Posted: Wed Nov 07, 2012 10:57 am Post subject:
Registering captcha is too damn hard!
Seriously, case-sensitive (when many times the cases are indistinguisable and there are many different mixed fonts) , 8 "hybrid" digits that often overlap, and to boot, on REVERSE order?
I had to try like ten times. I usse this forum to search for CnC mmodding sstuff for months and have wanted to create and account a looong time ago but coudn't because of the overly zealous captcha...
I cannot even begin to imagine how many potential members you would have lost. Seriously, I had basically given up long ago, but today I said "meh, I will try as long as it is necessary, since my mod is on beta stage already and has some neat things; I could even write a tutorial..."
So, how is everyone?
What do you think?
Should the captcha be changed? _________________ Last edited by NimoStar on Wed Nov 07, 2012 1:46 pm; edited 1 time in total QUICK_EDIT
Since it's a one time only, it's imo ok if it's hard. Better than having easy access for thousands of bots raping the forum. _________________ SHP Artist of Twisted Insurrection: Nod buildings
Joined: 22 Nov 2010 Location: Iszkaszentgyorgy, Hungary
Posted: Wed Nov 07, 2012 11:18 am Post subject:
wut captcha? _________________ "If you didn't get angry and mad and frustrated, that means you don't care about the end result, and are doing something wrong." - Greg Kroah-Hartman
=======================
Past C&C projects: Attacque Supérior (2010-2019); Valiant Shades (2019-2021)
=======================
WeiDU mods: Random Graion Tweaks | Graion's Soundsets
Maintainance: Extra Expanded Enhanced Encounters! | BGEESpawn
Contributions: EE Fixpack | Enhanced Edition Trilogy | DSotSC (Trilogy) | UB_IWD | SotSC & a lot more... QUICK_EDIT
Also Known As: banshee_revora (Steam) Joined: 15 Aug 2002 Location: Brazil
Posted: Wed Nov 07, 2012 11:19 am Post subject:
Once in a while I get an email from a desesperate creature who are having troubles to bypass the captcha. It is indeed hard, but it is also hard for bots to spam the forums (which happened daily before the reverse order trick goes online).
PPM is the only forum I've heard of that asks captcha in the reverse order and that really tricks a lot of spam bots on its own. QUICK_EDIT
Also, I understand the nneed to root out bot, but the "reverse order" comment instruction should be bigger, it is a really small unintrusive letters that took a while to notice and read... everybody ignores such minuscule comments in registraation forms thinking it is some unnecesay clarification or legal stuff _________________
I made a class that generates captcha images that coems with a string(the correct word).
Each image takes about 40-50 milliseconds to generate and each image only take 400-500bytes.
Examples:
I hope you agree that these are easy to finish, for humans, and impossible for bots. Last edited by ¥R_M0dd€r on Wed Nov 07, 2012 3:23 pm; edited 2 times in total QUICK_EDIT
Joined: 22 Nov 2010 Location: Iszkaszentgyorgy, Hungary
Posted: Wed Nov 07, 2012 5:38 pm Post subject:
NimoStar wrote:
Isn't recaptcha system enough?
ReCaptcha is a mess. It relies on an external place. If the recaptcha system is down for a reason (or conn issues within PPM and it) then your registration is crapped.
Besides the lines it sends out are total jerky and any ordinary "answer this question in the following format"-typed captchas are more user-friendly while with a good format, achieves as good or even better results. (note, if one ReCaptcha is hacked, all can be hacked via that same way, since system is global) As long as you actually read them and not just fill the form with your usual crap. QUICK_EDIT
Also, it does not seem to be down very often. Also, my registration was crapped anyways because of the current format XD
What you talk about is that sometimes it has as ONE of it's words unreadable script scanned from books and the like, because it uses human input to digitalize it. However as the program doesn't know what is written it will accept any answer on that word. But the other one will be the real captcha.
No, I have heard this "you can kinda skip the booksourced" thingie only now. While a year ago I had to fight against reCaptcha for hours because it always timed out on my response and my download got crapped due to that.
Besides, PPM already has a huge server load, processing reCaptcha wouldn't help on that. I have went throught a discussion like this over the OpenArena forums, where the policy is... hm.... different, and what I have learnt there, it's better to rely on external improvised unique method than crappy annoying ReCaptcha. _________________ "If you didn't get angry and mad and frustrated, that means you don't care about the end result, and are doing something wrong." - Greg Kroah-Hartman
=======================
Past C&C projects: Attacque Supérior (2010-2019); Valiant Shades (2019-2021)
=======================
WeiDU mods: Random Graion Tweaks | Graion's Soundsets
Maintainance: Extra Expanded Enhanced Encounters! | BGEESpawn
Contributions: EE Fixpack | Enhanced Edition Trilogy | DSotSC (Trilogy) | UB_IWD | SotSC & a lot more... QUICK_EDIT
Well, that was rather technical and I don't think spambots are as sophisticated as to use the audio recognition ; it has since been fixed anyways.
You could always skip the booksourced thingy; in fact it would accept anything you wrote into it, since the system is totally oblivious to what may be written there (sometimes even complicated equations, non-western characters, etc.). All those hours were wasted, sorry man . The cake is a lie.
Why?
All major companies use recaptcha. It has no real obvious downsides; it is always up, it is easy to bypass by humans (unless like you believe they absolutely must write the strange gibberish parts, but ... no write "ztype" [not being censored here ] for that "word" and it will accept that otr anything every time), very hard for computers, and it consumes less resources from the site than having it's own captcha. _________________
Joined: 22 Nov 2010 Location: Iszkaszentgyorgy, Hungary
Posted: Wed Nov 07, 2012 7:24 pm Post subject:
Even then, the results were timeouted back the time, and connissues can't be fixed if the connection between the two servers fail.
Also, in PPM, I think server bandwidth is a bigger issue than CPU usage. What you don't seem to understand that it's external. External things have a lot of security issues.
Besides, there are some total other awesome alternative captcha systems like notCaptcha, which is internal, and doesn't consume IMO much neither. _________________ "If you didn't get angry and mad and frustrated, that means you don't care about the end result, and are doing something wrong." - Greg Kroah-Hartman
=======================
Past C&C projects: Attacque Supérior (2010-2019); Valiant Shades (2019-2021)
=======================
WeiDU mods: Random Graion Tweaks | Graion's Soundsets
Maintainance: Extra Expanded Enhanced Encounters! | BGEESpawn
Contributions: EE Fixpack | Enhanced Edition Trilogy | DSotSC (Trilogy) | UB_IWD | SotSC & a lot more... QUICK_EDIT
CAPTCHAs are based on the idea of requesting information that a machine cannot provide.
You have two ways to achieve that:
Ask a question that is syntactically hard to understand for a machine.
Ask a question that is semantically hard to understand for a machine.
The former group is that PPM currently has in place. It's essentially an arms race with spammers: The harder you make a CAPTCHA to parse, the better they make their parsers. The end users end up losing out.
In recent years, semantic CAPTCHAs have gained more popularity. These CAPTCHAs rely on the idea that it doesn't matter if the bot can parse the challenge easily, because it lacks the understanding to solve it.
You may want to try a CAPTCHA like this, filled with screenshots of C&C units. Any person registering here should have no problem identifying an Apocalypse Tank or a Mammoth upside down.
Unless a spambot has been specifically designed to recognize screenshots of upside-down C&C voxels and has a database to name them, no bot should be able to crack it. (Provided there are no systematic flaws in the CAPTCHA code.)
This also frequently works with simple text challenges ("What is the name of the four-legged Mech in Tiberian Sun?") and recognition tasks (one of these things is not like the others...).
So yeah. tl;dr: Instead of making the answer harder to read for everyone, focus on making the question impossible to understand for machines. _________________ #renproj:renegadeprojects.com via Matrix - direct link QUICK_EDIT
In that example it is not that hard, but take into account this:
- The non-caps "l" is a single line.
- "x", as many other letters such as "w", "u", "o", "s", "v", "c", etc. , can't be certainly identified as either caps or non-caps and the captcha is case-sensitive.
- I like to think of me as an inteligent person (my IQ is over 120, at least) and yet it took me tens of tries and months to pass it.
- Banshee states he periodically recieves mails of people that cannot pass it either. And that he knows it is "indeed hard"
- The clarification to write it backwards is outside one's usual area of attention filling the form.
- You have to re-fill your password and re-confirm it every time you fail and try again with a different one.
First two random captchas I get if I try now:
Is that "w" or "W"? Also, is the Q before or after the 2? Take into account we have only one chance...
This one has so many things wrong with it, it is hard where to start. For example, an inexperienced user may doubt if the "first" big 5 or the much smaller 8 is part of the string. Also, "v/V", "0/o/O", "s/S", etc... chances to get everything right are near nil.
Not trying to be snarky... just to help the site to be alive. If it is so hard to register for new users, and take into account many other CnC classic modding sites are dead or dying, the community will not have a long breath.
PD: Also, I support renegade's ideas. It would additionally be awesome if the site asked you to identify classic units, characters, etc. from the series _________________
First CAPTCHA is 7Q278W17 (middle of W is smaller than edges, that only applies to the capital letter, always left edge marks) second is 8YKVS7N0.
Seriously, it's not that hard. You should see more fonts often, then. And yes, the above captchas seems more sane to me than any recaptcha ever will.
Regarding capital/noncapital things, they can be easily identified by their height:width ratio. Capital letters are more taller.
and for lulz thingie... guestposting also needs captcha and as you can see, I could pass it on ease. I dunno how much my IQ is tho. It quite a while ago since I di a test regarding that. QUICK_EDIT
Also Known As: banshee_revora (Steam) Joined: 15 Aug 2002 Location: Brazil
Posted: Thu Nov 08, 2012 12:30 pm Post subject:
NimoStar wrote:
- The clarification to write it backwards is outside one's usual area of attention filling the form.
No way in hell. Look at the picture: The warning is in the best possible position to call people's attention. If people are lazy to read, then it's not my business.
CaptchaReverse.png
Description:
Is there any better position for the reverse warning?
Seeing the CAPTCHA in that screenshot, I have to agree with the OP. What the ztype is everything before 2V? o_O _________________ #renproj:renegadeprojects.com via Matrix - direct link QUICK_EDIT
Joined: 22 Nov 2010 Location: Iszkaszentgyorgy, Hungary
Posted: Thu Nov 08, 2012 10:08 pm Post subject:
Well, tbh to me, the second Jand L merged into a K, then I realized with that it wouldn't be enough on the amount of chars... and since that's the sole thing choppable,I copped that.
And yes, I still think this is ways better than reCaptcha. _________________ "If you didn't get angry and mad and frustrated, that means you don't care about the end result, and are doing something wrong." - Greg Kroah-Hartman
=======================
Past C&C projects: Attacque Supérior (2010-2019); Valiant Shades (2019-2021)
=======================
WeiDU mods: Random Graion Tweaks | Graion's Soundsets
Maintainance: Extra Expanded Enhanced Encounters! | BGEESpawn
Contributions: EE Fixpack | Enhanced Edition Trilogy | DSotSC (Trilogy) | UB_IWD | SotSC & a lot more... QUICK_EDIT
-press f5 to reload captcha
-keep pressing f5 until you find an easy one
-fill out the registration
-done
Hoho, when a person first tries they have no idea it is so hard to get recognized. You have to take into account the registration system must be intuitive since they won't get to read this thread before trying.
And it is the usual thing to fill the form before the captcha (if not, put the captcha at the top)
(the "recaptcha" has a "get another" button without reload as do many other captchas systems, maybe it can be incorporated to this)
The newcomers won't get to read this thread before registering...
PD: Seriously banshee, that screenshot really works to my favor, looks like some arabic writing or what!? xD QUICK_EDIT
Jesus christ man, I find it hilarious people find it so hard to figure out the letters whether caps or not, for that one example the w is clearly SMALL..hint..look at presentation size or if has boldness...
Only unfair bit is that the letters can go sideways over one another (like TJJLHU2V) but typically you note them from the top to arrange the order!
For the record, this captcha aint even hardest I've seen, there is far worse out there that blend the letters into each other without spaces that make you look much more.
Ironically it might be PPM's best IQ test filter at work! QUICK_EDIT
There are times the non-caps letters are actually Bigger than the caps on the captch, since it has a size randomizer apparently, so that "it is big" is not actually that much of an argument.
Also, the fact that there are harder captchas than one that no one can be sure how to properly render is hardly a good thing... _________________
I'd say the captcha is some sort of secret satanic ritual... think about it: Evil? hard? it tortures you? has weird random characters? Swirly red things pointing at stars? and you have to post it on reverse order?
Ok, I am done fooling around, couldn't resist. _________________
As far as I can tell, the code here is THJ2V. But I could only figure that out by carefully reading the whole thread and the "J" which I see is almost completely hidden...
I'm bumping this topic because the difficult captcha is still an issue; especially now that DTA's forums have been relocated to PPM.
Even when people notice that they need to enter the captcha text in reversed order, people often still can't tell the difference between upper case and lower case letters and like shown above, the letters sometimes can't be made out as a letter to begin with.
It would at the very least be an improvement to make the captcha not case-sensitive and possibly also add the option for audio captcha, like many sites do already.
There's also other alternatives such as logic questions and or puzzles (where you have to move 3 puzzle pieces in order to create the shown image).
With the way captcha currently works, many people often fail to enter it multiple times in a row and then give up (usually without even bothering to contact Banshee). _________________ QUICK_EDIT
Also Known As: banshee_revora (Steam) Joined: 15 Aug 2002 Location: Brazil
Posted: Tue Apr 08, 2014 3:40 pm Post subject:
I'm already researching this situation for a while. The current captcha is hard even for me. I've tested Are you a Human at the file downloads and I've heard complaints of people who failed to understand what to do there.
I'll only replace this captcha when I find a solution that can be unique (not widely used, otherwise there will be bots created specifically to beat that) or at least safe.
A real bot invasion here would be a much worse disaster than a hard captcha. QUICK_EDIT
How about just showing an image of tiberium or ore and then asking people to name the mineral? You can then accept multiple answers so that people misspell "tiberium" as "tiberian" or even those who call "tiberium" "ore" (I've seen plenty of them) would be accepted. _________________ QUICK_EDIT
Also Known As: ZivDero Joined: 23 Jul 2013 Location: Russia
Posted: Tue Apr 08, 2014 4:11 pm Post subject:
Have you ever seen the "game" captcha? Easy to do(like put eatable things here and uneatable here) and I believe it's bot-proof. (Unless you can get its code (JS?) to force the done function to pass it)
BTW, what do you mean by Are you a Human? _________________
DarkVen9109 wrote:
What in the name of insanity is this? I FRICKING LOVE THIS LOGICCCC!!!!!!!!!!!!OOOOOOOOHEEAWWWWWWWWWWWYAAAAAAAAAAAAAAAAAWWWWWW PEW PEW PEW PEW BOOM BOOM BOOM!! Nice I love this!!!! Ferriswheel bomb, Dive bomb. New Logic discovered thanks to Kenosis
I imagine it'll at least be far easier for people to get past that "Are you a human" game you just showed than it is for them to get past the current captcha, so replacing the captcha with this would surely be an improvement (even if you intend to replace it with something different later on).
Maybe you could also offer people options so that those who don't understand the game can instead still use captcha or even audio captcha.
Edit:
After trying out a few of those "Am I Human" games it seems that anyone who properly understand English should by able to beat any of those games, but I do see how people that have a harder time understanding English might be unable to understand what is expected of them.
Still, although you're only allowed to make one mistake, for some of the games it's also obvious what to do without even having to read the text, meaning that even people with very bad English will be able to beat those games (while with the current captcha system nobody that knows what "reversed" means will be able to register anyhow and thus would have a higher chance at passing the "Am I Human" games). _________________ QUICK_EDIT
how about a captcha coding contest? We have several software engineers on PPM and it surely isn't that hard to write a small applet.
Then you have your unique captcha and it could be also a PPM personalized one
e.g. something with a modding theme or RTS theme
-a tiny "move your mammoth tank through the labyrinth without hitting the laser fence" would be surely fun _________________ SHP Artist of Twisted Insurrection: Nod buildings
Joined: 10 Dec 2012 Location: I'm too busy conquering the world!
Posted: Tue Apr 08, 2014 11:30 pm Post subject:
Or you can have an objective, destroy 10 Soviet conscript. You have limit 10 ammo and you must dodge the incoming bullets and a timer of 60 seconds! You will be playing as Tanya. *insert Tanya's statement* SHAKE IT BABY! *insert*
It doesn't have to be just 1 game captcha, it can be various captcha.
I heard this before, the best way to counter the bots is with moving image. If it was steady image, it is very easy for bot to just move and click. Moving image makes it harder. _________________ Mod Leader and founder of World Domination
Also Known As: banshee_revora (Steam) Joined: 15 Aug 2002 Location: Brazil
Posted: Tue Apr 08, 2014 11:39 pm Post subject:
Guys, I'm afraid that a solution that uses Adobe Flash might become a problem for certain mobile devices, specially iPhones.
In the other side of the coin, an HTML5 solution relies too much on the client, which might become a complication when you want to hide the data that needs to be transferred to the server to pass the captcha with a dynamic content like a game. QUICK_EDIT
To set the restrictions/conditions is up to you Banshee.
Just say which programming language and what kind of result/output you want (boolean yes/no or some complex encrypted string/datastructure, all up to you). _________________ SHP Artist of Twisted Insurrection: Nod buildings
You cannot post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum You can attach files in this forum You can download files in this forum