Why You Should Stop Using CAPTCHAs: http://webdesignledger.com/tips/why-you-should-stop-using-captchas
Why you should never use a CAPTCHA: http://www.onlineaspect.com/2010/07/02/why-you-should-never-use-a-captcha/
Are We Still Using CAPTCHAs to Stop Form Spam?: http://www.distilnetworks.com/captchas-to-stop-form-spam/
Please stop using CAPTCHA and find an effective way to prevent inappropriate posting on Moodle.org forums.
I agree. Instead, why not use something that really requires some intelligence, like solving a puzzle. These captcha things make it difficult for some people with vision issues resulting from fluorescent lighting on old monitors. How in the heck are you supposed to figure some of them out? Seriously I think you have to be on drugs to figure out some of them! I have lost like pages of text I was typing due to captcha keep giving me pictures I could not solve! And I guess my way of dealing with this issue is to reply less often here due to the work required to get through the front gate!
I've never seen CAPTCHA on moodle.org. Where does one encounter it?
I got it several times today just by adding <pre></pre> tags and pasting in some php code while viewing this input window in HTML view.
Ben, try editing your profile. May come up then.
-Derekj
Well, I'm a failed spammer. I just added a line to my profile, complete with unintentional typo, and was not challenged. Clearly, you all are enemies of the state, whereas I am a beloved.
Admittedly, I didn't try to add js to my profile.
NOT sticking my tongue out until I get the CAPTCHA cold.
See this thread: https://moodle.org/mod/forum/discuss.php?d=267093
Hopefully it is only temporary. (And it only happens to people where the heursistics make CloudFlare think they might possibly be spammers. I have not been chanllenged yet.)
Thanks Tim
I guess spammers must think Moodlers are rich and gullible :/
Haven't sysadmins ideas on forum spam prevention changed since the late 90s? Why not just flag new user accounts that may be suspect for inspection, e.g. from known spam IP addresses or with suspect email names, monitor their posts, and block them if they spam?
There are directory services: http://www.stopforumspam.com/ and http://akismet.com/
And lots of free and open source projects: https://github.com/search?utf8=%E2%9C%93&q=stop+forum+spam
Still though, the issue is captcha and how frustrating it is to use. Regardless if they have to turn some extra thing on to keep spam bots away or off, the issue is user frustration.
There are many alternatives. Some which require very little in the way of programming. Some are visual little games you "play" which are actually fun, and you know what they are doing and it's okay because you're able to figure it out, whereas a spam bot doesn't have the ability.
Replacing Captcha should be an inevitable goal for Moodle, in my opinion. Food for the thought can be found all over the internet, here I pick a random 1 out of about 20 links I have on captcha replacements or alternatives.
Haven't sysadmins ideas on forum spam prevention changed since the late 90s? Why not just flag new user accounts that may be suspect for inspection, e.g. from known spam IP addresses or with suspect email names, monitor their posts, and block them if they spam?Yes they have - and at the same pace, spammers fight against the different heuristics which are put in place.
On moodle.org, we've been fighting that battle for years and up until the last few weeks the 'flag to a moderator' plus blocking excessive links on initial posts was working relatively effectively. But in the last two weeks we've been fighting an influx which has been keeping the site moderators busy and causing great distress to our Spanish Moodle community, causing some community members unsubscribe out of frustration.
We would love to implement more elegant spam-fighting solutions but the fact is that it takes engineering effort and its a constant battle - you combat one style of spam and it makes its way through in another way. Rightly in my view, we're spending most of our engineering effort on making Moodle better rather than fighting the spammers - so it takes time to implement these spam-prevention solutions.
So one option we had in our arsenal which would be immediate, push button solution without engineering time was turning on some cloudflare features which are designed to help - its a push-button solution which had a chance of helping our Spanish community immediately. The jurys out on whether its done much good, but thats how we got there.
tl;dr good, fast, cheap - pick two
I do not hear-any other options than a push-button-solution at the mo!
Long-term, maybe plan B-that is me done-you will pleased to hear!
Dawn
Dawn,
Quick and easy test for you:
The man couldn't lift his son because he was so heavy. Who was heavy?
Choose:
Oh please, are you getting all Joseph Heller on me! Or, I am in other words, in trouble!
either way-great read!
D
Just pick a number 1 or 2.
BTW, this is a simple test to distinguish between artificial intelligence and human intelligence.
Here's some more:
A. Joan made sure to thank Susan for all the help she had received. Who had received help?
B. Paul tried to call George on the phone, but he wasn't available. Who wasn't available?
C. The lawyer asked the witness a question, but he was reluctant to repeat it. Who was reluctant to repeat the question?
Ambiguous pronouns are really a test for spammers? I think I fell asleep at a crucial point.
Matt, what am I missing? Actually, I don't think these are all that ambiguous.
Re: "Ambiguous pronouns are really a test for spammers?" -- For spambots, yes. The most advanced AI so far can't get them right.
Also, questions like "Can a crocodile run a steeplechase?" are easy for humans to answer but impossible for machines.
The reason is simple; machines can't interpret pragmatic meaning. Chimpanzees are way smarter than the most advanced AI and they can't do it either.
pronouns, grammar....pragmatism....there will be algorithms in the future-I am sure/I hope
Dawn
'Woke up this morning and someone knocked my door! Twas the Scarlet Pimpernel ha ha!'
"I guess spammers must think Moodlers are rich and gullible :/"
Spammers don't do a great deal of thinking, they are mostly spending their time spamming
Re: "Most humans couldn't either. That question assumes you speak English AND know what a steeplechase is." -- Good point, and doing translations for all the questions in all languages would be quite a task, and may not work in some languages. It relies on the language not having any syntactic markers to indicate which person "he" or "she" is.
I have a visual CAPTCHA on my Wordress but it's still based on a language, i.e. the instructions are in English: http://blog.matbury.com/wp-login.php
So some kind of task that requires pragmatic knowledge but doesn't rely on any languages. Mmm... difficult.
The slider and hidden form field ideas look good: http://www.experiencesolutions.co.uk/blog/2014/03/19/5-alternatives-to-captcha-that-wont-baffle-or-frustrate-users/ Thanks for the link, Perry!
There' s one on an exam site I go on and you have to do a little sum at random
5 + 3 =
6 - 2 =
and so on. I presume this means the bots can't do sums? I like it because it is easy for humans (my level of maths!) and isn't language dependent.
Still pretty easy for a bot. All it takes is whoever is running the bot to code in that it will need to read a particular line of text and calculate the answer.
The best way to do it is to have a set of random questions. Some mathematical, some not, that way if they want to beat it they have to program in a lot more and probably won't bother.
Since this is a Moodle site, you could even use Quiz questions and Answers to generate a massive set of possibles for your captcha.
OK, part of this story is true and the rest well....But might there be implications here (of the spurious sort?)
We are on the Star Ship Enterprise. The biometric cashless catering system means that we are not able to use cash at any of the catering outlets on board. Instead we need to be registered on the system by those in charge taking biometric information from our thumb. It is not a thumb print; the info is recorded via an algorithm. You see, by not carrying cash-then those in charge think there will be less of a kerfuffle in losing money/or peeps taking your money off you-so loss/theft. This is of course, an opt in policy. You need to complete a form to be able to use this latest technology. If you choose not to, but still wish to purchase the eel's eyes-cake in deli 2 on the flight-deck then a 4 digit pin will be allocated. If you wish to bring cash and travel to another planet to spend it in their outlets then that is fine.
:0D
I had recently to use this one, easy and not too obstrusive: https://www.drupal.org/project/draggable_captcha
But maybe not accessible?
I like that one-a winner so far perhaps-accessible-as in for keyboard phones...mmmm....I suppose, not to sound like I am on the band-wagon, but touch screen-pragmatics-and on.....needs to be a primary consideration for M learning-in the Moodle context. Biometrics is the way-trust me he he.
Hi Nicholas,
Yes, drag'n'drop activities often require people to use a mouse or mouse pad. Some able-bodied people can find this difficult. Drag'n'drop is essentially a graphical representation of multiple choice, i.e. check/select the correct option(s), and preferred by IDs because then they can say that their tests are graphical, multimedia, and interactive.
Does anyone know how well these JS drag'n'drop tests work with accessibility tools? It certainly seems possible but how well is accessibility implemented?
Accessible Drag and Drop Using WAI-ARIA: http://dev.opera.com/articles/accessible-drag-and-drop/
Accessibility & Native Drag and Drop: http://html5doctor.com/accessibility-native-drag-and-drop/
Also, you could see how being repeatedly required to perform one of these drag'n'drop challenges could quickly get annoying.
It may just be simpler, quicker, and more effective to have multiple choice check boxes.
Personally, I prefer invisible measures that require no intervention on the part of the user, e.g. the hidden form field "honeypot" solution, suggested earlier.
you catch more flies with honey!
Thanks, Tim. I gather Cloudflare hosts moodle.org? I did not know that, and so callously deleted Helen's message
Hello all,
@ Tim
'it only happens to people where the heursistics make CloudFlare think they might possibly be spammers'
AGREE-this is to all reading: there is no drama-but-the code needs its own captcha (ergo-tighter/change/update-I could be wrong)
Dawn
Maybe turning back down the captcha security and adding a honeypot would help:
