search

q2a / question2answer

Question2Answer is a free and open source platform for Q&A sites, running on PHP/MySQL.
http://www.question2answer.org/
GNU General Public License v3.0
1.64k stars 629 forks source link

Implement Google's NO CAPTCHA RECAPTCHA #159

Closed fulldecent closed 9 years ago

fulldecent commented 9 years ago

Google has created a new Recaptcha API. Spam is a significant issue for Q2A so we should implement this API.

https://www.google.com/recaptcha/intro/index.html

fulldecent commented 9 years ago

http://googlewebmastercentral.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html

pupi1985 commented 9 years ago

A definitely better approach. Anyway, current recaptcha is being passed 99.9% by humans already. Bots that perform OCR successfully on those captchas are considerably the least. Captchas are currently bypassed by humans and exposed from services that provide an API.

It is a matter of time (maybe days?) so that they update their services to handle this. Workforce is already there, only difference is that instead of just typing now they will have to select an image from a list. Also there are also tools that can be bought for a few dollars to perform massive submissions to sites (Q2A included) that provide a very simple interface to input captcha after captcha... so even if people don't want to pay for the API requests they can input them on their own and it is quite fast. These tools will also need to update their services too. Once they do, again, we'll be exactly where we're now.

By the way, reCaptcha, in Q2A, is just a plugin. You can work on that without affecting the core or the current plugin :smiley:

fulldecent commented 9 years ago

Yes, it is only a little effective

svivian commented 9 years ago

Just seen this myself. I'll certainly implement this when I get a moment.

However, I'm fairly sure this isn't going to improve spam detection as it sounds like they are using the same algorithms they've always used. It's mainly to make things easier for humans.

sama55 commented 9 years ago

I made this plugin. Look at this. http://www.question2answer.org/qa/41918/google-recaptcha-plugin

svivian commented 9 years ago

Just updated the dev branch with the new version of reCAPTCHA in 26f80b2.

It would be great if you guys could help test it! It will work fine as a 'drop-in replacement' - download the snapshot from that commit and copy the qa-plugin/recaptcha-captcha directory over. (It should even work on 1.6.3 as long as you're on PHP 5.2+.) Or update your local branch to the latest version if that's how you work.

BTW I think my earlier comment is wrong - from what I can tell, this actually should improve spam detection a fair bit because the new system uses some detection techniques specific to the checkbox system, and not just IP like the old system.