Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
1.7k views
in Q2A Core by
Capcha and Recapcha are no longer enough, because such solutions are now circumvented by 'teams' of paid humans.

Is anything bein done in the core or maybe a plugin option. INDEED... Is there even a solution that isn't complex for the none-technically minded?

4 Answers

+2 votes
by
selected by
 
Best answer
Created a plugin for the same feature .

http://www.question2answer.org/qa/43240/

You can give a try .
by
Thanks Ami... This looks to be the best solution to date. I've downloaded it and will try it out asap.
by
Enjoy ... :)
+3 votes
by
You could give a try with this plugin .

http://www.question2answer.org/qa/37749/

 

Thanks
by
I personally tested it and it works better than captcha ( not perfect though, but way better). Good contribution Ami thank you
by
Thanks . Hope it will be better in the upcoming version . It become bit secure after adding Salt value in 1.1 . Lets hope for the best .
+2 votes
by
Absolutely any plugin can be cirumvented by humans. The thing is to avoid the ones that can be circumvented by computers, I mean, automatically. Complex captchas can not be solved by computers. They do need humans around. This of course, include the infamous reCaptcha that seems to be uncrackable.

The thing is that even if they're uncrackable and require human input, it is possible to automate everything else, such as clicking on the fields in the form. That way you can build a system designed only to allow users from all over the world to input text in images and send the answer (usually correct) to the system that can distribute those solved captchas to any paying client.

Now, this has been applied to reCaptcha because it is profitable. Too many sites have that great security system (including the default Q2A installation), so doing everything that is possible to automate the input of that captcha is worth the effort.

So what can be done? Go for an alternative that is NOT profitable to spend the automation money on. That means any lesser known security system should be enough to avoid the massive human cracking. However, that lesser known security system should be good enough so that it is not possible to automate either.

The only plugin that fulfills those two requirements seems to be this extremely underated one: https://github.com/KrzysztofKielce/q2a-captcha-antibot I've asked a few people to test it and to send feedback... nobody did. I have to assume it worked because if it hadn't they would have already complained :)

Can you please test it for a while and let me know if it works?
by
I can only agree with your conclusions here pupi... I will install and tryout/test the antibot link you've provided (Thanks btw)  and provide some feedback, in due course.
by
I recently tested q2a-captcha-antibot, q2a-logical-captcha and reCapche, in combination or without the stopforumspam.com API.  I did not keep exact statistics and most tests lasted less than 24 hours.  

The WORST results I got from q2a-captcha-antibot (without the API):  about 19 user (spammers) registrations in 4-5 hours.  

I had high hopes from q2a-logical-captcha but I was not impressed.  

I finally reverted back to reCapcha.  I only had 3 registrations for the entire afternoon.  Maybe it is only out of lack.  If it gets worse, I will add the API again.  

The API had significantly reduced the registrations.  I am just worried it may block legitimate users that happened to obtain an old spammer IP.
by
Excellent and very useful feedback. If you got so many spam registrations when using the q2a-captcha-antibot plugin... then my guess is it must have been bypassed by an OCR (programatically/automatically). This would make the plugin almost useless.

I will take a closer look at this by the beginning of december and most likely get in touch with you to make a few tests (as you seem to be heavily targeted by spammers)
by
reCapcha only: 9 spam registrations in 24 hours.
reCapcha and API: 1 spam registration in 24 hours.
+2 votes
by

I have found a fix. My site went from 5-20 spam posts per day to 0, using the stopforumspam.com API. Basically, when a user tries to register, it checks their IP address against the stopforumspam.com database. In 99% of cases, scammers (at least for my site), were listed as scammers on this site. I wrote the following code to implement stopforumspam automatically. Sorry, it is a bit messy and isn't in plugin form, but it works. Only tested on Q2A 1.7 alpha, but it should work on 1.6.3 and lower too. Please tell me if it doesn't. 

 

Go to qa-include/qa-page-register.php, under FTP in your site files.

Enter the following under this: if (empty($errors)) { Should be line 100-120 depending on Q2A version, just use CTRL+F.

$ipspam = file_get_contents('http://api.stopforumspam.org/api?ip=' . qa_remote_ip_address());
$ipspam = explode(' ', $ipspam);
if ($ipspam[1] == 'yes'){
  exit('This message is shown to scammers, change it to whatever you want');
 }
 
Save it to the live site and you should be done. Create a test account just to make sure it still lets legit users through.
by
Thanks James,

I have written this into qa-include/qa-page-register.php as...

if (empty($errors)) {

                    $ipspam = file_get_contents('http://api.stopforumspam.org/api?ip=' . qa_remote_ip_address());

                    $ipspam = explode(' ', $ipspam);

                if ($ipspam[1] == 'yes'){

                    exit('Sadly, your details are logged on the stopforumspam.org database as a Spammer. Therefore we cannot proceed with your registration.');

            }

Do I need to add an else command to continue from the brace? e.g.

else {

        // register and redirect
                    qa_limits_increment(null, QA_LIMIT_REGISTRATIONS);

                    $userid = qa_create_new_user($inemail, $inpassword, $inhandle);

etc.
by
You shouldn't need to - I think the qa_create_new_user() function call is below this command, so it will run only if the users ip address isn't known for spam. It should work as-is, but please let me know if it doesn't.
by
Thanks for getting back to me. I will add the update to my include folder and and report any issues.

Cheers.
by
Did it work?
...