Incorrect phpBB registration confirmation (nospam) questions

Technical issues regarding this web forum.

Incorrect phpBB registration confirmation (nospam) questions

Postby a4746570 » Tue Sep 20, 2011 1:40 pm

Just registered so I could post on a different thread and thought I'd note:

Two of the "confirmation of registration" spam deterrent questions at the bottom of the registration page are incorrect. I see that it cycles through a few different questions, so these are the two that are wrong:

Question 1: Is today [day of the week]?
In my case, it asked me if today was Monday, but I see that it cycles through different days. I answered "No." because it is not Monday, and it told me that answer was incorrect.

Question 2: Which weighs more, (A) a pound of feathers or (B) a pound of gold? Answer A or B.:
The answer is that both weigh the same (a pound). Per the instructions, and in order to get myself registered after failing to answer the first question "correctly," I answered "A" -- but it seems silly to instruct people to purposely answer a question wrong.

These questions seem cute, but I think a normal CAPTCHA might work a lot better. In my case it was annoying enough of a registration process that I typed up this whole issue. Just thought you should know.
a4746570
 

Re: Incorrect phpBB registration confirmation (nospam) quest

Postby cbaker_admin » Tue Sep 20, 2011 3:47 pm

Thanks for the input. The reason for the seemingly innocuous questions are an attempt to prevent spambots from registering. In the past, I relied on different CAPTCHA schemes, but they proved to be woefully inadequate. It seems all the easier CAPTCHAs have been cracked by the bots and the more difficult ones are too convoluted for most humans to decipher. Before switching from CAPTCHA validation to Q&A, I was getting dozens of spam registrations per day. Now I rarely get any at all.

As for the validation questions, I purposely set it up to accept any reasonable answer. For example, "Is today Monday?" should accept the answers "Yes", "No", "yes", or "no" as correct (irrespective of whether today is an actual Monday or not). "Which weighs more, (A) a pound of feathers or (B) a pound of gold? Answer A or B." accepts either "A", "B", or "Neither" (case insensitive) as a correct answer *.

In your case, the answers you supplied (i.e., "No" for "Is today Monday?") should have been accepted as correct. Are you certain there were no ending spaces or other characters in your answer? If so, I may have a problem with the way the spam countermeasure mod works.

* Note: Technically speaking, a pound of feathers weighs more than a pound of gold. Feathers (and most other things) are weighed in avoirdupois pounds. Precious metals are weighed in troy pounds.

  • 1 lb avoirdupois = 16 avoirdupois ounces * ~28.35 grams/ounce = ~453.6 grams.
  • 1 lb troy = 12 troy ounces * 31.1 grams/ounce = ~373.2 grams.

So, a pound of feathers weighs about 80 grams more than a pound of gold!
cbaker_admin
Site Admin
 
Posts: 4549
Joined: Sun Nov 27, 2005 10:51 pm
Location: Glendale, AZ USA

Re: Incorrect phpBB registration confirmation (nospam) quest

Postby a4746570 » Wed Sep 21, 2011 4:38 pm

Ah. For the question on the day of the week, I think I wrote "No." (with a period), so that's probably why.

On the weight question, I think I wrote "They both weigh the same."

Honestly, I thought it was a trick question (this exact question shows up in riddle books all the time) and since it was the first question I saw, I didn't realize it was looking for one of a set of specific characters (A, B, Neither). It's an interesting question (especially since I didn't know about avoirdupois pounds!) but I think you should restrict those questions to ones in which the answers are REALLY clear.

On other sites that have used this kind of thing, variations on this type of spam deterrent have looked like:

What's the third word in this series? feather gold autumn sky
What is 2 + 1? [used with a field that can only accept a single character]

That might be better than a question that looks like it requires some kind of specific knowledge/calculation -- even if, on the back end, you're accepting any response, both right ones and wrong ones.

I'm not sure if phpBB permits this kind of spam check, but you might also look into honeypots (e.g. here's one for WordPress: https://wordpress.org/extend/plugins/spam-honeypot/ ) which puts the burden on spammers rather than regular people.
a4746570
 


Return to Forum Support (not extension related)

Who is online

Users browsing this forum: No registered users and 1 guest

cron