• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not planned add QapTcha to the core

Adam Howard

Well-known member
#1
Normal capTcha is easier for bots to read then it is for normal people.

And I'm sorry, but the question & answer option does not exactly play out if you have members who speak & write in different languages and who likely have different keyboard setups.

e vs ё

Is not going to be seen as the same. Not to mention after while those Q&A's need to be changed fairly often.

XenForo needs a more universal & use friendly capTcha option, which also requires less general maintenance.

Info
http://www.myjqueryplugins.com/jquery-plugin/qaptcha
demo
http://demos.myjqueryplugins.com/qaptcha/
live demo on XenForo site
http://www.sociallyuncensored.eu/forums/forums/test-posting.64/create-thread

QapTcha does not depend on flash player, is mobile web friendly, fast, uses no resources, is hosted locally so it's not dependent on an outside source & is CDN compatible. It is also idiot poof in that it is universally understood and is not language dependent. And finally, requires zero effort from an administrative point of view (turn it on and you're done).

There is currently an add-on thanks to @serene which I have been maintaining
http://xenforo.com/community/goto/post?id=621439#post-621439

But this really should be something easily added into the core. :)
 
Last edited:

Mike

XenForo developer
Staff member
#2
It's also not a CAPTCHA as it doesn't provide anything that's particularly hard for a script to defeat. Here's a comment from "Marcus" in January (from here: http://www.myjqueryplugins.com/jquery-plugin/qaptcha)
So what if I have a script that does the following:

1. Get the form page
2. Parse the PHP session id from the response header
3. Post a random number to the server with the session header
4. Post the spam form data + the same random number in the body

Tada... you've got spam.

Simple and nice, but I wouldn't trust this if you risk facing targeted attacks
This works specifically because it's not in the core. Your site and customizations aren't targeted. However, XenForo as a platform, is targeted. This provides marginally more security than the unique key that we have on the form but that's it.
 

Adam Howard

Well-known member
#3
It's also not a CAPTCHA as it doesn't provide anything that's particularly hard for a script to defeat. Here's a comment from "Marcus" in January (from here: http://www.myjqueryplugins.com/jquery-plugin/qaptcha)


This works specifically because it's not in the core. Your site and customizations aren't targeted. However, XenForo as a platform, is targeted. This provides marginally more security than the unique key that we have on the form but that's it.
I'm sure XenForo can come up with an alternative solution which is as simple as point & click (or in this case drag & slide).