Support ⇒ Troubleshootings :: Archives ⇒ drop-dead, gotta-have, non-negotiable, dealbreaker feature :: Archived (page 2) ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexTroubleshootings

Archived ⇒ drop-dead, gotta-have, non-negotiable, dealbreaker feature


One aspect that may help - in the past 2 weeks the revamped flood system on one of my sites has trapped about a dozen obvious spam bots. I'm using "loose" settings and not allowing automatic reset.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


NanoCaiordo wrote
sec code on for anonymous and off for users? then anonymous can register to spam your site, registration are normally free and can be done in less then 30 seconds.


I have yet to see any of these spammer/spambots do so. While it may be technically possible, doesn't seem to be out in the wild - at least not in a way that's affecting me. So, the feature would be a huge help for me now, it might be a long time or never before that kind of sophistication reaches the nuisance level the "stupid" bots are for me now.

DJ Maze wrote
Depends on the kind of bot.
You can easily write a bot that submits a login or fake a login cookie.
There are even bots that can decode a CAPTCHA.
What bots still can't is decode audio easily.


Again, I don't know that I've seen bots attacking Dragonfly in that way. Captchas aren't perfect, but they do help. An 80% solution (and I suspect it's currently better than even that) is still worthwhile. Especially since adding this wouldn't be a lot of coding, the feature's already mostly in place.

Phoenix wrote
One aspect that may help - in the past 2 weeks the revamped flood system on one of my sites has trapped about a dozen obvious spam bots. I'm using "loose" settings and not allowing automatic reset.


I've had really bad luck with the flood control. Last time I used it, it locked out quite a few of my regular, legitimate users (and quite "normal", in that they weren't doing anything fancy or spastic). I realize it's been worked on quite a bit since then, but I'm a little gunshy of it.

I don't think it would help in any case, because the bots just come by, do a GET and a POST, and disappear. They don't usually post excessively or do anything that I'd expect would trigger the flood protection. They do seem to check to see that the post stays up though. If it's deleted, the same post will reappear relatively quickly. I don't know if it's because it's already scheduled to post at some rate, and I'm just removing them before it swings around for another pass, or if the botnet is checking the post as a sort of heartbeat.

Being able to have capchas on for guest posting, and off for registered would help a lot with my problems, I think. Sounds like at least a few others have a similiar need...

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS


I guess you misunderstood me grue - I was just saying that the revised flood system works much better, and with options, and it does nail some of the bots. The only total cure for them is elimination of guest posts.

I'm not arguing against captcha, just saying that there are extra things you can do to help. You need to adopt as many options as you can, not just hang your hat on one.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Phoenix wrote
I guess you misunderstood me grue - I was just saying that the revised flood system works much better, and with options, and it does nail some of the bots. The only total cure for them is elimination of guest posts.

I'm not arguing against captcha, just saying that there are extra things you can do to help. You need to adopt as many options as you can, not just hang your hat on one.


Ah, no - I guess we agree violently with each other on that point. Defense-in-depth is always a desirable stance. I was only rebutting your point because my particular pain point won't trigger flood protection.

You're right about giving up guest posts being the only total cure (especially currently, with no captcha), but for the reasons I mentioned, I'm really loathe to give that up. If we give up our guest posting, the terrorists win! Sad

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS


Your choice Smile

I understand the guest captcha will be added in the near future.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I personally believe if they are true member of the community they would/will register. It takes what 30 seconds? I look at it this way. If I am willing to spend my time and money to give them something for free. Then the least they can do is register. Then of course there are those people who say "why do I have to give you my my personal info (email and such) to get what you offer?" My answer is "You dont, no one forced you to come to my site, your free to click the little X top right corner of the screen any time you like."

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Multiple Setups


Dizfunkshunal wrote
I personally believe if they are true member of the community they would/will register. It takes what 30 seconds? I look at it this way. If I am willing to spend my time and money to give them something for free. Then the least they can do is register. Then of course there are those people who say "why do I have to give you my my personal info (email and such) to get what you offer?" My answer is "You dont, no one forced you to come to my site, your free to click the little X top right corner of the screen any time you like."


I agree with that, but some admins don't care who posts as long as they're human. With the way the internet is today allowing anonymous posters invites a lot of trouble, adding this option would great reduce a lot of pains and make it more secure.

Since this option won't effect those that only allow registered users to post it won't effect them in any way.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
FreeBSD 5.5/Apache 1.3.36/Mysql 4.1.16/PHP 4.4.2/9.0.6.1 (upgraded form phpnuke 7.8)


Just my own thoughts....This is why I like IP Tracker and server log files. Other tools I have do well too.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
[CentOS release 4.6 (Final)] | [Apache 1.3.37] | [MySQL 4.1.21-standard-log (client: 4.1.21) | [PHP 4.4.7] | [DF 9.2.1] | [FPro 2.0.2]


Slightly aging thread but if I may offer another scenario...

As a guild/webmaster for World of Warcarft I have 99% of our guilds content locked behind registration so there is not much issue there. Registration is by admin approval only meaning that only current guildies get approved or maintain access.

The catch here is that I must maintain a public forum section for application purposes to the guild. People apply and if they are approved are then asked to register on the site if they haven't done so already. So what I end up with is a public section with a mix of applications and porn spam lol.
I also have a public chat forum section for wayward guildies who still drop by and say hello as well but I'm considering dropping that section due to the spam.

I'm currently converting our website from e107 to Dragonfly and what I was looking for when I ended up on this thread was a way to enable the captcha per forum as opposed to anonymous, registered etc.. Those taking the time to fill out the app will certainly be willing to use the captcha and for those occasional posts made buy wayward guildies and friends it would hardly be an annoyance.

So my question at this point is whether or not that would ever be considered an option?

Is it possible to mod into the site without a new release?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/2.2.6 (Unix)/5.0.45/4.4.7/9.2.1


I was re-reading this while your were posting.
www.w3.org/TR/turingtest/

Something will be done for sure, audio and visual captcha code are in the core already but I'm really looking for something else.

Websites must be accessible by everyone, no exceptions.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


A lot of good information from that site. One has to stand in awe of the lengths people will go to circumvent the basic principle of privacy. I spent the majority of the day reading up on .htacess, bot traps and the like before I came here. I agree with your stance on accessibility 100%.

I thought maybe since the captcha was currently being used by the project that it wouldn't hurt to cover public areas as well. I am not a fan of the registered/anonymous idea stated earlier in this thread but I could see where others might be.

I'm curious as to whether you are looking into additional things or a replacement for the captcha overall?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/2.2.6 (Unix)/5.0.45/4.4.7/9.2.1


Not sure yet about what will be used. But, yes, captcha is used on our CMS but in a very limited way.

Forcing user registration to use any kind of 'input' its wrong so I do understand the issue where someone wants Visitors to post comment or contact the webmaster, but I do also have many reasons for no to spread the use of the captcha.

I'm still currently looking for a better way because i know that if we use it then webmaster will turn the option on everywhere they can.

captcha is a "false sense of protection" and nothing else, but still better then nothing ... i know.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head

All times are UTC