Are there Captcha solutions for the login and register pages?

support
1

Are there Captcha solutions for the login and register pages?

2

and about users api

image
image1202Ă—541 14.3 KB

I need change it to it go to my site ?

and anoher qustion , when i can edit blog. links global what puted every where

3

I’ve not seen that. I think because the password length restrictions make them unnecessary.

Have you experienced a problem?

4

what ? :slight_smile: read question

  1. i ask about the cpacha solution - no matter google or another for prevent register spamers .

  2. next i was asked abou the api , i need there put own link to api ? or use standart

  3. qustion was about the blog.official as it display at many places , can i edit it or that will see only admins and users will no see that redirect to the blog ?

5

I’ve not seen a captcha option for the signup/create modals either (though that could be my terrible search skills :slight_smile:). If you’re worried about spammers there’s the Akismet plugin you can use alongside the built in tools?

I’m not sure what you mean by question 2 or question 3. :slight_smile:

1 Like
6

I’m not sure about 3, but I think I know what @Bitweb_Core is trying to ask in 2.

@Bitweb_Core unless you want to disable the user API keys completely or limit them based on trust level (which I recommend against this personally), you don’t need to change anything in that section. The defaults allow the DiscourseHub mobile application to work with your instance.

The only other time you would need to make changes there is if you or someone working for you was developing a 3rd party application that uses the User API key system.

2 Likes
7

the problem is not even in spam, but in the fact that thousands of accounts can register automatically, or people can try brute login page.
Normally, the login, registration and password recovery pages should be captcha protected.
and the solution that you suggested is already treating the symptoms and not the cause.

I have a question for what reason there is no such standard thing as a captcha or just a “question - answer” by default.

I thought the presence of captcha was not even discussed and logical on the modern Internet.

allow only social logins, create white lists of email providers, I think is not a solution.
Why invent crutches in the form of incomprehensible services that no one needs, when captcha was invented for this and everything else is already as additional options if 1 line of defense is broken.

i was find one solution there GitHub - klaudgrave/discourse-google-recaptcha: Adding Google Recaptcha to sign up form

but it seems that it has not been working for a long time and is not supported due to forum updates.

but I can’t find any documentation on the plugins what they need to work properly. To fix the found solution or write my own.

and how i can allow users only use long passwords line 12 min and all character set.
Andalso add to register page an inscription above the password for users so that they use a unique password and not the same on all sites.

8

Here’s some discussion about captcha: Only allow user profiles for TL1 and above? - #24 by codinghorror

It seems that no hosted sites need it, so you probably don’t either

Here’s why

but it’s certainly possible to add with plugin or maybe a theme component.

9

yes captcha no change anyting , but it will protect from some kid hacker who try make 100 account with simple browser macros
and protect from ddos restore password and login page via sending many post requistes.

akismet is more 2 wall of protect , from monsters like hrumer based software and any ai.

from bad ips , it have already one captcha from cloudflare.

But i how i say that all need use at complex , captcha work for what it was created.

as example even discord channel or tg channel they when users join - they solve simple captcha , then start work anti spam bots like akismet ( i know that is 3rd solutions there to )

why litter the database with dead spammer accounts if they are will be rejectet at registration stage.
almost 90% always rejected at captcha .

if think like this , why protect the forum at all, you can manually delete spam once a day and clean the database from dead accounts.

Why use complex passwords when hackers can steal your database.

:smile:

“why hammer nails with a microscope”

10

There are rate limits on that.

1 Like
11

I thought this one was interesting too

12

is there exist at register page rate limit ?

examble some kind of bot will be hammered into registration with incorrect data or a situation where just random data is entered without interruption ,and creating garbage in the database in the form of non-activated accounts

I myself personally observed services where there was no captcha and for this reason they turned off registration as it was make almost not usable that sites or forums…

How you say you right captcha is more like rate light rate limit than spam protect system , you simple give them solve capctha again and again , and spamers possible not humans , that is not secred about exist many captcha solve services , but they canot solve all captcha ( exist paranoid setting even humman no solve it ) and exist google hiden capctha where need put , “i am not a bot”.

It all comes down to avoiding unnecessary load on the server in rather vulnerable places.

13

No, there are rate limits by IP. If you believe this is possible, try it! Go ahead!

(Now if you have access to 50,000 IP addresses, then yes, that’s a problem, but you also have a lot of money and time. Do you have that amount of money and time?)

That being said I fully support captcha plugins for sites that want double plus good “belt and suspenders and a jumpsuit and a motorcycle helmet and football shoulder pads too” level protection, but the captchas have gotten very very weird lately.

2 Likes
14

i search that rate limits , to register , password reset , login pages. but don’t see it at settings :neutral_face: ( as example i want allow per ip only 5 try , then wait xx time)

About auto delete non activated accounts , i find it , but why even allow create them :slight_smile:

I want make impossible by using simple macros at browser make 100500 accounts . :slightly_smiling_face: ,how i say from real spamers notting not protect ( they use XRumer or neural network software ). But how i know most simplest captcha like “i am not a bot” work best, as it look at user actions.

but the message about scammers that sleep with their hands made me laugh , maybe some kids but real spamers doin’g it mass.

I can’t imagine a person who sits and manually creates thousands of accounts
but even so - after 10 captchas he would go crazy :sweat_smile:

especially if it’s some kind of ridiculous Chinese captcha with a timer :rofl:

another great protection against human spammers is a browser fingerprint in the canvas

15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.