[Max Taxable]

Originally Posted by Zachery

I had a really long written response for this thread, but I'd really just like to comment on a few things.

Less trouble than trying to answer my earlier questions I guess. I'll re-post them:

Tell me how they're going to defeat all the checks.

1.) The timers: Botnets rely on speed and high volume. Programming even a short delay means potentially a million fewer stabs a week. Delay can't really be programmed, because you have to make it long enough to defeat minimum time, short enough to pass the check for maximum time. No way to know the settings site to site.

2.) False fields - botnets are programmed to put SOMETHING here. And they do. And always will.

3.) Dots, dashes and other punctuation in email usernames - this mod has settings too. How many dots are allowed? Commas? Semicolons, underscores? There is no way to know these settings.

4.) The targeted lists - these are not honeypots. These are lists of guaranteed known bad user agent strings and hostnames. Not IP addresses.

So please. How are these genius spam purveyors going to defeat all of these checks? Specifically.

esp if they're stagnant (not evolving, not pushing forward).

You just defined recaptcha. The "new" part of it is, a checkbox. Big whoopie. The native vB checkbox was defeated long ago as are all the ones used by yahoo, hotmail, and others. This is about five years behind.

The key to stopping spam is many booby traps. Not just one "magic bullet" that doesn't exist anyway.

[kh99]

I think you guys actually agree that multiple methods is the right idea, that way all sites aren't using exactly the same setup.

The "new" part of it is, a checkbox. Big whoopie. The native vB checkbox was defeated long ago as are all the ones used by yahoo, hotmail, and others. This is about five years behind.

It's actually not just a checkbox. In fact I believe the checkbox isn't something to help defeat bots, but something to make it less annoying for users. The claim is that it will somehow recognize real people so that most of the time they will only have to check the box. But in any case it will be interesting to see if the new recaptcha actually works. If a user doesn't have js then it still falls back to just showing an image, so I don't know how that's different than the old one, because obviously bots aren't going to run the js part to help it work better. (There may be differences that I don't understand - I'm not an expert on how it all works).

[Max Taxable]

Originally Posted by kh99

I think you guys actually agree that multiple methods is the right idea, that way all sites aren't using exactly the same setup.



It's actually not just a checkbox. In fact I believe the checkbox isn't something to help defeat bots, but something to make it less annoying for users. The claim is that it will somehow recognize real people so that most of the time they will only have to check the box. But in any case it will be interesting to see if the new recaptcha actually works. If a user doesn't have js then it still falls back to just showing an image, so I don't know how that's different than the old one, because obviously bots aren't going to run the js part to help it work better. (There may be differences that I don't understand - I'm not an expert on how it all works).

We'll know if it works when we start seeing less spammer email addresses from gmail, right? Since presumably, google itself is now using this "new" captcha.

[CAG CheechDogg]

It's the exact same thing as the old recaptcha ..only difference is that you have the box to check first where it says "Im not a robot" and it has the check box ...then you still have to verify the two word phrase just like the old one ....you can also do an audio one ....

[Zachery]

Originally Posted by CAG CheechDogg

It's the exact same thing as the old recaptcha ..only difference is that you have the box to check first where it says "Im not a robot" and it has the check box ...then you still have to verify the two word phrase just like the old one ....you can also do an audio one ....

The audio bit has been there before. There is stuff going on behind the scenes when you check the checkbox. It appears to rely on a lot more javascript which is a lot harder for bots to deal with.

[CAG CheechDogg]

Originally Posted by Zachery

The audio bit has been there before. There is stuff going on behind the scenes when you check the checkbox. It appears to rely on a lot more javascript which is a lot harder for bots to deal with.

I never said the audio was not there before...I guess I should of said that it has an audio default widget to use instead of the image one ...



And I never said anything negative about recaptcha, on the contrary I swear by recaptcha as it has never let me down in the past ... I know exactly how "people" not "bots" have "cracked" recaptcha and I will continue to support and approve the use of recaptcha and recommend it's use to all my customers when I build them websites and they need some type of human verification ...heck ..its the only one I use lol ..

[Phillip]

Originally Posted by kh99

OK, I've posted a version here: http://www.vbulletin.org/forum/showthread.php?t=315960 but it's for vb4. I was part way through working on this in vb4 before I realized that the original request was for vb3. But vb3 looks to be the same except for the template, so I'll just need to work on that and I should be able to have a version later today.

Meanwhile if anyone wants to try out the vb4 version, let me know how it goes.

About to install this on my forum. Nice work with it, kh99.