Posted by bob_irving on May 30, 2008 at 12:07pm
Well, the spambots found my site. I have set it up so that the admin (me) has to approve all registration, but I am sure that the one attempt from "premier visa" will soon be followed by many others.
Is the CAPTCHA module the best solution for this, or is there another module which would serve better?
Comments
CAPTCHA is good, but you
CAPTCHA is good, but you should look into http://drupal.org/project/recaptcha
Chad
ReCaptcha is good -- If that
ReCaptcha is good -- If that doesn't fully meet your needs, you might want to give Mollom a shot.
Cheers,
Bill
FunnyMonkey
Tools for Teachers
FunnyMonkey
Thanks
I was actually looking at that one, and it seems pretty comprehensive. Just wanted to get some feedback from anyone who has used any of these modules.
Thanks.
I used the standard captcha
I used the standard captcha for quite some time and was never happy with it. recaptcha is quite an improvement. I've heard great things about Mollom but have not tried it yet.
Recaptcha
I just have a soft spot for Recaptcha - it is improving book digitization one word at a time by giving you two words to type in.
Impari Systems, Inc.
http://www.imparisystems.com
Impari Systems, Inc.
http://www.imparisystems.com
What is the best Captcha now ?
Hello,
Do you know what is the best Captcha now ?
Thanks.
The best captcha is no captcha.
Who among us honestly enjoys being faced with a graphic of squiggly. swirly text with lines running through it?
Mollom has been perfect at defeating SPAM for me. www.drupal.org/project/mollom
If Mollom is down [rarely happens] you can choose to have Captcha auto-appear until Mollom returns. In that case I would strongly urge that you use ASCII-ART Captcha; something like this...
_____ | | | | |_| ____| |__ | | | | | |____ | |Where the user enters 42h and moves on.
Just my humble opinion. ;-)
ok... the gdo site reformatted the ascii-art above.. but u get the idea. it uses pipes, underscores, and slashes to contruct graphical representations of characters.
Mollom woohoo
After all this time and the answers to my original post, I finally installed Mollom. I was getting tired of deleting 100+ spam comments a day. Problem solved. Woohoo!
Thanks for all the advice!
RE-captcha, is it easy to pass for "real" visitors ?
Hi,
So for you Mollom is the best solution, .... for large website ?
I haven't tried RE-captcha, is it easy to pass for "real" visitors ?
Any other solution ?
Thanks.
one size fits all
Mollom is good for any sized site.
Re-Captcha turns ppl away
Captcha, Re-Captcha, Foo-captcha, Bar-Captcha [OK, I made the last two up]
Any Captcha is a big red STOP sign that tells your users that you don't really want them to fill out this form or contribute to your site.
Why would any one want to do that?
For any site I build I strongly strongly strongly strongly encourage the client to use Mollom as the first line of defense THEN let MOLLOM decide if it wants to throw a Captcha at a suspicious poster.
I can't say it enough.... Any form of Captcha stands directly against the business model of your site.
Mollom has a design flaw
Mollom classifies comments as ham, spam, or unsure. If your ham comment is classified as "unsure" you are offered Captcha. If your ham comment is classified as "spam" you get zip, nada, nothing. That is a false positive situation and you have no recourse. The site admin can review and report false negatives (spam classifed as ham). Mollom has no mechanism (known to me) to process false positives, and that happens often enough to piss off people who blog.
better than mollom
Yes, I just tried it and it doesn't seem to be the ultimate solution...
You might this thread on
You might this thread on Randy Fay's page interesting - it talks about Mollom
http://randyfay.com/node/69
I have been using Mollom and it let's all sorts of spam thru on the comment forms. I finally turned off comments until I have time to decide what to do.
mollom didn't work for me either
I can't believe so many people are happy with Mollom. I tried it, I found myself reporting so many comments that Mollom started putting up a Captcha on every post. I ended up uninstalling it. I'd be interested to know how the people who say it works deal with all the ad spam that doesn't go to a known Viagra site. I was flooded with it, and I really don't want it!
Captcha pack
Yes, Mollom is not so good.
I will try the captcha pack.
Mollom
I'm surprised to hear so many issues with Mollom - I'm using it on a dozen sites with no issue at all (some of which have had a major issue with spam in the past).
I do know that you have the ability on a per-form basis with Mollom to decide if you want the posts identified as spam to be deleted or marked for manual moderation, and when you then see the link to 'report to Mollom' on a post you can decide if you want to report it as spam or just delete (there are other options as well). I don't know if there is an ability to 'mark as ham' when something has been queued for manual moderation.
Curious to know what sorts of traffic levels those who are having trouble are experiencing - I only have a few pretty high-volume (150,000 page views/month) sites with lots of commenting - and just don't have any of the problems others have reported.
Jason
Jason Pamental
[ @jpamental ]
My sites were pretty small.
My sites were pretty small. Even sites I had not advertised at all were getting almost 100% spam in anonymous comments, anonymous FAQ requests, etc. I think if I were not allowing links it might not have been an issue. People were just using my site for free advertising, and Mollom couldn't tell the difference between a spam link and a legitimate one.
avoid using CAPTCHAs
Why don't avoid to use CAPTCHAs?
http://keypic.com
The best CAPTCHA is no CAPTCHA
CAPTCHA (http://drupal.org/project/captcha), ReCAPTCHA (http://drupal.org/project/recaptcha), and any other flavor of CAPTCHA module including those that ask questions instead of using images/sounds should be avoided like the very plague.
CAPTCHAs of all kinds are inherently inaccessible to various groups of people, and, further, discourage participation even by those who have no disabilities or limitations. [Note that modules that merely hide CAPTCHAs from sighted users, like BOTCHA (http://drupal.org/project/botcha), are still a problem and should be avoided.]
When posting is restricted to known authenticated users, you shouldn't need anything at all.
Otherwise, if actually having spam problems, consider Akismet (http://akismet.com/)—via the AntiSpam module (http://drupal.org/project/antispam)—or Mollom (http://drupal.org/project/mollom) or a similar service. (Mollom still involves CATCHPAs, unfortunately, but only if it can't make a determination based on text analysis and/or user reputation. In practice, though, most legitimate users never see the CATCHPA with Mollom.)
I, too, am surprised by those posting they have had problems with Mollom. My first question would be, how did you have Mollom set up?
Having just looked at my own Mollom settings, I know that jdwalling is incorrect (at least as of the version I'm using) when he says "Mollom has no mechanism (known to me) to process false positives". This is from the Mollom settings for comments on my site:
When text analysis identifies spam: * Automatically discard the post Retain the post for manual moderationFor those who are getting too many spam anonymous comments let through, what are the comments settings for the relevant content type? Specifically, have you selected "Anonymous posters must leave their contact information"? The more content Mollom has, the better it can judge spam vs. ham.
Finally, make sure you don't do any test posts on your site without first enabling testing mode.
(Yes, I know most of the posts in this thread are old, but for those who may stumble across it…)
New captcha
There is a new captcha coming out there. It seems to be very safe. You can check their demo at http://www.megacaptcha.com
Megacaptcha loads complex
Megacaptcha loads complex image, but actually the image name is the answer of the field.
If you inspect element the image you can see the image name is the answer of the captcha code. This is easily been cracked. They have to implement their captcha product with random image name also, as its happening in Mollom.
Maybe that's because it's a demo
Maybe their implementation was made that way because it's only a demo, not a real implementation, and they just want to show the captcha appeareance.
Spam profiles, Daily limits & Mollom
I moderate a site where most of the spam is put into user account profiles. Does anyone have a solution for that?
http://www.listology.com/jwalling/list/spam-patrol
(heyrocker is the site owner. I asked him if he knew of a way to prevent spam in user accounts but he didn't have a solution.)
Another problem we had was, if you use the free Mollom service and you exceed the daily limit, it can cause spam edits/deletions of comments to be blocked. I encountered the problem when I was cleaning up a huge backlog of spam. Now that the spam cleanup is every few days, I haven't been blocked. However, even if I am deleting a spam comment, Mollom invokes Captcha, for no useful purpose. Meh!
Listology is running older modules, so your mileage may differ.
CAPTCHA RIDDLER works perfectly, no need to look for anything
CAPTCHA RIDDLER works perfectly, no need to look for anything else
Hello,
After searchingthe perfect Captcha I found that Captcha Riddler works perfectly and that bots do not guess the secret word often, so I wonder why it is not clearly said anywhere that the Captcha solution for Drupal is CAPTCHA RIDDLER ?
Hope it helps.
User register forms and Capcha Riddler
user_pass post blocked by CAPTCHA module: challenge Riddler (by module riddler), user answered "", but the solution was "earth".
This works good! Riddler is one step ahead of the robot software that creates fake user accounts on my site and tries to add spammy content.
My experience with image and math captcha is that the virus software can get by it, unless you make the image captcha so distorted that it's practically impossible to read.
Drupal 7 ??
I don't understand why Captcha is not available for Drupal 7.x (except in beta).
"At this point, the Drupal 7 version of the CAPTCHA module is under heavy upgrade/development. Not recommended for general use (unless you really, really know what you're doing)."
That's the dev revision but not much info on the beta version, but there's no warning...... :(
I'd have thought CAPTCHA, or something similar, should be part of the core. It is so basically essential to a site's functioning I am thinking that I need to downgrade to Drupal 6.x ... no, that seems insane! What does this situation imply for Drupal more generally? I am WELL confused (again)
Try this:
Try this: http://drupal.org/project/recaptcha
Try this:
Try this: http://drupal.org/project/recaptcha
^_^
Thanks :) my friend. I've taken the leap and installed CAPTCHA beta. Fingers crossed.
I really don't like the tie-in/use of reCAPTCHA, besides which the colour scheme is pretty dire too :P
d7 and captcha
The reason that Drupal does not have captcha in core is the same reason that gmaps, twitter, share-this and other modules are not in core. When some one starts a new Drupal site there's no telling what they are going to do with it. If we put captcha in core many ppl would never disable it and instead use re-captcha, many more would be building a site that doesn't have user generated comments and they would also not be enabling the captcha module anyway.
We try to avoid having things in core than are going to be disabled by such a large number of people. By keeping it in the CONTRIB space, it can have a leaner workflow and the maintainer and the co-maintainers can do as they wish without regard to core release cycles, etc.
It is interesting to note that SOME consideration is being given to removing the basic-page and article and maybe even blog content types from core. I don't know where those decisions are at the moment and I don't believe it will really impact me, but this would be an example of where core would be less the source for modules which would allow users to be more choosy.
So, I agree that captcha is a fundamental and popular feature [& I consider it the #1 annoyance of the web too! lol] but I would not advocate for it to be in core since today any user can grab it or not grab it.
As for the version that is available. I have clients using it and reporting no issues.
^_^
Thanks Doug :) I've installed the beta and'll see how that goes. Did your clients do the same or did they go for the "dangerous" dev revision? Personally I really don't like reCAPTCHA for many reasons, technical and ideological.
The main issue for me with CAPTCHA vs reCAPTCHA (apart from the ugliness of the latter) is that one is linked to an external organisation and the other isn't.
I don't understand this that you wrote;
"If we put captcha in core many ppl would never disable it and instead use re-captcha"
If CAPTCHA was in the core there would be no need to install reCAPTCHA. CAPTCHA has nothing enabled by defalut anyway so there would be no need to uninstall it as a user that didn't want it would never even see it until they found they wanted it. There are several modules in the core that are not-enabled by default ie the user has to enable them, so the same approach could be taken for CAPTCHA.
Why anyone would want to remove the Page and Article content-types is beyond me (almost). It simply makes Drupal less end-users friendly. It is easy enough, even for a newbie, to get rid of or not use those content-types.
You conclude that;
"captcha is a fundamental and popular feature [& I consider it the #1 annoyance of the web too! lol] but I would not advocate for it to be in core since today any user can grab it or not grab it."
Does not that logic apply to many modules in the Core? In fact couldn't most modules in the core be removed following this logic? Perhaps they all could be?
The key for me in this is fundamental utility. There are heaps of modules in the core that in my view could/should be stripped out: Forum, Locale, OpenId, Overlay, etc etc. They are simply building blocks to develop a site (and fine modules they are too!). On the other hand, for a subscriber site, anti-spam and anti-bot structures are ESSENTIAL. That's the difference that stares me in the face. To get my site to work at all (ie not to be drowned in spam) I have to have CAPTCHA at the very least. End of Rant :D
By far the best!
While there are many CAPTCHA solutions out there on the market, the one that does prevent spam, phishing and bots is Confident CAPTCHA. Its secure, intuitive and friction-less for the end user. They are also ran by the top execs in the security space!! Check em out www.confidenttechnologies.com. Its an image based CAPTCHA solution and they also do mobile authentication (see there app in the itunes store confidentnote-its awesome!)
How cho change width or height ?
Hi ! i used to module reCaptchar , so how to change width and height it ? Thanks