[Elgg 1.8-1.12 & 2.X & 3.X: Captcha] v1.8.1

Release Notes

Changelog v1.8.1:

  • Portuguese (Brazilian) language file added. Thanks to Guilherme Luiz Lessa.
  • Portuguese language file added (I hope the Brazilian dialect is not too different...).
  • Hi iionly again! ;-)

    Also, i'm using captcha in my site, of course. My domains are very old and I have a lot bots "walking" on my web. Your captcha helps alot but is no the finally solution. I delete more than ten bots every day, chinese ips normally. Will be possible to include in your next captcha version (captcha+) :))) the simple question: ¿Actual year? (was the solution in others sites for me) The year is an internal variable in any system and it's not necessary to define any field than bots always read. I had trye to include this question in your pluging but I'm loosing all my php capabilities, I'm getting old! :)

  • another option is to use a free cdn service like incapsula or cloudflare.
    i see 1000s of bots per day hitting my site..
    zero spammers get through.

  • @Wodker: this captcha plugin here might not offer the most secure way to keep spammers / bots out of your site. I've released it partly due to nostalgia (nice old pre-1.8 feeling) once I'd updated it (as I was in need of an Elgg captcha plugin for testing another plugin).

    There are other captcha plugins available here on the community site (based on text answers, maths, image selection and other captcha generating algorithms) that might be more secure. But most likely any captcha plugin used as only mechanism won't be enough. You should try Spam-Login-Filter, Spam-Throttle and Honeypot plugins additionally.

    Another way (though only possible if you don't care about search engines not indexing your site): use walled-garden option (or my Loginrequired plugin) and add a robots.txt asking any crawler to not indexing your site. By own experience this is very successful (site more than 3 year up - spam count 0). Nice side-effect: reduced server load due to absence of webcrawlers.

  • I don't like external services to control the bots and spam and use three diferents plugings to reduce the bots it's really too much. I will try to add "my question" on your pluging and I will report You the results.

  • There already are some text captcha plugins available for Elgg:

    http://community.elgg.org/plugins/871210/1.0/textcaptcha-elgg-18x

    http://community.elgg.org/plugins/793357/1.8.0.1/text-captcha-18

    You might want to check if they offer what you are looking for. If they don't work as intended out-of-the-box, I'm sure you can modify them accordingly. It might be easier to modify one of these text captcha plugins instead of using this captcha plugin here as starting point which does not provide any options for defining own captchas based on text-based questions/answer pairs.

  • Hi !

    I have started using this plugin but am still seeing about 50 bots/day getting past the registeration page and asking for their Account to be validated ( Administrater validation is on )

    Is this to be expected ? What can I do that these bots can not complete the registration process itself....later I want to let go of Adminsitration Validation altogether...

    Appreciate much all help and advise.

    Thanks !

  • Unfortunately, a captcha alone is not a sufficient protection against spammers anymore nowadays. Captchas might still reduce the number of successful account registration / spam posting but they can't completely block them.

    For better protection against spam I would suggest using a combination of several other plugins. On the one hand you can try to reduce the number of spam bot account registations by:

    If a spammer managed to register an account you can use other plugins to avoid getting flooded by spam postings by:

    It might also help to require an profile image already to be uploaded on account registration. The Profile Manage plugin (http://community.elgg.org/plugins/385114/7.6.1/profile-manager) allows you to make a profile image a mandatory requirement on account registration.

    All these plugins might require a bit of an effort to get them configured sufficiently to stop spam. Take a look at them, try them out and see how they work.

Stats

  • Category: Authentication
  • License: GNU General Public License (GPL) version 2
  • Updated: 2021-2-7
  • Downloads: 7031
  • Recommendations: 27

Other Projects

View iionly's plugins