Jump to content

CAPTCHA protect the log form

WalruZ

By WalruZ
in General geocaching topics

Followers 0

Recommended Posts

WalruZ

+WalruZ

Posted
Posted

Can't find the portion of the forum for making suggestions to TPTB, so here you go.

 

Cachers I know have recently seen experimental automated logging of caches. The reason isn't entirely clear, but...

 

Sooner or later somebody is going to figure out that it's possible to apply forum spam techniques to cache page logs. When that happens, GS is going to have to CAPTCHA protect the log form, and probably in a hurry. I suggest you guys start now.

 

That's all.

roziecakes

+roziecakes

Posted
Posted

This is an interesting suggestion. It really could help. I mean heck, that's why so many email forms use captcha, I suppose a cache log is just as susceptible to spam bots. Why someone wants to spam geocaching logs is beyond me, but on the internet you never know what to expect.

 

I would be in support of such an addition.

jholly

jholly

Posted
Posted

Can't find the portion of the forum for making suggestions to TPTB, so here you go.

 

Cachers I know have recently seen experimental automated logging of caches. The reason isn't entirely clear, but...

 

Sooner or later somebody is going to figure out that it's possible to apply forum spam techniques to cache page logs. When that happens, GS is going to have to CAPTCHA protect the log form, and probably in a hurry. I suggest you guys start now.

 

That's all.

 

Interesting suggestion, especially after being visited by PowerLoggingLtd and a few other bots.

knowschad

knowschad

Posted
Posted

Well, that would sure do away with powercaching as an unexpected consequence.

 

I'm sure the only people that would put up with CAPTCHA would be those the cachers that go out for a half-dozen or fewer caches per day. I'm no power cacher, but it still is very unusual for me to get home and have fewer than thirty or forty caches to log. That can take long enough as it is. I absolutely would not tolerate a CAPTCHA screen as a part of it. I would simply stop logging.

JJnTJ

+JJnTJ

Posted
Posted

I can see how it would be annoying. How about a CAPTCHA for every NA/NM log and a random 1-in-10 CAPTCHA for "Found It" logs? Even 1-in-20 would put enough hassle in the process for bots that it might take the "fun" out of it.

 

Would anyone argue with a CAPTCHA for the "Upload Field Notes" feature?

hairball45

+hairball45

Posted
Posted

It sounds like a pain in the tail to me, especially if I am logging other than from my desktop. 2-3 caches not so bad, but a bunch might degenerate into cut and paste "Out caching with my wife. TFTC"

Pup Patrol

Pup Patrol

Posted
Posted

They recently added Captcha to the Basic Members waypoint download. Don't be supprised if it appears in more basic member functions.

 

:)

 

I downloaded a couple of .loc files of newly published caches the other day. There was no captcha to be negotiated.

 

To log "found it" or "didn't find it" or a "note" to each cache I would get very tired, very quickly, of having to deal with a captcha for each time. It takes long enough to log each cache, when a successful cache hunt for me only means doing 10 or less logs.

 

The suggestion to require a captcha for a Needs Archived log is a good one. But not for "Needs Maintenance".

Castle Mischief

+Castle Mischief

Posted
Posted

Can't find the portion of the forum for making suggestions to TPTB, so here you go.

 

Cachers I know have recently seen experimental automated logging of caches. The reason isn't entirely clear, but...

 

Sooner or later somebody is going to figure out that it's possible to apply forum spam techniques to cache page logs. When that happens, GS is going to have to CAPTCHA protect the log form, and probably in a hurry. I suggest you guys start now.

 

That's all.

 

Interesting suggestion, especially after being visited by PowerLoggingLtd and a few other bots.

 

Yeah, pretty timely.

geodarts

+geodarts

Posted
Posted

If captcha were required for every log or a timed session - or at random numbers - I would probably stop logging. If captcha were required only with the initial log I would think it would not be effective. If it is introduced, perhaps a captcha free experience would be another benefit for premium members

GeoGeeBee

+GeoGeeBee

Posted
Posted

Please God, no. Those things make me feel so stupid! The last time I posted an ad on craigslist, I had to hit the little "give me a new image" button five times before I got one I could read.

 

And I hear that hackers have a way around them already.

 

I know we aren't counting votes here, but I vote NO. It's an extra annoyance for legitimate users, but it won't stop the bot writers.

addisonbr

+addisonbr

Posted
Posted

If I was measuring annoyance / dissatisfaction, I would rate having to enter captchas as higher on that scale vs. the effect that the occasional spam-loggers has on me.

 

I wasn't hit by PowerLoggingLtd, but it probably would have taken me less time to delete their logs than it would to enter captchas for a day's worth of caching.

 

Just one man's opinion.

Andronicus

Andronicus

Posted
Posted (edited)

They recently added Captcha to the Basic Members waypoint download. Don't be supprised if it appears in more basic member functions.

 

:)

 

I downloaded a couple of .loc files of newly published caches the other day. There was no captcha to be negotiated.

...

I bolded the key point in my previous post for clarification. Seeing that you are a PM, you would not run into that captcha. If you realy want to try it out start a sock pupet BM account and try to download the .loc from the cache list page. This 'feature' is only about 2 weeks old, so your previous attempt may have even been befor it was implemented.

 

Edit to add: That Captcha is actualy why I upgraded to a Primium Member recently.

Edited by Andronicus
Team Noodles

+Team Noodles

Posted
Posted

Can't find the portion of the forum for making suggestions to TPTB, so here you go.

 

Cachers I know have recently seen experimental automated logging of caches. The reason isn't entirely clear, but...

 

Sooner or later somebody is going to figure out that it's possible to apply forum spam techniques to cache page logs. When that happens, GS is going to have to CAPTCHA protect the log form, and probably in a hurry. I suggest you guys start now.

 

That's all.

no, thanks.

Pup Patrol

Pup Patrol

Posted
Posted (edited)

They recently added Captcha to the Basic Members waypoint download. Don't be supprised if it appears in more basic member functions.

 

:)

 

I downloaded a couple of .loc files of newly published caches the other day. There was no captcha to be negotiated.

...

I bolded the key point in my previous post for clarification. Seeing that you are a PM, you would not run into that captcha. If you realy want to try it out start a sock pupet BM account and try to download the .loc from the cache list page. This 'feature' is only about 2 weeks old, so your previous attempt may have even been befor it was implemented.

 

Edit to add: That Captcha is actualy why I upgraded to a Primium Member recently.

 

guess I should have clarified:

 

I am NOT a premium member.

 

there's some sort of glitch that shows me as PM here in the forums.

 

I haven't been a PM in like two years.

 

And I have never, and would never, consider creating a sock puppet account, for whatever reason.

 

The two .loc files I downloaded, without needing to do a captcha, were downloaded on the 20th....3 days ago.

Edited by Pup Patrol
WhoDis

+WhoDis

Posted
Posted

Yeah, Captcha is a real pain in the behind. That would make me stop logging if I had to do that with every log. Seems GS should be able to see if a cacher is logging caches that are over so many miles apart and then require a captcha. I believe the recent bot was logging caches in several states. Or if they are being logged faster than humanly possible, then require it. May not solve all the problems, but man I don't want to have to deal with those things for every log I enter.

WalruZ

+WalruZ

Posted
  • Author
Posted

What I'm saying is that there's nothing, really, preventing someone from more or less automatically creating a geocaching.com account and then systematically spamming every cache they can find with a link to a viagra site. When that happens, it'll be captcha time, like it or not.

Lovejoy and Tinker

+Lovejoy and Tinker

Posted
Posted (edited)

 

guess I should have clarified:

 

I am NOT a premium member.

 

there's some sort of glitch that shows me as PM here in the forums.

 

I haven't been a PM in like two years.

 

And I have never, and would never, consider creating a sock puppet account, for whatever reason.

 

The two .loc files I downloaded, without needing to do a captcha, were downloaded on the 20th....3 days ago.

 

Maybe the 'system' thinks you are still a premium member when it considers whether to present you with a gotcha (or whatever they're called?

If the status is wrong on the forum, perhaps there's a toggle stuck somewhere in your profile from when you were a PM?

 

I know a lot of basic members (from another forum) who have been getting the gotcha when downloading loc files for the last few weeks.

Edited by Lovejoy and Tinker
Pup Patrol

Pup Patrol

Posted
Posted

I can't access Premium Member Only caches...so I'm pretty sure the system knows darned well that I'm a lowly Basic Member. :laughing:

 

I really don't like the idea that only Basic Members would be subjected to captchas. A couple of incidents where "someone" was logging multiple caches, and we're on the hit list as a group?

 

Why didn't anyone raise such a fuss when it was a problem with virtuals, and non-North American accounts doing all the bogus logging?

 

:)

Andronicus

Andronicus

Posted
Posted (edited)

They recently added Captcha to the Basic Members waypoint download. Don't be supprised if it appears in more basic member functions.

 

:)

 

I downloaded a couple of .loc files of newly published caches the other day. There was no captcha to be negotiated.

...

I bolded the key point in my previous post for clarification. Seeing that you are a PM, you would not run into that captcha. If you realy want to try it out start a sock pupet BM account and try to download the .loc from the cache list page. This 'feature' is only about 2 weeks old, so your previous attempt may have even been befor it was implemented.

 

Edit to add: That Captcha is actualy why I upgraded to a Primium Member recently.

 

guess I should have clarified:

 

I am NOT a premium member.

 

there's some sort of glitch that shows me as PM here in the forums.

 

I haven't been a PM in like two years.

 

And I have never, and would never, consider creating a sock puppet account, for whatever reason.

 

The two .loc files I downloaded, without needing to do a captcha, were downloaded on the 20th....3 days ago.

Maybe the 'system' thinks you are still a premium member when it considers whether to present you with a gotcha (or whatever they're called?

If the status is wrong on the forum, perhaps there's a toggle stuck somewhere in your profile from when you were a PM?

 

I know a lot of basic members (from another forum) who have been getting the gotcha when downloading loc files for the last few weeks.

I just logged in with my dauters account. She is a BM. Indeed the .loc download still has the Captcha. LoveJoy must be correct

 

b4e4c746-2e67-4e93-8063-e73d903319d7.jpg

 

I think this was implemented to make it harder for non-approved mobile apps to scrap info for Basic Members. It esentialy forces users to upgrade, or have crippled apps. And I suspect that GS doesn't realy care if you use a non-approved app if you are willing to give them $30/year.

Edited by Andronicus
t4e

+t4e

Posted
Posted

i'm with those opposing such requirement

the spam bots for various blue pills, enlargements and what not prefer to target people by email

 

but if we truly want to ensure no bot ever taints cache pages i propose this verification system :)

 

2268237733_cda4a1dbb3.jpg

knowschad

knowschad

Posted
Posted

They recently added Captcha to the Basic Members waypoint download. Don't be supprised if it appears in more basic member functions.

 

:)

 

I downloaded a couple of .loc files of newly published caches the other day. There was no captcha to be negotiated.

...

I bolded the key point in my previous post for clarification. Seeing that you are a PM, you would not run into that captcha. If you realy want to try it out start a sock pupet BM account and try to download the .loc from the cache list page. This 'feature' is only about 2 weeks old, so your previous attempt may have even been befor it was implemented.

 

Edit to add: That Captcha is actualy why I upgraded to a Primium Member recently.

That should then be added to the Benefits of Premium Membership document.
knowschad

knowschad

Posted
Posted
What I'm saying is that there's nothing, really, preventing someone from more or less automatically creating a geocaching.com account and then systematically spamming every cache they can find with a link to a viagra site. When that happens, it'll be captcha time, like it or not.

 

Not for me, it won't. I promise.
knowschad

knowschad

Posted
Posted
I can't access Premium Member Only caches...so I'm pretty sure the system knows darned well that I'm a lowly Basic Member. :laughing:

 

I really don't like the idea that only Basic Members would be subjected to captchas. A couple of incidents where "someone" was logging multiple caches, and we're on the hit list as a group?

 

Why didn't anyone raise such a fuss when it was a problem with virtuals, and non-North American accounts doing all the bogus logging?

 

:)

Briefly off-topic: I think that you only need to refresh the forum connection like you would do if you changed your avatar. Try this http://www.geocaching.com/forums/register.aspx
Lovejoy and Tinker

+Lovejoy and Tinker

Posted
Posted

I can't access Premium Member Only caches...so I'm pretty sure the system knows darned well that I'm a lowly Basic Member. :laughing:

 

I really don't like the idea that only Basic Members would be subjected to captchas. A couple of incidents where "someone" was logging multiple caches, and we're on the hit list as a group?

 

Why didn't anyone raise such a fuss when it was a problem with virtuals, and non-North American accounts doing all the bogus logging?

 

:)

Don't think it's targetting specific member types. But being able to open a free account is always going to be the way bot will worm its way in. It's not going to pay to open account to do its spamming deeds.

 

So maybe you should turn it around and look on it that GS introduced the captcha across the site, but it wasn't necessary to apply it to PM accounts because bots are never going to open a PM account.

 

It also serves to stop some of the unauthorised smartphone software from being able to provide data to basic members which is otherwise only available to PM's.

So that might be part of the reason it was introduced.

 

It has had a bit of an impact on one of these bits of software, and as a result a number of users have gone over to a PM account to get the software fully functional again.

 

Don't know what the reasoning behind the change was, as it wasn't announced - as far as I know.

BuckeyeClan

+BuckeyeClan

Posted
Posted

 

I really don't like the idea that only Basic Members would be subjected to captchas. A couple of incidents where "someone" was logging multiple caches, and we're on the hit list as a group?

 

 

Premium Members have to provide a source of outside verification of who they are...basically, a credit card or some other method of payment, which can most likely be traced back to the real person. A basic member can just keep creating new accounts, with no reason to provide any info about who they really are. Maybe if Groundspeak did implement CAPTCHA for basic members, there would be a way to be a "verified" basic member--provide a credit card number or something that wouldn't be charged, but would still provide proof of who you are--to avoid the CAPTCHA step.

earthcurrent

earthcurrent

Posted
Posted
but if we truly want to ensure no bot ever taints cache pages i propose this verification system :P

 

2268237733_cda4a1dbb3.jpg

Answer is 0.

 

Anywho, Captcha just forced the spammers to spruce up their bots so that they can do the reading and logging in for them. Few days downtime for them, days of annoyance for everyone else that tries to use a site legitimately that has been cursed with any of the Captcha types.

 

I guess if Groundspeak really wants to encourage people to get premium membership forced captcha to do anything on BM might be a way to do it, but I would hope they'd not go that far.

 

But, since I am currently with a BM, don't want to have to bother with Captcha on one more site I frequent, and have my ways to get PM goodies, to this idea I say thee nay.

Pup Patrol

Pup Patrol

Posted
Posted

Oh, I see now....

 

when you try to download multiple .loc files, by clicking on "download all", that's when you get a captcha?

 

I never do that, so have never run into a captcha. I download .loc files one at a time, after seriously considering whether to hunt for a cache or not.

 

That captcha is pretty blurry. If I had to waste time ciphering what I was supposed to type, over and over again, I would quit right fast.

 

If captchas were required for all logs, etc, for Basic Members only...I guess that would be the end of my geocaching career.

 

And trust me, captchas don't slow down true spammers. I can tell you that from experience.

Skippermark

Skippermark

Posted
Posted

CAPTCHAs can be broken relatively easy. The University of California Berkeley claims a 92% success rate.

 

If someone is smart enough to write a bot to get into the site, they could probably figure out how to bypass a CAPTCHA screen.

kablooey

kablooey

Posted
Posted

Please, NO!

The captcha added to waypoint downloads is icky. About 20% of the time, the thing is illegible. I'm going to start saving photos of the worst ones and see whether ANYBODY can figure them out.

pppingme

+pppingme

Posted
Posted

CAPTCHAs can be broken relatively easy. The University of California Berkeley claims a 92% success rate.

And the scripts to do that are very prominent, mainly in the linux world, but can easily be found in the windows world as well.

briansnat

+briansnat

Posted
Posted

CAPTCHAs can be broken relatively easy. The University of California Berkeley claims a 92% success rate.

 

If someone is smart enough to write a bot to get into the site, they could probably figure out how to bypass a CAPTCHA screen.

 

That's amazing because 95 percent of the time I can't even read them.

Skippermark

Skippermark

Posted
Posted

CAPTCHAs can be broken relatively easy. The University of California Berkeley claims a 92% success rate.

 

That's amazing because 95 percent of the time I can't even read them.

I'm the same way. I usually have to refresh them until I get an easy to read one. I've been tempted to use the "audio" feature that speaks the characters but haven't yet done it.

JohnX

JohnX

Posted
Posted

It is a rare instance when I will go through the CAPTCHA process to do anything on the web. The tab just gets closed. I would stop logging if it were implemented. In addition, If I get one of those "flying" ads that float over the content and have to listen to some model talk about insurance or search the ad for a close button I find the button immediately. It's the "Close Tab" button.

secretagentbill

+secretagentbill

Posted
Posted

I'm the same way. I usually have to refresh them until I get an easy to read one. I've been tempted to use the "audio" feature that speaks the characters but haven't yet done it.

The audio ones are worse. Instead of Captcha, Microsoft uses something similar. One day I finally gave up trying to read the thing and clicked on audio. They had all sorts of background noises, crashes, screeches, and pops. Also the characters being read where at varying volumes and tones. I never did get what I needed.

secretagentbill

+secretagentbill

Posted
Posted (edited)

...But at any rate, I should add that I probably wouldn't have a problem with CAPTCHAs being required for logging. Usually I find them fairly readable. I guess I don't understand the reasoning behind the people that say that if they have to type a captcha they'll quit logging. You're already typing a few sentences or a paragraph or so...what's an extra two words? I guess the only real problem would be if they aren't legible. It's a shame the level of protection every system needs against spammers and the like.

Edited by secretagentbill
cezanne

cezanne

Posted
Posted (edited)

Usually I find them fairly readable. I guess I don't understand the reasoning behind the people that say that if they have to type a captcha they'll quit logging. You're already typing a few sentences or a paragraph or so...what's an extra two words? I guess the only real problem would be if they aren't legible. It's a shame the level of protection every system needs against spammers and the like.

 

I have not yet encountered any problems with spam logs on gc.com. I have, however, experienced considerable troubles with captchas. I often cannot read them and need many attempts (e.g. in case of geochecker). I am bad at reading such images and the fact that the words/names are not in my native language and are sometimes unknown to me, increases the challenge for me.

My logs are typically long - I enjoy writing logs. I hate, however, to get the feeling to be stupid when I need several attempts until everything works out with a captcha. It is very frustrating for me.

 

Cezanne

Edited by cezanne
power69

+power69

Posted
Posted

i'm with those opposing such requirement

the spam bots for various blue pills, enlargements and what not prefer to target people by email

 

but if we truly want to ensure no bot ever taints cache pages i propose this verification system :P

 

2268237733_cda4a1dbb3.jpg

At least its not the one with the Cats!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 0
Go to topic listing
×
×
  • Create New...