Lazarus

Programming => General => Topic started by: HatForCat on December 09, 2019, 04:45:20 pm

Title: Insane Forum Registration questions
Post by: HatForCat on December 09, 2019, 04:45:20 pm
Just tried to help a friend sign up. The Validation questions are just plain crazy. They may be entertaining to whoever thought them up, but to a newbie to Lazarus seeking help in using it, not so much.

TO: Whoever did this.
IF you are going to make esoteric tests then please define them clearly.
First:
The match the letters is of course OK, but the second and third ones do not make any sense.

Second:
I do not remember exactly, but, "decode the word ..." what "word" and where is it. Then it gives an example where "o" = "2g" and example "c2gm..."

Third:
Sort alphabetically KCBXXA and select the 1st, 3rd and 5th.
Sorting gives ABCKXX
1,3 and 5 gives ACX -- BUZZZ_WRONG!

That then gave us, "You are spamming and cannot Register here." Seriosly?

How is a newbie to programming and FPC expected to understand this? I have been programming for 40+ years and I failed the test and pretty sure I am not senile yet!

If you MUST do these tests then publish them here for comment before going live. The wording of and understanding is NOT obvious or CLEAR.
Title: Re: Insane Forum Registration questions
Post by: Thaddy on December 09, 2019, 05:59:14 pm
Nonsense.
Title: Re: Insane Forum Registration questions
Post by: wp on December 09, 2019, 06:23:00 pm
After logging out, I tested the forum registration. In the attachment, I am posting the "I am human" test and agree: the questions are hard to understand.
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 06:49:56 pm
TO: Whoever did this.
Would be me.

Quote
IF you are going to make esoteric tests then please define them clearly.
I tried to, but I am happy to learn...


Quote
First:
The match the letters is of course OK, but the second and third ones do not make any sense.

Second:
I do not remember exactly, but, "decode the word ..." what "word" and where is it. Then it gives an example where "o" = "2g" and example "c2gm..."
Here is an older one / no longer used of the same concept:
Code: Text  [Select]
  1. Get the word by replacing all [u]letters[/u] in front of a digit, with the letter that is x positinons later in the alphabet. (b[u]a[/u]4er => a4=e => beer)  nor2epaa3 (hint, help writing text)
  2. nodepad
  3.  
See below, but some of the wording was changed "get the word" => "decode the word"


Quote
Third:
Sort alphabetically KCBXXA and select the 1st, 3rd and 5th.
Sorting gives ABCKXX
1,3 and 5 gives ACX -- BUZZZ_WRONG!
This is the right answer.
Unfortunately there is no log, what went wrong. So I do not know why the forum declined this.

Quote
How is a newbie to programming and FPC expected to understand this? I have been programming for 40+ years and I failed the test and pretty sure I am not senile yet!
Well you got it right.

Quote
If you MUST do these tests then publish them here for comment before going live. The wording of and understanding is NOT obvious or CLEAR.
If the wording can be improved, well that is all fine. Though sometimes different wordings for the same question are needed.
Most spammers are bots. Once they know the wording for a question, it becomes inefficient. Sometime changing a single word "word => term" can throw off a bot. Sometimes not.

This leads to the conundrum, that more than one wording is needed. Versus only the most clear wording should be used. The latter is only one set of wording. That requires more new ideas, and they are not easy.
If you have ideas, please PM me with them.
I am always looking for question, that are different from what you normally get. And that a simple AI bot may not be able to understand. That implies the question needs a bit of complexity.

Also some spammers use cheap labour from various regions of the globe.
So there also is the goal that working out the answer, in addition to being human, should take some time.

Unfortunately the forum uses the same pool of question, for challenges on your first couple of posts. Would be nice if we could do different questions there. But we can't.



The questions change every so often. Sometimes after 1 or 2 weeks, sometimes after several month. Depends how long to the next spammer wave.
Not all spammers post immediately, so detection of this is rather an issue of its own.


Some of the standard question "what is 5+7", were complexly ineffective. I dont have samples of spam-bots, but I can guess that many of them can detect, and solve them.
That why I went for more complex questions.

All the question come with an example, to clarify them. And make it easier for none native English speakers.




At the moment the mix of question has only 2 tyes
1) sort and get n,m,xth letter
2) replace some chars with letters, by advancing n position in the alphabet.

The 2nd question is admittedly not easy to read, but the example (with bold highlights) should make it clear IMHO.
The concept is based on the simple kids encryption, to replace all letters in each word with the next in alphabet.

Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 06:52:14 pm
After logging out, I tested the forum registration. In the attachment, I am posting the "I am human" test and agree: the questions are hard to understand.

Part of the intent is that you should have to reflect a bit on them. If you can solve them in under 30 secs, they are too easy.

Because the cheap labour that spammers may employ will be at least as fast as you.
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 07:01:40 pm
I replaced the "decode the word" by a new set "Pick and add all prime numbers: ...."

Giving a list of numbers, of which some a prime.
Lets see, if it goes well

They should be (too) easy to solve for humans. But we still got the "sort and pick" in the mix

For all else, I will be happy about more feedback/ideas. And adjust them further.
Title: Re: Insane Forum Registration questions
Post by: HatForCat on December 09, 2019, 09:28:51 pm
This is the right answer.
Unfortunately there is no log, what went wrong. So I do not know why the forum declined this.

I have even less of an idea, but it was our second try and leave. Maybe give us 4 or 5-attempts instead of 2. I got them both wrong the first time through and the second one wrong, even though you say it was correct. But that was it - "go away spammer."

All the question come with an example, to clarify them. And make it easier for none native English speakers.

Umm, I have been an English speaker for 80-years (including working as a Jouralist for 12 of those and Technical Writer for 4 more) and I could not make sense of that second one. The example for the number of the letter is about as confusing as an instruction and example can get.

Is the spam **really** that bad? This is the only Forum I have joined where the I have seen such things. Why not put on a few more Moderators with daily quotas to check, or lose their Moderatorshipness. (Yeah, I made that one up).

I am all for a little mental test but people coming here for the first time are pretty much always desperate for help. Having to trip that merry dance sends them away fast and unhappy. IF things must be as they are, then have a means of contacting the Moderators that does not need logging in so they can explain their problem of logging in. Just a single posting page that only Moderators can access.

Or, if the spam is that bad, have blocks of 20-posts filtered through each moderators PM or something so they can fill their quota for the day. This is a site full of programmers, how hard could it be? LOL

It should not be that hard for a first time user to join.
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 10:16:48 pm
I am not aware of a setting that controls the amount of attempts.

As I said, I removed the "replace the letter by number after..." sort of question.
Do you think the "sort and pick" is that hard? I think for that one the example should be clear?

I admit that writing questions like this, makes it easy to loose the feeling for what it's like to answer them.
The challenge is to come up with new type (as in a new sort of puzzle or logic) of questions.

Spamming goes up and down. [1]
The overall amount of actual "buy a watch" spam is very low.
A few "hidden small font link" spammers come buy, every now and then.

The problem is that spammers create accounts for later. They do not spam immediately.
Creating this accounts, while we are not fighting back (and not changing the captcha) means they can set their bot to the known answers, and keep going.
When they then start spamming, we can change the captcha all we want.
In that sense trying to lower this account-hording is a first step of defence. Though I admit, it works for them, as recently the captchas were unchanged for a longer time again.....

Anyway, as far is my observation goes
- Simple "a+b" questions are pointless. It seems to me their bots detect them.
- If the question is less common, or less commonly worded, it takes them a few days or even 1 or 2 weeks to get it => they need to actually put human labour into solving it

While it also causes some work for us (we have that work either way), the idea is to go for the latter. Unfortunately we do not get to do this often enough I.e change questions weekly....

Looking forward:
I replaced the "decode the word" by a new set "Pick and add all prime numbers: ...."
Does that sound more reasonable?

Also do you have ideas (PM me) for more questions like that (where the kind of question is not too commonly found on other sites)?

What about the "sort and pick", knowing that you had it right, and the error must have been something else, do you really think it to be to hard?
Better wording is welcome too.

----
[1]
I actually do not follow this all the time.
Most of the moderation is done by others.
The security question however need admin privileges. (Which I have primarily for other reasons).
As so often with open projects, you start on something and new tasks add themself to your list.
So now, I do (whenever I remember) occasionally change the captcha.
Title: Re: Insane Forum Registration questions
Post by: Bart on December 09, 2019, 10:41:23 pm
Why not do like the wiki does?
Ask the outcome of a simple pascal program adding 2 strings:
Code: Pascal  [Select]
  1. var
  2.   a,b: string;
  3. begin
  4.   a:='12';
  5.   b:='34';
  6.   writeln('a + b = ',a+b);
  7. end.

Chances are spambots will say the answer is 46 ...

Bart
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 10:56:23 pm
All question/answers are a single line edit field.  It supports the forums BBC formatting: [ B ] for bold etc.
Full code examples are probably unreadable.
Title: Re: Insane Forum Registration questions
Post by: HatForCat on December 09, 2019, 11:00:03 pm
I am not aware of a setting that controls the amount of attempts.

It appears to be 2 total. :) That has to be a setting somewhere for it to trigger the "go away spammer." or whatever that message was.

The Prime things is OK, but again ambiguous. Do you mean

Find all Primes in this list { 2, 3, 6, 8, 9, 13, 18, 19 } now add all the Primes together and enter the total in the box below.

@Bart: That is a good thought, but the problem is it is most likely to be newbies trying to sign up. The newbie asks, "what's a String?" :)
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 11:17:40 pm

The Prime things is OK, but again ambiguous. Do you mean

Find all Primes in this list { 2, 3, 6, 8, 9, 13, 18, 19 } now add all the Primes together and enter the total in the box below.

Yes.

What is/are the other interpretation(s)?

Assuming you concluded that in my example
Quote
"Pick and add all prime numbers: ...."
the ... was a list of primes.

Otherwise  "all prime numbers" would be impossible.
Title: Re: Insane Forum Registration questions
Post by: wp on December 09, 2019, 11:18:36 pm
The Prime things is OK, but again ambiguous. Do you mean
Find all Primes in this list { 2, 3, 6, 8, 9, 13, 18, 19 } now add all the Primes together and enter the total in the box below.
And a non-English speaking, math-hating person might not know what a "prime" is (prime steak?). I think there should be a "joker" option to ask for another question, similar to the first question.
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 09, 2019, 11:19:33 pm
The Prime things is OK, but again ambiguous. Do you mean
Find all Primes in this list { 2, 3, 6, 8, 9, 13, 18, 19 } now add all the Primes together and enter the total in the box below.
And a non-English speaking, math-hating person might not know what a "prime" is (prime steak?). I think there should be a "joker" option to ask for another question, similar to the first question.
google?

"Find all even primes, and sum them up."  ;)
"Find all primes that can be divided by 3 resulting in an integer (no remainder) and sum them" :) ;)

Title: Re: Insane Forum Registration questions
Post by: dbannon on December 09, 2019, 11:45:11 pm
Firstly, this forum is refreshing free of spam and I really appriciate that !

But we cannot allow the war on spam to cost us new members.  I suspect the problems mentioned (including the Decode the word one) are probably suitable but issue is the one line of text describing them. I am sure the writer who dreams up the problem understands the question but that does not, ever, mean most other people will.

I still don't understand the second question in the image posted by WP.

I also wonder if the "one line of text" is necessary, after all, we are trying to put a time consuming task there. Better to have several lines with a very clear meaning than one, cryptic line.

How about we build up a library of questions, and have them reviewed by a number of forum users ?  Not sure how, makes sense to NOT post them on the forum, maybe martin_fr could invite selected people by PM ?

EDIT: and puting a low limit on the number of attempts is a bad idea too, again, we are trying to delay and frustrate the bad people, let them keep trying, keep giving them new problems ...

Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 10, 2019, 12:46:20 am
The low number appears to be hardcoded into the software. At least I did not find the setting.

Same about the one line. I would like to expand, but I am not sure it is possible.
I have not tried all kind of [ x ] tags, in the input. Doing so would always be public to all.

There are a number of addons to smf. I do not know how efficient they are. And I need to request them to be installed by the server admin (not me). Also they may need testing before....


I did some investigating, I can add color and [ br ] works. (I still have to edit all into one line...)
I reworded the question.....

Still waiting to learn what is ambiguous in the prime number question

New screenshot attached.


--- EDIT
I changed the text to "the red letters in the next line"
I case someone's browser wraps text

Also "Pick and add all "prime numbers": 23,10,4,33,3,4,9,13 then add them together"
Title: Re: Insane Forum Registration questions
Post by: 440bx on December 10, 2019, 01:08:07 am
just curiosity...

have bots gotten really good at reading text in an image ?

At least at one time, that seemed to be sufficient to prevent bots from successfully completing the registration process.
Title: Re: Insane Forum Registration questions
Post by: Martin_fr on December 10, 2019, 01:15:49 am
just curiosity...

have bots gotten really good at reading text in an image ?

At least at one time, that seemed to be sufficient to prevent bots from successfully completing the registration process.

I don't have a bot to check, but probably yes.
Also there are captcha solving services, some are supposedly based on AI

And if you are unlucky and come across a lot of googles "choose all images with cars" => it will occasionally tell you, that you got it wrong, even though you did not. My guess => it may try to prevent AI from learning correctly by giving fake results.
Title: Re: Insane Forum Registration questions
Post by: trev on December 10, 2019, 09:02:07 am
have bots gotten really good at reading text in an image ?

The sad fact today is that often what used to be "bots" are now in fact lowly paid humans somewhere in the third world.

I was involved in a forum on electronics a couple of years ago, and what we thought were "bots" were incredibly clever at deciphering a range of schematic symbols correctly when given 5 options from which to choose. I was deleting 30-100 registrations a day () as well as the sign-up-today and not-revisit-for-3-months before returning to add dozens of spam posts overnight. I spent a couple of hours doing this every day along with others.

So, yes, it really is a problem and it only gets worse.
Title: Re: Insane Forum Registration questions
Post by: 440bx on December 10, 2019, 09:48:54 am
The sad fact today is that often what used to be "bots" are now in fact lowly paid humans somewhere in the third world.
That is truly sad and, the problem it represents, makes the problem of unwanted registrations very small in comparison.
Title: Re: Insane Forum Registration questions
Post by: marcov on December 10, 2019, 10:40:58 am
have bots gotten really good at reading text in an image ?

The sad fact today is that often what used to be "bots" are now in fact lowly paid humans somewhere in the third world.

I'd guess it is a combination of both. Captchas that bots fail on are directly routed to these humans, which are probably in the same shack as the bot programmers/maintainers.

In august the forum really was under attach heavily, with tens of fake accounts created a day.