Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

CAPTCHAs for guest posting & registration | CLOSED

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

CAPTCHAs for guest posting & registration | CLOSED

Postby Pattern_Juggled » Mon Oct 14, 2013 3:44 pm

Guest wrote:does it work on linux?


Yep, both via the standard OpenVPN repositories & via any of the more bespoke options (such as the Ubuntu Network Manager extension, for example).

PS. Seriously- you make me run a google script to do captcha so I can comment? WTF!?


Our CAPTCHA right now completely, totally sucks. And we apologise for that; another guest poster let us know last week, after we updated the CAPTCHAs in our ever-interesting arms race with the spambots.

We're going to replace it, asap, but it's just been stalled out until the beta launch is complete. Also, if you know of a good CAPTCHA we're all ears - we've been through a whack of 'em and one by one the spambots pwn them. It's sort of sad, really. Anyway, it's top of list to get this one replaced, as everyone agrees it sucks.

Enabling guest posting - no registration required - has been for many years a non-negotiable requirement for our customer forum, and will remain so. The spambots get smarter all the time - over the summer, they'd bogged us down with hundreds of garbage guest posts after they mastered the latest CAPTCHA (I can't even remember which it was this time, to be honest). We're looking at OpenID as well, to help streamline the whole process.

So again, we know it sucks right now and it's not something we chose - the ones thrown for registration by this engine are reasonable... it's only the damned guest ones that are hideous. And that's totally unacceptable to us, period.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby acid1c » Tue Nov 12, 2013 9:36 am

Pattern_Juggled wrote:
Guest wrote:does it work on linux?


Yep, both via the standard OpenVPN repositories & via any of the more bespoke options (such as the Ubuntu Network Manager extension, for example).

PS. Seriously- you make me run a google script to do captcha so I can comment? WTF!?


Our CAPTCHA right now completely, totally sucks. And we apologise for that; another guest poster let us know last week, after we updated the CAPTCHAs in our ever-interesting arms race with the spambots.

We're going to replace it, asap, but it's just been stalled out until the beta launch is complete. Also, if you know of a good CAPTCHA we're all ears - we've been through a whack of 'em and one by one the spambots pwn them. It's sort of sad, really. Anyway, it's top of list to get this one replaced, as everyone agrees it sucks.

Enabling guest posting - no registration required - has been for many years a non-negotiable requirement for our customer forum, and will remain so. The spambots get smarter all the time - over the summer, they'd bogged us down with hundreds of garbage guest posts after they mastered the latest CAPTCHA (I can't even remember which it was this time, to be honest). We're looking at OpenID as well, to help streamline the whole process.

So again, we know it sucks right now and it's not something we chose - the ones thrown for registration by this engine are reasonable... it's only the damned guest ones that are hideous. And that's totally unacceptable to us, period.


Audio help for captchas is a no no! Simple as that.

I dont remember how simple your captcha was, but I know there is auto captcha programs out there that will grab the captcha and read it pixel by pixel, and tilt and cross reference until it matches a letter or number.

If its a solid color.. it can easily detect when each character starts and stops in reference to the background.

If you remove a few borders and do some fancy fills, multi color, lines, polka dots, thin scribble lines, and anything to throw them off, it will make it harder.

Hell even the little play through games have been beaten, the "Are you Human" captchas. Its quite simple cuz there was no error limit when the original solve bot for that was created. if there is an error limit now, then im sure the bot was refined quite a bit.

What about the picture captcha where it twirls the picture and you have to slide the bar to straighten out the picture? It picks a random spot every captcha as well as a random "solve" spot within the sliders range.

Will it fix the problem? i dont know.

Now what about some other form of token auth?

Cuz if you used these token auths for your VPN cuz passwords can be almost useless pertaining to security, why would captchas be any different, right?

So lets throw that out the window and start anew :)
Last edited by acid1c on Tue Nov 12, 2013 10:20 am, edited 1 time in total.
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg

User avatar

acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby acid1c » Tue Nov 12, 2013 10:15 am

Also looking at this http://www.itworld.com/security/218177/ ... oure-human and a link contained therein http://elie.im/blog/security/five-surpr ... a-schemes/

Text(like passwords compared to your token auth?) and guessing games, math and geometry(not user friendly) are crap now.

Error Allowance needs to be small. and No audio help.

What about pictures?
Answers categories could range anywhere from colors, shapes, person, place, thing, time, height, speed. Silimarities, Differences. Theme.

I have yet to hear about any bot that can comprehend a picture. They either dissect and solve text, or guess until pass.

For Example, The Eiffel tower. You can see its the subject of the picture, and most if not all of your audience generally knows what it is. Color scheme is complex, rendering old text captcha tech useless and leaving it visually appealing.
il_fullxfull.339871275.jpg


Im out of ideas for now, lol
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby Pattern_Juggled » Mon Dec 09, 2013 1:40 pm

We've done some pushing around of existing captchas, and (tried to) implement nuCAPTCHA... but it's sort of flighty in working with the current build of phpBB. Our internal testing shows nuCAPTCHA to be active currently, as intended - but also a second, vestigial one still being painted during registration? No idea what that's about, but so long as it's not a hassle for folks registering, we're ok with leaving this particular sleeping dog to lie still, for now...

Down the line, as others have suggested in this excellent thread, we're entirely open to more creative/forward-looking solutions to the problem of the spambots!
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

marzametal
Posts: 517
Joined: Mon Aug 05, 2013 11:39 am

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby marzametal » Tue Dec 10, 2013 4:21 am

Make them type the Canadian anthem in binary...

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby DesuStrike » Tue Dec 10, 2013 5:03 am

marzametal wrote:Make them type the Canadian anthem in binary...

You sadist!
home is where the artillery hits


cryptostorm_ops
ForumHelper
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm
Contact:

Re: CAPTCHAs for guest posting in forum: ideas to improve

Postby cryptostorm_ops » Mon Dec 30, 2013 4:09 am

We're currently testing out the NuCaptcha tool to manage the spambots, both for guest posting and new forum registrations. It seems to be effective so far, but we're interested in any feedback from visitors who have interacted with the new tool.

Thank you,

~ cryptostorm_ops

User avatar

cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

NuCAPTCHA activated

Postby cryptostorm_admin » Tue Jan 28, 2014 11:59 pm

It is my understanding that the NuCAPTCHA install has been stabilised during our recent custom recompile of Apache & associated packages. If this is not the case, I trust someone will post a note here so that I can debug further. In the meantime, I'm going to mark this issue "CLOSED" - but leave the thread open.
cryptostorm_admin - a mostly-shared, admin team forum account (sort of a person, but also shared)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ
support team email: support@cryptostorm.is
live chat support: #cryptostorm


Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: No registered users and 8 guests

Login