Announcement

Collapse
No announcement yet.

Human Verification Upgrade

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Human Verification Upgrade

    Hello, I was wondering if it's possible or will be possible to use other kinds of Captchas? Because Google's reCAPTCHA v2 and v3 isn't that reliable as a lot of spam bots bypassed reCAPTCHA v2 easily and I had to switch to hCaptcha that works like reCAPTCHA v2 and KeyCaptcha. But it appears those other Captchas Mods for vB5 haven't been updated recently in vb.org. Of course we don't want our vBulletin sites to be raided and filled with spambots signed up and posting alienating threads.
    Last edited by RoboCop1985; Sun 19 Sep '21, 6:01am.

  • #2
    It should be extendible. The structure of the code for human verification is still using the vBulletin 4 format. So you will find the files in /core/includes/ with a name like class_verificationtype.php. However, I don't have example code at this moment though. However it looks like:
    1. Add the class,
    2. Add your options in the "Version and Other Untouchables group"
    3. Update the /core/admincp/verify.php so it knows about your new class and its options. Primarily the switch on hvtype.

    From there, it looks like the front-end will just pick up the changes and call the correct class.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Ah...of course. Besides myself, some of my friends who are using older vB - and are considering an upgrade, were disappointed on not having many security and anti-spam mods or addons from vb.org for vB5. It was bad enough those spambots had flooded their forums with dodgy alienating threads and that. And yes they did use those Spam Management tools but had the older Captchas that are outdated.

      Anyway, thanks for your reply.

      Comment


      • #4
        Interesting. I'd be interested in their settings for vBulletin 5 Spam Management and User Registration Options. This site gets several hundred spam posts every single week and the public never sees the majority of them. They are automatically moderated and hidden. Using the Moderated Tab in the Message center means it takes about 10-15 seconds to delete them and ban the users from the site.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #5
          Well, Wayne, I don't have concrete evidence about how the vB 5 Spam Management and Human Verification interacts with those spambots and to try put a huge Stop sign against those bots, as it appears that reCAPTCHA v2 (this Forum is using is it?) isn't strong enough to keep those nasty spammers away.

          Plus some of my friends who had used - or still uses vB 3/4 - had granted me AdminCP as they were desperate for me to put an end to that spam threads nonsense at once. When I had told them I used vBulletin for many years, they had used KeyCaptcha and Spam-O-Matic for vB 4 which had proven to be effective. I know that for sure cos that's what my site uses for vB 4.

          I know Google is a very popular brand name and that it owns Youtube, Gmail and reCAPTCHA but of course it doesn't mean their products are more reliable and have fewer flaws. It's maybe because reCAPTCHA is so popular that those notorious bots are well focused on sneaking through reCAPTCHA, that they must have got some kind of improved visual AI, to suss out the reCAPTCHA pictures of Bikes, Cars, Boats, Traffic Lights.

          Also, I think CloudFlare had switched from reCAPTCHA to hCAPTCHA, but I could be wrong...

          Anyway maybe try out hCAPTCHA and KeyCaptcha, besides it could reduce those spam threads that can be very counter-productive.
          Last edited by RoboCop1985; Mon 20 Sep '21, 1:26pm.

          Comment


          • #6
            If you want us to add additional CAPTCHA types, you can create feature requests in our Issue Tracker. I don't really have a preference to be honest. Any hoop that a real user has to jump through will be annoying and have pros and cons. Most spamming systems simply pay humans to register for them these days anyway.

            vBulletin 5's Spam Management tools are very similar to what Spam-O-Matic provided for earlier versions. So they can't really be compared to what is in a default vBulletin 3 or 4.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment


            • #7
              Very well!

              Comment


              • #8
                The most effective spam tool I've ever used is the Question And Answer where I ask a question that only users truly interested in my site would be able to answer. Spammers will virtually never take to the time to research answers to security questions.

                Comment


                • #9
                  It can depend on how simple the answer is as well as using numbers. Bots can be very fast calculators for giving an arithmetic sum question, and of course, the problem is with worded answers is how the likelihood for newcomers to answer them with the first capital letter as passwords, as Android or iOS Keyboards tend to have the auto spell or autocorrect setting on. And most websites can be case sensitive to most passwords and that.

                  Comment


                  • #10
                    Math questions are very poor anti-bot tools as you state. However, if your site is based on Mustang Cars, then a question about Mustang Cars is not. In addition, you should never rely on one question and/or answer. You should have multiple questions and if there are multiple answers possible, add them as well. The system will rotate through the questions and accept any of the answers assigned to it.

                    The Question and Answer should never be confused with passwords either. And answers are case insensitive as far as I am aware.
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API

                    Comment


                    • #11
                      Also TechQuickie YouTube channel from Linus Tech Tips crew made a video titled, "Why CAPTCHAs Are Harder Now." That video explains why Pictured based as well as slightly distorted words are less effective. Which explains why reCAPTCHA v1 is outdated.

                      I don't know if I'm allowed to post this video as it contains an advertised sponsor. But have a look at that video by searching that title, if you want to know what I mean.

                      Comment


                      • #12
                        Originally posted by RoboCop1985 View Post
                        It can depend on how simple the answer is as well as using numbers. Bots can be very fast calculators for giving an arithmetic sum question, and of course, the problem is with worded answers is how the likelihood for newcomers to answer them with the first capital letter as passwords, as Android or iOS Keyboards tend to have the auto spell or autocorrect setting on. And most websites can be case sensitive to most passwords and that.
                        This is true but I'll give you a more specific example of something I use on one of my sites. It's a legal forum for discussion of Constitutional law. One of the security questions is: Name the three most important people associated with the Corwin Amendment. Yes, the answer can be researched but not easily. A spammer is highly unlikely to take the time since it's a failed amendment only true Constitutional law nerds would even know about. Conversely, anyone who has taken Constitutional Law should know the answer without having to research it.

                        Comment


                        • #13
                          Originally posted by RoboCop1985 View Post
                          Also TechQuickie YouTube channel from Linus Tech Tips crew made a video titled, "Why CAPTCHAs Are Harder Now." That video explains why Pictured based as well as slightly distorted words are less effective. Which explains why reCAPTCHA v1 is outdated.
                          vBulletin hasn't used reCaptcha v1 for over a decade. In addition to this, one of the Captcha's you recommend is not accessible to the blind. This is a requirement for this software if not for your own site. I am not even blind but if I visit a site that requires Keycaptcha to register, that I am just going to either Reddit or another site on the same topic instead. Making things to hard for humans is going to send humans elsewhere.

                          We know the Image based captcha that ships with vBulletin isn't the best. However, it is the bare minimum that is guaranteed to work on every single vBulletin installation. It doesn't require any configuration on 99.99% of all customer servers and it doesn't involve giving end-user information to third-party sites. However, it gives something out of the box. It most likely isn't going anywhere.
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment


                          • #14
                            Yes well, I wasn't too sure on KeyCaptcha with the Drag and Drop puzzles involved for guests to sign up. This was why I've also mentioned hCaptcha which appears to work almost like reCAPTCHA and I think some sites as well as CloudFlare; believe that reCAPTCHA seems to be becoming an unreliable liability. Whereas hCaptcha could be used as an alternative or substitute - from where I've checked the reviews for hCaptcha. But it doesn't appear vbulletin.org contains a mod or addon for hCaptcha for vB 5.

                            And yes I understand and agree on how blind users or folk with poor vision won't benefit from Captchas with no audio verification, and it will be inconsiderate for vBulletin to not allow that Human Verification option.

                            PS: I've noticed SolveMedia Captcha supports audio verification, but again it doesn't appear vb.org contains support or an addon thread for SolveMedia vB 5 as well.
                            Last edited by RoboCop1985; Wed 22 Sep '21, 11:36am. Reason: PS added

                            Comment

                            Related Topics

                            Collapse

                            Working...
                            X