Removing the dreaded reCAPTCHA during login

@LostNBios

I just noticed the “reCAPTCHA” during login on a private browser.

When was this feature added and can it be disabled? I usually only see these when you’re a new user trying to register a new account.

Can you remove this? It adds another minute of unnecessary time proving you’re not a bot just to login and post/reply to a comment.

Also I’ve seen reCAPTCHA cause issues on older browser versions so it’s a matter of time when it will no longer work or load correctly and then the user is locked out from logging in to the site.

Hope that made sense.

@XPLives - plutomaniac would have to answer this, but I doubt he would want to remove due to it helps to stop the spammers

@Lost_N_BIOS
How does this stop spammers? You have to put this during the newly created account registration process to prevent more fake user accounts being created in the first place with bots.

If you’re already a registered user you should be able to login with just the username and password and not deal with Recaptcha.

Or worst case add Recaptcha not during login but during the posting attempt only. So new users have have posted 10 messages or less will be required to use Recaptcha. Any user who has posted more than 10 messages and has not had a ban or red flag can post without Recaptcha issue.

And since you are moderator you can flag any potential users who have 10+ posted without issue but then begin to spam the site to force them into “Recaptcha Hell” per post for disobedience. :slight_smile:

Then all regular “Good” users will not be suffering for these spammers.

@XPLives - Ohh yeah, I guess that does make sense. It may work that way too, if you are a user already and have stored cookie (or are not using private browsing)? I’m not sure, did you check that without private mode?

@LostNBIOS
Regular Browsing Cookie Mode I believe does not ask for ReCaptcha maybe due to a stored Win-Raid cookie. But I frequently trash and purge all cookies since I run the browser off a Ramdrive so it would be gone anyways after I reboot or shutdown. But I have only used private browsing before I became a user on Win-Raid years ago and only recently saw this Recaptcha nightmare pop up on this site. Private Browsing avoids the tracking data that sites with cookies use. For example if you use Youtube and watch videos with subject "X". After awhile they will show you suggested videos based on "X". So any time you return they will use the cookie to pinpoint you again and what you liked. In private browsing they never give you targeted videos based on your previous watched videos. Again this is similar to our Paypal situation where you want to get paid but not give out certain information. :wink: Only Amazon Gift Cards can work for us kind of issue to get around revealing too much just like private browsing does to avoid the cookie tracking monster.

If I remember right that were existing accounts, not new accounts. Possibly members which used same username/ password combination for many services.

I don’t like the reCAPTCHA either, normally having blocked google scripts and cookies in µMatrix, but I see the sense in this with this amount of user/pwd combinations floating around!

@lfb6

If I remember right that were existing accounts, not new accounts. Possibly members which used same username/ password combination for many services.

I don’t like the reCAPTCHA either, normally having blocked google scripts and cookies in µMatrix, but I see the sense in this with this amount of user/pwd combinations floating around!



That is why I proposed Recaptcha use as follows:

Not during the login but during the posting attempt only.
New users have have posted 10 messages or less will be required to use Recaptcha to post.
Any user who has posted more than 10 messages and has not had a ban or a red flag can post without needing Recaptcha.

Any user who has 10+ posted without issue but then begin to spam the site will be flagged into “Recaptcha Hell” per post for disobedience. :slight_smile:
The user should then appeal to the moderator to have this flag lifted. If this was a bot they would not appeal and be stuck in “Recaptcha Hell” for eternity making their account neutered.

All “Good” users will no longer be suffering for these spammers.

@XPLives Well, that’s just as it seems to have happened: User with more than 10 posts with leaked account data were posting.

Would require the admins to remove the posts, and to flag the user. That’s actually what happened: These users weren’t flaged, but removed, the posts were removed. So same amount of work as with your proposal…

reCAPTCHA is enabled for registration, login and new thread creation. It will stay as it is because it helps alleviate mod/admin workload and results in a cleaner site. It should never be a problem for normal activity. And no, RAM drives and ancient OS/browser versions are not normal activity. For the posts, there is already a limited set of rights for newly registered members which seems to be working so far.

@lfb6



I’m not sure what you mean by leaked account data. Are you saying some users with legitimate accounts and not bots were hijacked and someone else posted spam using their account?

No such thing happened. Noone got hijacked. There was an increase in bots and recently the emergence of some human (probably) PM spammers who were dealt using the new limited rights upon registration.

@plutomaniac



The private browser functionality is a feature found in modern browsers such as FireFox and Chrome. People using a computer at a library are probably using this as the default setting or at a webcafe where security and privacy is paramount. Ramdrives are also used in Windows 10 so has no bearing and many who don’t want to wear down their SSDs are storing their temp and browser cache folder on their Ramdrive. Ram has dropped in price and people are equipping their systems with 64GB-128GB these days so there is no reason not to use one.

I see no issue with forcing the reCAPTCHA during the creation of a new account. - ACCEPTABLE
I see no issue with forcing the reCAPTCHA during the creation of a new thread. - ACCEPTABLE
I see no benefit of forcing the reCAPTCHA during the login of the account. I’ve never seen this on any other site I’ve logged into except this one.

I recommend removing the reCAPTCHA for just the login. But enforce the reCATPCHA for posting only. Any senior or valued members we can remove this reCAPTCHA flag for posting requirement. Let’s say this list is around 50-100 users and wouldn’t take too long for a moderator to do. Everyone else is assumed reCAPTCHA required per post. If LostNBIOS or other moderators do not want to do this or if you need someone to do this I probably could figure this out if given the permission.

Another flag you can set is if any new user has been registered for 3 years or longer to remove the reCAPTCHA per post flag automatically if they’ve posted at least 100 times with reCAPTCHA. That should weed out any inactive bot accounts being created in mass for a rude awakening ambush.

If this influx of bot spammers is the result of driving too much traffic to this site I’ve seen this addressed at other sites before.

The main issue is post spamming created by bots. Just like any other site humans can spam as well so the moderator is still going to be forced to delete a user’s account in that situation.

Perhaps to relieve the burden onto any moderators from this time forward to employ some kind of paypal donation of $1 for each new member to create an account. 30 cents usually goes to Paypal’s pocket and 70 cents to Win-Raid. This should deter a bot spammer who doesn’t want to spend any money. If they do spam at least you were given money for wasting your time removing their posts. And since you now have their paypal address you can make sure to block that user from creating a new account using that same paypal e-mail account. A blacklisted Paypal e-mail address list could be generated to prevent these users from making an account.

Or you could use this Paypal Blacklist for profit and force the blacklisted paypal e-mail address donation to be $5 for making the account again. They misbehave you delete their account.

They make a new account again the minimum donation to create a new account is $10. And each successive deleted account and recreation doubles in the paypal price donation to join. $20, $40, $80, $160, $320, $640 … That’ll get them to stop or if they are rich then let the chump change roll in.

In the end these damn bot spammers will no longer want to create any more accounts unless they pay the piper each time. And Paypal limits each person to 2 accounts max with one personal and one business and must verify identity so this makes it tougher for them to create hundreds of paypal accounts to spam. So either block these blacklisted paypal accounts to stop the spamming from the start or allow them to create new accounts with impunity and profit from their futility.

This becomes a win-win situation. It prevents future bot spamming accounts and Win-Raid, Fernando, Plutomaniac, and LostNBIOS profit off their foolishness if they wish to open up their wallets. If we get enough bot spamming account donations we can then use that donation to hire a dedicated spam moderator for this task. Plutomaniac, Fernando, and LostNBIOS would never have to deal with this.

Problem solved and all good senior and valued members aren’t harmed or inconvenienced.

The forum software is developed and controlled by Xobor so I operate based on the options, functionality & abilities afforded by them. There is no functionality even similar to what you suggest and I’ve currently already done the maximum to separate brand new users from “older” ones.

The forum is free and will not require a subscription of any sorts under my management.

I can consider testing the disablement of the reCAPTCHA during login if enough people are having actual problems with it.


I also use ramdrive and private browsing. I would prefer to avoid allowing google IPs connection (and related scripts) for a simple login, besides wasting time solving the reCaptcha.

@plutomaniac


I appreciate your response and your reasons explained due to the limitations of Xobor. In one regard a blessing in disguise - easy to use interface from a user standpoint - why I liked this forum. In the other regard - lack of flexibility and feature set making it terrible for moderating.

I ran a BBS - Bulletin Board System a long time ago as a SysOp - System Operator. This was pre-internet World Wide Website days as we know of today. A SysOp is similar to you Plutomaniac or Fernando who had God mode account access when the BBS were for dial up modems rather than ethernet or Wi-Fi. However, the interface used ASCII text and was very simple but not graphical. The BBS software allowed a lot of flexibility to set flags on user accounts. It’s been so long ago I’ve forgotten the syntax but it was similar to this.

To access say the [F]orum menu you would hit letter F on the keyboard.
Under the F key you would add permissions like If Level >=50 then Goto Forum.
If Level <50 then Message “You do not have access”. So if you identify certain users are bot spammers you just lower their access level it prevents them from even entering the Forums themselves so they can’t even attempt to Post/Reply in them but only view. You could probably block Private Messages by assigning it an access level of 50. Again this isn’t the exact syntax but similar from my memory as it’s been since the early 1990s when I’ve used the BBS software but it was quite powerful it seems compared to Xobor.

Although, my intent was not making this forum into a subscription based system as you stated which you misunderstood. I am not a fan of subscription based websites. People are not constantly paying $1-$640 dollar every month. It is only at the creation of the new account. And the only way to increase the Paypal payment penalty would be if the software could identify former blacklisted paypal e-mail addresses automatically and increase the paypal payment value each time they created a new Win-Raid account. I’m suggesting all future new users be required to submit $1 to create the account to simplify it. In fact you could make it much less like $0.31 the minimum for a paypal payment as it’s not about charging the user to join Win-Raid. Paypal takes 30 cents minimum cut no matter what. But in the past you could send 1 penny to someone which would be cheaper. If 1 cent could be done instead when creating the new Win-Raid account this is fine as well and if you wished you could later refund the 0.01 back after the Win-Raid account was created. It’s not about profiting off of new Win-Raid users but hurting / preventing the bot spammers from easily making new accounts again to cause moderators to waste time to remove their account. This might be outside of what XOBOR’s feature set. If you have the manual for Xobor maybe I can read the manual and understand how this software works and let you know if there is another way to stop bot spammers in some other fashion within the system.

You just need a way to stop someone using another paypal e-mail to create an account. Paypal usually limits people to 2 paypal accounts. If they do not have a paypal email account they cannot register for a Win-Raid account is the idea. All former and current Win-Raid users will not be affected so this would force any of the previously registered users to make a new Win-Raid account using their paypal e-mail address but only new future accounts. So any potential current users that have been identified as a bot spammer are put into a paypal e-mail blacklist. In order for that bot spammer to create a new account, it would require a paypal email address and $0.31 or if you prefer a $0.01 payment to create the new account. This would be the minimum payment just to stop the spam bots or at least isolate them from creating new account if you so choose.

Once you have their paypal e-mail address from a confirmed $0.31 or $0.01 payment you could set up a system where you catalog them into a paypal e-mail blacklist. If their account gets deleted too many times and they recreate a new account with the same paypal e-mail address and a new $0.31 or $0.01 payment then you could choose to accept the payment from the bot spammer or add a message sorry you cannot register a new account if Xobor identifies the paypal e-mail address as a blacklisted one.

Again for simplicity if there is no way to make the Xobor software increase the Paypal payment during a new Win-Raid account if it recognizes it as a deleted bot spammer Paypal e-mail address.


Option 2: [No Paypal $0.01 payment during creation of new Win-Raid account method]
Remove ReCaptcha from the login process entirely.

Add ReCaptcha feature to appear only during:
Creating of a new thread
Replying to a post
Private Message to another User

This is assuming these are the only things a bot spammer can do that hurts Win-Raid moderators. However if it’s possible you could make the ReCaptcha pop up once for every 3rd message instead of every message attempt for the first 50 messages created. And over time the ReCaptcha pop up could go up to every 5th message for the next 50 messages. Then for 100 messages or more posted the ReCaptcha pop up will pop up every 10th message. Eventually ReCapatcha will pop up less and less as the user continues to post. At 500 messages or more you could set ReCaptcha pop up for every 25th message posted. For all valued and senior users you could remove the ReCaptcha flag completely on those user accounts so they never see the ReCaptcha pop up.


Option 3: [Adding a Report spam button for users to avoid moderator babysitting]
Remove ReCaptcha from the login process entirely.

Disabled Private Message to another User option unless the user has posted at least 25 forum messages.

New accounts cannot report spam until they have posted at least 25 forum messages.

Either 50 total regular users hit the report spam button to hide the post automatically for moderator review.
Or 10 total valued Elite users or ones with good standing accounts of at least 3 years can report a post automatically for moderator review.

This does not require a moderator to do anything and allows the Win-Raid members to offset some of the load identifying the spam posts. However if the human poster whose post was considered spam and was incorrectly labeled as such wants to appeal to have the post reinstated they can contact the moderator. A spam bot will not attempt a moderator appeal.