XF 1.5 Recaptcha and security question as an option request.

Shipside

Member
I wish to have security question and recaptcha.

Lately we have had hundreds of korean spam accounts that have found a way to exploit Recaptcha no captcha.
 

Mike

XenForo developer
Staff member
It would need custom development as we only display one type of CAPTCHA at a time.

In general, I think you get massively diminishing returns from multiple CAPTCHAs. If you think the Q&A would help, then that is probably all you need (at least in the short term, you may need to rotate the questions).
 

rainmotorsports

Well-known member
Already blocked the subnet. We do have korean users.

I'm worried because the mass spam would imply that recaptcha nocaptcha is broken.

You are looking at the problem wrong. Human's are generating very large amounts of spam. They get paid to do it. Sounds crazy right? Captcha's can't keep humans out. We had spam coming from India and Pakistan but only 2 isp's in each country. Plus VPS providers in america. Blocked all of that. I see a spammer once every 6 months now. We haven't had any koreans yet. Maybe 2 false positives a month get moderated.

I don't run a captcha period. It's useless. 99.9% of our machine generated spam was getting blocked by a honeypot addon. Once Xenforo got honeypots we dropped it. We no longer have logs for those potential spammers but trust me they still try. Adding a captcha for us wouldn't make a difference. Our spammers were human.
 

Shipside

Member
You are looking at the problem wrong. Human's are generating very large amounts of spam. They get paid to do it. Sounds crazy right? Captcha's can't keep humans out. We had spam coming from India and Pakistan but only 2 isp's in each country. Plus VPS providers in america. Blocked all of that. I see a spammer once every 6 months now. We haven't had any koreans yet. Maybe 2 false positives a month get moderated.

I don't run a captcha period. It's useless. 99.9% of our machine generated spam was getting blocked by a honeypot addon. Once Xenforo got honeypots we dropped it. We no longer have logs for those potential spammers but trust me they still try. Adding a captcha for us wouldn't make a difference. Our spammers were human.

Any suggested honeypot?
 
Top