Sign in to follow this  
Followers 0

Report form need a captcha to stop spambots

32 posts in this topic

Posted

Like my Feedback in July 2010 (Security Problem on the "Share this link via Email" Page), we now need a captcha for the "Report" forms.

I get a lot of spam messages from spambots since yesterday - all bots reporting posts... :angry:

So: Please add a captcha to the "Report" form(s)!

TSP, MisterPhilip and Wolf like this

Share this post


Link to post
Share on other sites

Posted

Had it too.
I changed the settings in ACP so "Guests" can no longer report something.

Share this post


Link to post
Share on other sites

Posted

Yes, this is a workaround, but i made good experience with guests as "reporter" of content, so i would not miss it.

Share this post


Link to post
Share on other sites

Posted

Can you tell us how you did it?


Thanks

Share this post


Link to post
Share on other sites

Posted

Change the "Guest" group setting "Can submit reports?" to "No".

Share this post


Link to post
Share on other sites

Posted

[quote name='IPBSupport.de' timestamp='1344427388' post='2295015']I get a lot of spam messages from spambots since yesterday - all bots reporting posts... :angry:
Talk about stupid. A spammer (or spambot) using the report feature for spamming is like a crook robbing a bank leaving his drivers license at the scene of the crime along with directions to where he's going to be hiding out at.

Being able to enable/include/add some sort of spam prevention on various pages for guests would be useful. Report feature being one of them.

Share this post


Link to post
Share on other sites

Posted

+1 to this idea. I think it's important to allow guests to report content and therefore it would be good to have a Q&A challenge on there to stop spam bots.

Wolf likes this

Share this post


Link to post
Share on other sites

Posted

Think it is best to just set Guests can send reports to "No." More than that is bloating the code with a second path to the same objective.

• Jay • likes this

Share this post


Link to post
Share on other sites

Posted

It's not the same thing though. Guests might spot something a member doesn't see and therefore should be given access to report content...

TSP and Wolf like this

Share this post


Link to post
Share on other sites

Posted

[quote name='bigPaws' timestamp='1345765640' post='2300243']
It's not the same thing though. Guests might spot something a member doesn't see and therefore should be given access to report content...


I disagree. We don't know who guests are, and are as likely as not to be spammers. The only perms I give to guest is "View." Any more permission that that for guests is just asking for thouble.

• Jay • likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='Sandi_' timestamp='1345767879' post='2300248']I disagree. We don't know who guests are, and are as likely as not to be spammers. The only perms I give to guest is "View." Any more permission that that for guests is just asking for thouble.

Not taking sides on who is right/wrong, since each community is unique and what works for one site may not work for another.

Wolf likes this

Share this post


Link to post
Share on other sites

Posted

To each their own I guess, it just seem to me that allowing guest to "report content" (or any other posting) is sorta like allowing a rabbit to go to the store for a head of lettuce. (w00t)

Share this post


Link to post
Share on other sites

Posted

[quote name='Wolfie' timestamp='1345769326' post='2300256']
I think it would be best as an option. For sites where an admin feels as you do, they just disable guest access and they're done with it. For admins that want to allow guests access to certain things such as reporting content, be able to force some sort of verification to reduce the chances of it being a spammer.

Not taking sides on who is right/wrong, since each community is unique and what works for one site may not work for another.

Why would you need a new option? (Correct me if I misunderstood)Isn't captcha already used on posting by default? And you already can decide to let guests report. Couldn't we just do it as easy as "if guest report, show him our default guest spam prevention thing"?

I support the ability to enable guest reports.

Share this post


Link to post
Share on other sites

Posted

[quote name='Sandi_' timestamp='1345774122' post='2300276']To each their own I guess, it just seem to me that allowing guest to "report content" (or any other posting) is sorta like allowing a rabbit to go to the store for a head of lettuce. (w00t)


[quote name='TSP' timestamp='1345780984' post='2300302']Why would you need a new option? (Correct me if I misunderstood)Isn't captcha already used on posting by default? And you already can decide to let guests report. Couldn't we just do it as easy as "if guest report, show him our default guest spam prevention thing"?

I support the ability to enable guest reports.

Wolf likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='Wolfie' timestamp='1345781904' post='2300303']
More like allowing a shopper to get a member discount without needing to use a membership card. Some businesses all it because they see it as good business while others don't because it's seen as an incentive to become a member.

Well. For posting I could agree on that, but this is reporting content to the staff of a site. Would I need to buy a membership card at the police to report a crime?


You already have the setting "Guest posting bot control". I can't see why you would need anything other than that.

The rule here should be simple. When a guest submits content to a site, whether it be a comment, a forum post, a report, or whatever else guests can use to add content to the site, you simply go "Show the spam prevention method chosen in CAPTCHA if guest posting bot control is enabled."

Anything more complicated than that, (say you want a different kind of spam prevention method on different types of content), is what someone could make a hook for.

There is really no need for additonal settings here, in my opinion.

I'm referring to anything that can be enabled for guests that doesn't already offer/support spam prevention when enabled. Reporting content would be one of them. So I'm referring to having it be consistent in usage.


Share this post


Link to post
Share on other sites

Posted

[quote name='TSP' timestamp='1345792109' post='2300337']Well. For posting I could agree on that, but this is reporting content to the staff of a site. Would I need to buy a membership card at the police to report a crime?


[quote name='TSP' timestamp='1345792109' post='2300337']You already have the setting "Guest posting bot control". I can't see why you would need anything other than that.

The rule here should be simple. When a guest submits content to a site, whether it be a comment, a forum post, a report, or whatever else guests can use to add content to the site, you simply go "Show the spam prevention method chosen in CAPTCHA if guest posting bot control is enabled."

Anything more complicated than that, (say you want a different kind of spam prevention method on different types of content), is what someone could make a hook for.

There is really no need for additonal settings here, in my opinion.

Option to enable (or not) spam prevention for posts, comments (where appropriate), reporting content, etc. Someone may want to allow the use of certain areas without it being enabled. The method of prevention though, would be consistent. More times than not, you'd expect it to be all or nothing, but there could be areas where the admin feels it is unnecessary for some reason. Don't take that control away from them, but do remain consistent with the method used. If many get past the spam prevention method chosen, then obviously it's not working and another one needs to be used.

Share this post


Link to post
Share on other sites

Posted

Thank's for the discussion... But summarized, there are only 2 options: [*]Removing the complete option for guests to report anything from IP.Board and the IPS.Apps or [*]Adding a Captcha Option 1 (removing) make no sense - guests often reporting content which members (maybe) not do/see/find. And as i said, this could (maybe) a legal problem if a person must register before he can report any abuse. (and just for the records: i'm wondering if there are not more members/customers here with this problem, i get so many spam from guest reportings - it's really frustrating and disturbing me and my admins/moderators)








Share this post


Link to post
Share on other sites

Posted

Doesn't seem frequent, but I've seen it. I do wish to keep reporting open to guests. At the moment it isn't a concern of mine.

Share this post


Link to post
Share on other sites

Posted

[quote name='IPBSupport.de' timestamp='1348256801' post='2311272']Option 1 (removing) make no sense - guests often reporting content which members (maybe) not do/see/find. And as i said, this could (maybe) a legal problem if a person must register before he can report any abuse.

Any content that is viewable only by a guest but not by a registered member should only be content that the admin put there. If an admin is using a "Guest message" hook, then that's not something that you can report anyway.

If someone (as a guest) stumbles upon something that could be a legal issue (copyright infringement), then that person either owns the rights and thus would need to send a notice (which would be done by email) or they're just wanting to be helpful and can always opt to send an email if they don't want to register. If they submit a report, certain information is going to be collected anyway (IP address for example) so no matter which way they go, they're leaving some sort of a trail.


I'm not saying that guests shouldn't be able to report content, only that if an admin wants to restrict it from guests, then that's up to them. What doesn't make sense to you might make perfect sense to someone else. As in, for your site it might not make sense, but on someone else's site, it might not make sense the other way around.

I believe that when a spam control method is chosen for guests, it should be used anywhere that the admin wants it to be used. As in, if the admin wants it shown when someone posts a message as a guest, then it shows there. If they want it to show when leaving a comment on something (blog/calendar/downloads/gallery) then it shows up in all those places. Same with reporting content. Should be able to decide when it shows up. The method used though should remain the same. As in, not one captcha method for posts, then another for leaving comments, with yet another for reporting content. All the same but only used where the admin wants it used.

IPBSupport.de likes this

Share this post


Link to post
Share on other sites

Posted

I believe that it should be added as an option to have a captcha on the report form for guests, just as it is for "forgot password", and other functions that can be abused by automated programs. This would (ideally) be able to be enabled/disabled in settings, like any other options in IP.Board. I currently have the ability for guests to report posts turned off, mainly because if I don't, spam bots will (and they have before I turned it off) fill in the report form with spam. I for one would love to be able to turn the ability for guests to report posts on, with the CAPTCHA option so I don't have to worry about spam. My community exists just as much for reading as it does posting, and there are many 'guests' who read posts every day, but never register because they don't intend on posting... these 'guests' are just as much of the reason I started the community as the members are.

Share this post


Link to post
Share on other sites

Posted

and just for the records: i'm wondering if there are not more members/customers here with this problem, i get so many spam from guest reportings - it's really frustrating and disturbing me and my admins/moderators

 

Same here. Just this day I got more than 100 spam reports throught the gallery. There is no chance to stop it. I turned off guest access to the gallery. It did not help. Even if I turn the gallery completely off and shut down the report function in the whole installation, the report function can still be accessed if a spammer knows the syntax.Its really so anoying and distrubing.

 

5 new reports, while I am writing this. A pure horror.

Share this post


Link to post
Share on other sites

Posted

+1 for this as well. We ended up disabling guest reporting because of spam a few weeks ago.

Share this post


Link to post
Share on other sites

Posted

I take back what I said since this appears to be happening more. A revamp of how guests are handled would be nice.

Share this post


Link to post
Share on other sites

Posted

I had 100 reports from the same guest spammer. It would be great to have an option to add Q&A or captcha to the report form for usergroup = guest.

 

Has anyone from IPS actually replied or read this thread yet? It's frustrating if feedback is not acknowledged? Perhaps they should introduce a voting system for new features so they can properly gauge which ideas are in high demand?

 

In the meantime, can someone tell me how I disable guess reporting?

Share this post


Link to post
Share on other sites

Posted

Perhaps they should introduce a voting system for new features so they can properly gauge which ideas are in high demand?

Not really feasible. Someone might be in favor of an option not listed or might not want to choose between two or misvote. Not only that, but that would be just the people who know of the poll and vote to begin with. So those who vote may not truly reflect what the majority want.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Who's Browsing   0 members

    No registered users viewing this page.