Jump to content
Jordan Miller
 Share


Improved spam defense in 4.7 with hCaptcha

As the Invision Community platform continues to evolve, so do the precarious ploys of pesky bots. 

Oftentimes spammers, whether they are bots or actual humans, spam your community with links in an effort to boost their website’s SEO. 

There are already a number of ways in the Invision Community platform to fight against spam, including…
 

  • Our native Spam Defense built into the platform that scores a newly-registered member
  • Placing new registrations into a moderator queue
  • Adding word filters that, when triggered, put the member in a moderation queue


We also integrate with various CAPTCHAs. You might be unfamiliar with the term, but you’ve definitely participated with one. It’s a digital gatekeeper in the form of an interactive puzzle that asks you to find patterns or similar images in order to evade malicious bots from taking action, whether that’s submitting a spam email, comment or registering an account. 

Our existing CAPTCHA defenses include:
 

  • Invisible reCAPTCHA where the system intelligently detects if the user is human in the background
  • reCAPTCHA V2 where the user simply clicks an "I'm not a robot" checkbox
  • keyCAPTCHA where the user must complete a jigsaw puzzle
     

In our latest update, version 4.7, we’ve included yet another defense to block spam from seeing the light of day: hCaptcha

hCaptcha is one of the world's most widely used independent Captcha services. 

We’re incorporating it in a few places where spammers can prepare their attacks.


Registering:

Prevent spammers from joining your community. If enabled, the hCaptcha will stop spammers in their tracks before even creating an account in your community.


Could contain: Computer, Electronics, Outdoors, Text


Guest posts:

Community leaders have the option to allow guests to reply to topics. This could potentially open up the floodgates for spammers, but the hCaptcha effectively mitigates this by asking the entity (hopefully an actual person) to problem solve. If the sequence is not successfully completed, the guest post won't be published.


Could contain: Bus, Transportation, Vehicle, File, Text, Webpage, Airplane, Aircraft, Boat


hCaptcha is available in the new 4.7 Beta 1 release.

Give it a shot and let us know what you think in the comments… just be sure to successfully select all the traffic lights if you’re a guest! 😉 
 

 Share

Comments

Recommended Comments

It would be nice to see something like this when someone does a search on your site. I get so many Chinese searches I can’t tell what’s from members or spammers/bots.

Link to comment
Share on other sites

17 minutes ago, nodle said:

It would be nice to see something like this when someone does a search on your site. I get so many Chinese searches I can’t tell what’s from members or spammers/bots.

There is a feature in 4.7:

Quote

Ability to only log searches from specific member groups

 

Link to comment
Share on other sites

How do I download the beta 4.7 update?

I'd really like to be able to open my forum to guest posts as it would make my forum much more helpful and useful for customers. Currently if I try opening up the forum, it gets flooded with spam posts. I realize it's a beta version so for sure I'll keep a backup of my forum just in case.

Link to comment
Share on other sites

2 minutes ago, Elliot Marx said:

How do I download the beta 4.7 update?

Go to your client area and click on "Navigate this purchase".

Click on the highlighted section below to download the beta:

Could contain: Text

If you want to upgrade an existing install or test install you can create an constants.php file and use the following constant:

Constant - USE_DEVELOPMENT_BUILDS
Use - Adding a true value to this will allow the automatic upgrader to pick up public alpha and beta releases.
Example value - TRUE

 

 

Link to comment
Share on other sites

OK I installed the update and tried it after setting up hCaptcha. I also set up the forum to allow for guest posts. A few glitches:

1) When I tried logging in as an admin, first time gave me an HTTP 500 bad request error, second time worked flawlessly. Happened using Google Chrome.

2) The Hcaptcha gets chopped off at the top on Google Chrome. It's still kind-of understandable but overall just difficult to use because of this. I also tried Mozilla Firefox and there were no display issues.

3) As a guest, no matter what I did with the hCaptcha, I wasn't able to post. Happened using Google Chrome and Mozilla Firefox. I got the following error:

  • You did not pass the security check. Please try again
Edited by Elliot Marx
Filled in more details
Link to comment
Share on other sites

Even though I have hCaptcha enabled it shows keyCAPTCHA at the bottom of the site's Privacy Policy.

keyCAPTCHA

This site uses a CAPTCHA to ensure humans are performing certain actions. The CAPTCHA provider may set a session cookie and get information about your internet browser and device accessing this website.

In addition, the "Privacy Policy" link above points to the https://www.hcaptcha.com main page, not their privacy policy page which is https://www.hcaptcha.com/privacy

 

Edited by Chris Anderson
Link to comment
Share on other sites

Hello, 🙂

If hCaptcha is this the box which asks you to click on photographs showing something like a plane or a cow, well I do not like it... I generally prefer leaving the website and going elsewhere. This is me of course, but I think it will prevent registrations by discouraging people from registering.

Link to comment
Share on other sites

1 minute ago, SecondSight said:

Hello, 🙂

If hCaptcha is this the box which asks you to click on photographs showing something like a plane or a cow, well I do not like it... I generally prefer leaving the website and going elsewhere. This is me of course, but I think it will prevent registrations by discouraging people from registering.

You don't have to use hCaptcha.  The original methods should still remain available for you to pick from and use.  If it's not right for you or your community...  don't enable it.  🙂 

Link to comment
Share on other sites

I really like the hCaptcha idea...I've had a hell of a time getting my board started and active. Many guests just want to ask questions right away. For the ones that did register, I got in the habit of ignoring them because there were too many spam account setups even with the email verification. Invision Board is now a step ahead and almost all of the people trying to activate accounts are legit customers or potential customers.

If only the hCaptcha could be fixed so it really works for guests...right now as I said above with hCaptcha enabled and permissions allowing guests to post, now it's the opposite problem and guests can't post. I tried it and the hCaptcha picture puzzle came up, but after solving the puzzle it still came up with the error "You did not pass the security check. Please try again". Once this is all working I will make an announcement about it for sure!

Edited by Elliot Marx
post clarification
Link to comment
Share on other sites

I like this thread. I will wait and see if hCaptcha works out for you guys or simply wait till 4.7 is stable. I get Russian spammers daily. I have culled a number of them by simply using the word filter tool mentioned in this post. This has reduced the Russian Spammers to just a trickle a day when it used to be a flood of them every day. I use the reCaptcha and basically filter out all the url links these Russians keep trying to post in our guest forum. They keep adding more links and I just keep blocking them and I think they get tired of trying to work around this, but apparently there are some who just won't give up. 

Link to comment
Share on other sites



Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...