority of the bots out anyway.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22717

PostPosted: Wed Mar 04, 2020 2:03 am    Post subject: Reply with quote

Setting aside the question of whether a captcha is viable given community constraints, there is also the practical problem of where the new gate would be placed. For the purpose of this post, I will assume that (1) captchas are an annoying, but acceptable and not insurmountable, hurdle to legitimate users and (2) captchas are an insurmountable hurdle to robots. (As I wrote in a prior post, I have doubts about the truth of (1) in our community, but for the sake of argument, let's assume it to be true.) The truth of (2) depends on what captcha implementation is chosen. For the sake of argument, I will assume a captcha implementation that makes (2) true.

Placing a captcha as a restriction on creating an account sounds appealing from the perspective of minimizing the burden members of the community, but it wouldn't be very helpful, I think. Most spam attacks have been done with one or very few accounts, so requiring the attacker to manually solve one captcha to register before he can start the spam bot with credentials is not a very useful hurdle.

Placing a captcha as a once-per-N-time-units barrier would be a bit more annoying to the community, but would again be fairly ineffective unless N-time-units is extremely low. Small scale spam attacks are almost immune to time-based limits since they only need to create a few posts, then they go silent on their own. Large scale spam attacks are rarer, but generally noticeable for the large volume of posts they create very quickly. I've fielded responses to a couple that continued posting for more than an hour.

Placing a captcha as a once-per-N-posts barrier could be effective against the large scale attacks, but small attacks are much more common, from what I have observed.

For both of the once-per-N models, there would be competing goals of setting a permissive limit to minimize the burden on legitimate users versus setting a strict limit to maximize the burden on spammers.

I think there are other, non-captcha approaches that could burden spammers while not substantially inconveniencing legitimate users. For example:
  • Aggressively add rel="nofollow" on user-controlled links, with exemptions only for known-approved content. This should reduce the value spammers receive from posting spam links, and hopefully deter interest in using the forums to host spam links.
  • Restrict posting of "untrusted" links by "untrusted" users. For this, a link would be trusted if it is on a whitelist of commonly and legitimately linked domains, like the pastebin hosts. A user would be trusted if they met some criteria such as minimum account age, minimum number of counted posts, etc. Tuning the heuristics for this rule could be tricky, but the goal is to let long-time posters ignore the new system entirely, while confining new users to doing only those things that legitimate new users need to do. Ideally, although this is likely not possible, we would want to reach the end result of Constructive.
Due to the intended use of the forums, we can't use more aggressive deterrents, like imposing a minimum account age before posting, without burdening users who just want to ask for help.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470

PostPosted: Wed Mar 04, 2020 12:30 pm    Post subject: Reply with quote

you have another way to deal with this:
all links are allow to be post (no whitelist), all links are hidden except to a group of users: logged users, or users from a group, which could be some kind of "reporter" or just base on their posts count

this way, anyone is untrust, and links are hidden, only "trust" users can see them because you know they will report if there is a problem with that link
the only "bad" effect is that new user will have harder time helping other, as they won't see any information provided as help in a thread thru a link

maybe a "no links shown to not log-in users" could be enough, as i think spam value more the number of people seeing them and clicking them (or robots) rather than real forum users seeing them and clicking them
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Wed Mar 04, 2020 5:47 pm    Post subject: Reply with quote

New users immediately filling in half the profile fields (particularly all those dead IM services - aim and msn are *long* gone) should probably trip an automated check, too. Most of the spambots follow a consistent pattern there.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum