[Resolved] CAPTCHA

[Dave_L]

I checked and saw that the forum registration page uses a CAPTCHA to prevent robots from registering.

Do you think that the spam posts here (which seem to be steadily increasing) are done by a robot that's able to defeat the CAPTCHA, or are human beings actually registering manually?

The CAPTCHA used by this site is that annoying RECAPTCHA project. Due to its widespread use, the spammers have probably prioritized cracking it. A simpler do-it-yourself CAPTCHA might be more effective.

[Lking]

22 hours ago, Dave_L said:

spam posts here (which seem to be steadily increasing)

I can attest to that!  2-3 years ago when I started helping to clean out "the trash", and even just 6 months ago the level of spam was much lower. spam usually came in bunches; 5-10 all of one kind, Indian escorts for example or supplements, overnight maybe one day a month.  Now it seems to be 20 to 40 a day.

To me they do seem bot generated. All look to be the same format, often several copies of the same body.  Only on rare occasions does one "member" post two or more spam.  Haven't done a count, but density seems to go down the list of forums members can post in, How to use, Reporting Help, Blocklist Help, etc.  Sometimes they get down to the Lounge and Geek/Tech things.

At one time bots used live people to crack the CAPTCHA. The bot pass on the graphic, person pass back the answer, and the bot do the posting now that it was in. (talk about a soul killing job.) We seem to have three classes of spammers:

1) '... joined the community' and spammed within minutes, about as fast as the system would let it get through the steps. Could be a sw or live crack of the CAPTCHA.

2) a few that spam and they have been laying low for a while before the spam,

3) and finely there are obviously live posters that don't have a clue. 'I have a business I want to sell...' or 'I developed X' which may be relevant.  When I follow the link I have obviously taken the bat and am in a tar pit.

22 hours ago, Dave_L said:

A simpler do-it-yourself CAPTCHA might be more effective.

I do not have a level of access to change the security, but there is merit a non-googleable CAPTCHA.

[Iulian Onofrei]

I wonder if the spam on forum increased, because on 31st of March this year, reCAPTCHA v1 was closed, so currently you can register without typing anything in the validation input.

[Lking]

Thanks for reporting that.  I haven't been to that screen in ??? a while.

I forwarded you observation to maintenance.

[Iulian Onofrei]

I guessed so, but since I just signed up, I noticed it

[Lking]

With a general upgrade, this too was resolved.

[Dave_L]

By "resolved", do you mean that the RECAPTCHA was replaced by a better CAPTCHA, and that the forum spam is minimized or eliminated?

[Lking]

Yes and don't we wish.

Yes the RECAPTCHA has been replaced/upgraded after the old one being shutdown as reported by Iulian Onofrei earlier. This was done along with a general SW upgrade which has been pending for some time.  The general upgrade skipped a version due to reports that the intervening version was"buggy."  I do not know for sure, but assume that the skipped version has also included the RECAPTCHA update.

As for spam, they are coming back.  Spam has been in a low cycle lately, in the teens vs 30-40/day.  The lack of a RECAPTCHA this month did not seem to have an affect.

This week spam levels dropped for what ever reason; Monday 17, Tuesday 17, Wednesday & Thursday 0, today Friday 7.  The new RECAPTCHA may have caused the zero level on Wednesday, for sure on Thursday.  By today they are starting to figure it out(?).  We have a long history for comparison so it will be interesting to see how long it takes to settle into a new "stable" level.