Defeating Spam - Should we use Captcha?

**Border_Reiver** · 29-07-2010, 09:07

Originally Posted by Good CO

About the alert button - have you seen the 'report post' exclamation mark button at the bottom of each post?

Seen after your post .... it looks like a triangle whose function is only highlighted when the cursor is placed on top of the icon ... perhaps its use could be better displayed .

**jagman** · 29-07-2010, 09:07

Originally Posted by Good CO

I dislike captcha even though thinking rationally it should make almost no difference - a good post takes 5 minutes, captcha about 10 seconds. I have however voted 'no' above and I will be very surprised if the vote isn't a resounding 'no' but I thought it worth checking.

There are another couple of options I've been exploring this morning. A modification for example that checks for known spammer IPs , usernames and emails when you register. I will probably try that but the risk is false positives and I don't know what happens when the link to the amazing database fails.

Can you apply this captcha selectively?
For example, newly registered users have to use it for their 1st 30 posts or some such? That may catch a lot of the spam without affecting the bulk of users

**Yeah_Innit_Blud** · 29-07-2010, 09:18

Whilst the spam can be quite annoying, it's not a huge problem daily so I just ignore it.

**Semper_Flexibilis** · 29-07-2010, 09:28

A system a lot of high end boards now use is to not allow people to register accounts with freemail accounts, only paid ones via proper telecoms providers.

Once you've registered with your paid for account and it's been verified, you can then switch to a freemail account if you want. That stops 99.9% of spammers.

Another tactic used is to stop new users posting a thread until they have replied to at least 5 posts. Stops the spambots dead in their tracks too.

Advantages of these is no captcha etc required and it's a one time only thing when you sign up to ARRSE.

**Oyibo** · 29-07-2010, 10:11

Personally I'd rather not have such a system in place. I work in West Africa, and I have been blocked by sites that asume I'm a 419er when I'm on a West African network.

I may be wrong, but there doesn't seem to be an overwhelming amount of spam at the moment (maybe the mods are doing a very efficient job of deleting it). If it does get ridiculous, then by all means use captcha, but for the moment it would be an inconvenience especially on very slow internet connections.

**Good CO** · 29-07-2010, 10:14

We did exactly that with emails when we were very definitely a low-end board actually and you're right it did stop quite a few although not the large scale ones. I will try and get a version set up on here for that though.

We can set the 5 posts rule, but I think that it's a good way to discourage new members and quite confusing. There are only so many "sorry but you didn't / aren't XYZ" that a person will take.

**Pigshyt_Freeman** · 29-07-2010, 10:16

Isn't there a danger that if it's too ahrd for spammers to start new threads, they'll just put spam posts in existing threads? I imagine that would be much more difficult to remove. Perhaps better to have them starting new threads and just binning the threads.

**Good CO** · 29-07-2010, 10:16

Originally Posted by Border_Reiver

Seen after your post .... it looks like a triangle whose function is only highlighted when the cursor is placed on top of the icon ... perhaps its use could be better displayed .

It could and I did consider it, but I think it's just one of those things best left out of the way. Regular users will come to know about it in time and it will get used more often. I think it's better to rely on that than to have yet another big button distracting from things like "reply".

**Yeah_Innit_Blud** · 29-07-2010, 13:55

I don't like captcha as it's Googles way of making us work for them for free.

**balthazar** · 29-07-2010, 14:30

I don't understand the logic. If robot spammers are getting through the ARRSE front end CAPTCHA they'll get through any subsequent CAPTCHAs when they go to spam a thread, the PM system, the visitor messaging system, blogs etc.

So you need to stop them registering in the first place and your CAPTCHA clearly isn't working. Don't feel bad about it: robot spammers have been able to break CAPTCHA for ages. Have you tried question and answer? A well chosen question kills robot spam dead.

Admin CP -> vBulletin Options -> Human Verification Manager ->

Question and Answer Verification
This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.

Source

That's a VB3.7 thread and you're on 4.0. But the facility should be there.

**Good CO** · 29-07-2010, 15:33

Originally Posted by balthazar

I don't understand the logic. If robot spammers are getting through the ARRSE front end CAPTCHA they'll get through any subsequent CAPTCHAs when they go to spam a thread, the PM system, the visitor messaging system, blogs etc.

So you need to stop them registering in the first place and your CAPTCHA clearly isn't working. Don't feel bad about it: robot spammers have been able to break CAPTCHA for ages. Have you tried question and answer? A well chosen question kills robot spam dead.

That's a VB3.7 thread and you're on 4.0. But the facility should be there.

That is a superb idea - particularly if they have a slight military theme rather than "what is 1+1". Watch this space!

**balthazar** · 29-07-2010, 15:54

Originally Posted by Good CO

That is a superb idea - particularly if they have a slight military theme rather than "what is 1+1". Watch this space!

Glad to assist. You shouldn't be plagued with robot spam. There are ways round it without slowing down posting.

**Balleh** · 29-07-2010, 19:56

Originally Posted by Good CO

Captcha, as most will know, is the code thing that you type in to various sites to try and stop automated form submission - going some way to limiting spam and brute force attempts to access accounts.

We have it enabled for everything except posting and searching. Searching can stay without it - hammering away on our search won't crash he site like the bad old days. However posting.....

Would stop almost all of the bulk spam, but would be a minor pain in a functions that people use daily.

Vote please - would you prefer to fill in a captcha code when you post, or suffer some irritating spammer?

That doesn't seem logical to me as before spamming, the individual has to become a member of ARRSE in the first place. So the current spate of spams suggests that they are getting through any initial captchas let alone subsequent ones.

Surely the thing to do is try to prevent membership in the first place with something more complicated than a captcha; for example a question to which the answer is not logical so the question "what is 2+7" would not do, but something like who is the current Chief of the Defence Staff, in which county is Exeter, what is the ocean to the west of America or who was Winston Churchill should flummox the spammers.

Also the answer should have a less than a 50/50 chance of being correct; e.g. Is London in England or France.

Edited to say:

Oops, have just read balthazar's comment, so duplication.

**Good CO** · 29-07-2010, 20:37

I've added questions instead. About the reading captcha I would guess that the initial registration is done by a human, then a bot is let loose. We were using recaptcha, not the vbulletin one and I think that's pretty good. Anyway, I watch with interest what happens tonight!

I'll lock this thread now.