Captcha alternatives?

Captcha alternatives?

by Tom Litchfield -
Number of replies: 7

We're using recaptacha option on our self-registration page to minimize spam. However, we discovered after low registrations and user complains that the filling in the wrong captcha or leaving it blank does not generate a warning or error on the page. After clicking Create my new account the page simply reloads and with no indication of a problem (other than not progressing to the next page, but since we work with communities that are not tech savvy it's not obvious to them their registration was not submitted).

The captacha feature hindering registrations and we plan to turn if off, though that means we will have to audit accounts and clean up spam manually.

I would like to know what other Moodle admins have done in this situation to keep spam at bay.



Average of ratings: -
In reply to Tom Litchfield

Re: Captcha alternatives?

by John Okely -

Sorry to be kind of off topic, but looking at your root problem, it sounds like a problem with our support for captcha. If you get time, you could create an issue describing the problem on https://tracker.moodle.org/ so we can fix it.

Average of ratings: -
In reply to John Okely

Re: Captcha alternatives?

by Tom Litchfield -

Yes, I'll do that right now. As soon as I turned off the captcha we started getting fake registrations. Incredible.

Average of ratings: -
In reply to Tom Litchfield

Re: Captcha alternatives?

by John Okely -

Thanks for adding that bug it helps a lot. I've triaged it, adding it to the backlog so eventually it will be worked on. But there's a lot for HQ to do of course so if anyone has any ideas for potential solutions they can put a patch on the issue and we can review it and get it in sooner.

Average of ratings: -
In reply to Tom Litchfield

Re: Captcha alternatives?

by Bret Miller -
Picture of Particularly helpful Moodlers

I have no good user-level suggestions for this. From a programming point of view, CMS systems that support comments seem to have relatively good anti-spam options. Drupal has HoneyPot which has been very successful for us. And WordPress has dozens. AVH First Defense against spam seems to work well for me. Maybe incorporating some of their techniques into a plugin for Moodle would help? Though I'm not sure moodle modules have deep enough access to hook into self-registration pages.

Average of ratings: -
In reply to Tom Litchfield

Re: Captcha alternatives?

by Lucilla Wang -

Frankly I also wanted to know about the same issue. Since these captcha's are generated by google, my users and students cannot even see them, as google doesnot work at my place.

So is there any option that I can incorporate a simple captcha like a 2+2 question, instead of using captcha from google (right now I have disabled it too on my site).

Average of ratings: -
In reply to Lucilla Wang

Re: Captcha alternatives?

by Visti Larsen -

Hi Lucilla,

I don't know where to add it, but this site: https://wisdmlabs.com/blog/add-captcha-custom-form-without-using-plugin/ describes the exact code to make a local math-captcha which changes randomly for each user.

The two sets of code: 

Generate Equation

session_start();
$digit1 = mt_rand(1,20);
$digit2 = mt_rand(1,20);
if( mt_rand(0,1) === 1 ) {
    $math = "$digit1 + $digit2";
    $_SESSION['answer'] = $digit1 + $digit2;
} else {
    $math = "$digit1 - $digit2";
    $_SESSION['answer'] = $digit1 - $digit2;
}

Display Equation

<?php echo $math; ?> = <input name="answer" type="text" />

Validate Equation

<?php
session_start();
if ($_SESSION['answer'] == $_POST['answer'] ) {
    // value entered is correct
}
else {
    // value is incorrect, kindly try again
}
Now we just need someone who knows where to put it! This would be a great solution for those facing problems with captcha.
Average of ratings: -
In reply to Visti Larsen

Re: Captcha alternatives?

by Visti Larsen -

Hi again,

Bouncing around the net I found a very elegant and neat solution, namely a honey-pot. 

https://github.com/ebugnet/moodle-local_projecthoneypot

Its 5 years old, but the plugin works in the latest 3.1 release of moodle and many older versions too.

The readme on the site is slightly outdated. Here's what to do:

Howto :
1/ Create a account : http://www.projecthoneypot.org/
2/ Get a quicklink for your site : http://www.projecthoneypot.org/manage_quicklink.php
3/ Get en apikey : http://www.projecthoneypot.org/httpbl_configure.php 
4/ Install the plugin in the moodle/local directory
In your moodle goto: Admin->Plugins->install plugins and upload+install the zip file from the Github site.
5/ Go to Admin -> Security -> Project Honey Pot, and write your informations on setting page
6/ Activity can be visible in report


Just set it up. Remember to delete any signs of recaptcha from your moodle. You can type: 'captcha' in the admin-search and delete all the api keys from recaptcha.

Good luck!

Average of ratings: -