#12466 closed enhancement (wontfix)
create ability to display captcha only on registration page
| Reported by: | Owned by: | Dirk Stöcker | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | plugin/spamfilter | Version: | |
| Severity: | minor | Keywords: | |
| Cc: | mmitar@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
I would like to ask feature to force captcha only on registration page. I can explain why do I need such use case:
- I found that some bots on registration stage passing all tests (i am using TracAccountManager + protection from spam filter) because they are using new emails, not using any bad words (so content filters also not catching them) and not filling spamtrap fields. Also email validation success for them. So there is no reason for spamfilter to block this registration.
- Later this bots are trying to post spam and in 99% blocked by spamfilter plugin. But they are polluting user db + using a lot of server resources.
I think best solution for this problem is to force captcha on registration page and only on it. It would be great to have this such setting in the configuration.
Attachments (0)
Change History (8)
comment:1 by , 8 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 8 years ago
| Cc: | added |
|---|
comment:3 by , 8 years ago
comment:4 by , 8 years ago
This is my understanding of you've situation:
- You don't have Captcha enabled
- Spam registrations are succeededing
- SpamFilter blocks most posts from authenticated spam accounts
It seems you have a problem with spam registration and presumably enabling Captcha will fix that problem. How about doing that to see if it fixes your problem? Shouldn't fixing your spam registration problem be the first priority?
You fail to describe the motivation for enabling Captcha only on the registration page. Have you actually seen a problem with having the Captcha enabled for authenticated users visiting any resource, or are you just anticipating that it will lead to problems?
comment:5 by , 8 years ago
Hi, thank you for reply, you are correct. I can explain my motivation - i personally dont like captcha, and believe that most of the users do not like it as well. I have to enable it on the registration page (because there is no simply enough data to block such users) but i dont want it to be shown on any of the pages for the registered users, because other options are working perfectly. And i dont want to have different carma for the unregistered and registered users because it will help to bots to pass spam checks.
comment:6 by , 8 years ago
Ryan J Ollos - this is my config if you need it. Still cant get how config change can help to achieve this functionality.
[account-manager]
account_changes_notify_addresses = smth@example.com
force_passwd_change = true
htpasswd_file = /somedirectory/trac.htpasswd
htpasswd_hash_type = sha256
notify_actions = new,change,delete
password_store = HtPasswdStore
persistent_sessions = False
refresh_passwd = False
register_check = BasicCheck, EmailCheck, BotTrapCheck, RegExpCheck, UsernamePermCheck, RegistrationFilterAdapter
username_regexp = (?i)^[A-Z0-9.\-_]{3,}$
verify_email = true
[spam-filter]
account_karma = 5
akismet_api_key = xxx
akismet_api_url = rest.akismet.com/1.1/
akismet_karma = 10
attachment_karma = 0
authenticated_karma = 5
blogspam_api_url = test.blogspam.net:8888
blogspam_skip_tests = bayesian,linksleeve,sfs
botscout_api_key = xxx
botscout_karma = 3
captcha = RecaptchaCaptcha
captcha_areyouahuman_publisher_key =
captcha_areyouahuman_scoring_key =
captcha_expression_ceiling = 10
captcha_expression_terms = 3
captcha_failed_karma = 1
captcha_karma = 20
captcha_karma_lifetime = 86400
captcha_keycaptcha_private_key =
captcha_keycaptcha_user_id =
captcha_recaptcha_private_key = xxx
captcha_recaptcha_public_key = xxx
defensio_api_key =
defensio_api_url = api.defensio.com/2.0/users/
extlinks_karma = 2
fspamlist_api_key = xxx
fspamlist_karma = 3
httpbl_api_key = xxx
httpbl_spammer_karma = 6
ip_blacklist_karma = 5
ip_blacklist_servers = list.blogspambl.com, all.s5h.net
ip_throttle_karma = 3
ipregex_karma = 20
linksleeve_karma = 3
logging_enabled = true
min_karma = 0
purge_age = 7
regex_karma = 10
reject_handler = FilterSystem
session_karma = 9
skip_external = 20
skip_externalham = 30
spam_monitor_entries = 100
stop_external = 50
stop_externalham = 50
stopforumspam_api_key = xxx
stopforumspam_karma = 4
train_external = true
trap_karma = 10
trust_authenticated = false
use_external = true
comment:7 by , 7 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
On a properly trained system a normal user usually does not see captchas at all. In our wiki a user sees a captcha probably every 1000th submission. If you get them more then training and filter setup needs to be improved.
Special rules for different types make no sense in SpamFilter design.
What would be the result of your request: Instead of getting a captcha, the user will get a rejection. I doubt they like that better.
If you nevertheless want this: disable captcha in SpamFilter and install another plugin providing captcha only for registration page.
comment:8 by , 7 years ago
| Milestone: | plugin - spam-filter |
|---|
It would probably help if you posted copy of the
[account-manager]and[spam-filter]sections from your trac.ini, obfuscated by removing private keys, etc.