Mar 7, 17 / Ari 10, 01 17:06 UTC
I like the new Captcha feature but may I ask to:
Thanks in advance
Mar 7, 17 / Ari 10, 01 20:40 UTC
Hello!
Thank you for the suggestion. I've passed it along to the IT team. I'm not sure about not needing it when you preview a post but I think it should be fairly simple to add the 're-captcha' button.
Thank you!
Kind regards,
Rebekah Berg, Lead Community Administrator, Asgardia
Mar 8, 17 / Ari 11, 01 00:15 UTC
Should of been entitled captcha resulted in very little change. But that had to of been expected, really, as the system was mitigated some time ago.
And to stop it asking for catcha for preview, it's as simple as commenting out the code.
Mar 8, 17 / Ari 11, 01 00:18 UTC
You don't need to enter the Captcha for previews. If you hit the Preview button without typing in the Captcha it works fine.
That also refreshes the Captcha, removing the necessity of having a re-captcha button.
And now you know!
Mar 8, 17 / Ari 11, 01 01:23 UTC
Seems you don't require the captcha for preview - well spotted. I'd not attempted.
Mar 8, 17 / Ari 11, 01 15:52 UTC
That doesn't explain me why, if I enter the (timed out) Captcha and press Preview I'll get the "wrong captcha" error, right? ;-)
I shouldn't get any error as, on Preview, Captcha shoudn't be verified, IMHO.
I never tried to avoid writing the captcha too, even before a Preview so, I bet, captcha is verified, even if you press Preview, only if you change it.
My suggestion to the IT Team then becomes "just visual": to move the Preview button over the Captcha section, which should mean "you don't need (and shouldn't) enter captcha to Preview", and to place the Submit button at captcha section's right side, this way:
(Preview)
Captcha [image] [text field] (Submit)
If they would like to avoid captcha check even when, before pressing Preview, one changed it, it's up to them.
P.S.
Thank you, Rebeka, to pass the suggestion along to IT Team. :-)
Mar 8, 17 / Ari 11, 01 16:48 UTC
I've also occured such - accidently clicking preview instead of post - but the preview still occurs without a captcha input. Input of a "wrong" captcha still results in error messages and post denial - and this is to be expected, as it validates the captcha input - but as previously mentioned, a few lines of code being commented out can easily adjust this behaviour.
Mar 8, 17 / Ari 11, 01 17:01 UTC
That doesn't explain me why, if I enter the (timed out) Captcha and press Preview I'll get the "wrong captcha" error, right? ;-) I shouldn't get any error as, on Preview, Captcha shoudn't be verified, IMHO.
The Captcha is timed. If you don't input the three letters in an appropriate timeframe (I think it's close to 60 seconds) then it becomes invalid. The fact you didn't try to post was irrelevant. The Captcha you entered had become invalid by the time you had clicked on the button. It only reads if the letters in the field match the valid Captcha.
Mar 9, 17 / Ari 12, 01 16:27 UTC
@Phicksur
That (the Captcha time frame) was clear to me, after we started speaking here. :-)
What I was reporting (the same as @EyeR) is "I shouldn't get any error as, on Preview, Captcha shoudn't be verified".
Mar 9, 17 / Ari 12, 01 16:53 UTC
Captchas are last resort solutions for people who don't know how to prevent bots abusing forms. Use honeypots and engage proper security protocols into the forum application instead of serving bad UX.
Mar 9, 17 / Ari 12, 01 17:33 UTC
Honeypots are a nicey of tool - but only of limited practical use in this scope.
IMHO the better initatives are those that prevent abuse before it happens, many places contribute IP/usernames/emails/spam content to databases - which can then be scraped for hostile IP's and prevented from accessing the services before they even try. Spam can be scraped and used in a system similar to Phicksur's skeletal flow to detect fresh abuse from various clearly obvious patterns, and further contribute to the publicly available databases as a favour for storing the spam that let us operate the system with more efficiencies.
And at all points, take the hardware from these criminals, and cost them as much money in the process. The only reason these things can operate on such a scale is because it is allowed to by inaction.
