As title.Just wondering how to use custom verification questions for replys as the built-in captcha (antispam plugin) seems to be to easy(some spam bots already cracked them and got filtered by akismet),while the reCaptcha plugin is not user-friendly in China(due to the block).
So,can we use custom questions for captcha(like SMF) and if yes,which plugin to install?
Moreover,is it possible to apply other types captcha without creating a plugin(as I have little php knowledge)
The main principle is easy - to check a token sent by $_POST before accepting a comment,but ...how to achieve that in this moduled action flow)
BTW: I believe the paths in s9y is absolute as I spent much effort to migrate my blog - finally done by reinstalling and reposting....
BTW #2: just wondering why don't use jquery on a cdn but using local version instead on almost all themes...
custom CAPTCHAs?
Re: custom CAPTCHAs?
It's best to not use a captcha at all. Use the plugins spamblockbee + spamblock_bayes together with the regular spamblock-plugin. That way you get a good protection against spam without killing the accessibility of your blog.
Using a generic CDNs leak your visitors IP addresses to random third parties, which is pretty much illegal in Europe (even if sites did not catch up to that yet). Hosting the JS files locally is much better in that regard.BTW #2: just wondering why don't use jquery on a cdn but using local version instead on almost all themes...
Re: custom CAPTCHAs?
Currently using akismet + ip frequency blocking.
Spamblock_bayes doesn't work quite well on Chinese(and some other languages) as we don't seprate words.We only put a "。" at the end of a sentence.Moreover a you need a trained dataset ,which makes it hard to *prevent* spam.
I haven't tried SpamBlockBee and the method looks interesting however I'm not sure of the
Uh.Sorry for not knowing this as the digital privacy isn't really good here.But is it possible to manually switch a Jquery provider(default to use local,but using another source is also ok)?Using a generic CDNs leak your visitors IP addresses to random third parties, which is pretty much illegal in Europe (even if sites did not catch up to that yet). Hosting the JS files locally is much better in that regard.
Re: custom CAPTCHAs?
Oh, I hadn't realized that the filter might not work with chinese. It comes without a trained model, you train it yourself with the comments and the spam you get in your blog. So it's helpful only after a short while. But okay, possible that it will not work all that well for you. Here, Akismet is usually at least as good as a custom Bayes filter - but even that is not working great for you?
Change that src to link to the jQuery file you prefer instead.
This might be a good use of the jQuery plugin we once had. I think it's archived now. But if someone wanted to bring that back with some CDNs and maybe jQuery variants as config option I would help to get this back in Spartacus.
Not like that. But you can replace our jQuery with a jQuery file hosted on a CDN. You will need to edit some code though - specifically the html we use to embed the jQuery. That's in line 69 of the file include/plugin_api.inc.php:But is it possible to manually switch a Jquery provider(default to use local,but using another source is also ok)?
Code: Select all
<script src="<?php echo $serendipity['serendipityHTTPPath']; ?>templates/jquery.js"></script>
This might be a good use of the jQuery plugin we once had. I think it's archived now. But if someone wanted to bring that back with some CDNs and maybe jQuery variants as config option I would help to get this back in Spartacus.
Re: custom CAPTCHAs?
Thanks for the reply.Akismet works well and recently it seems all the bot-generated spams are in English selling drug.onli wrote: ↑Thu Dec 10, 2020 4:22 pm Oh, I hadn't realized that the filter might not work with chinese. It comes without a trained model, you train it yourself with the comments and the spam you get in your blog. So it's helpful only after a short while. But okay, possible that it will not work all that well for you. Here, Akismet is usually at least as good as a custom Bayes filter - but even that is not working great for you?
Wordpress's comment-moderation method is also a good example.Wordpress defaults to let blog admins moderate the first comment of a person.
And hmm...Sorry to mention captchas again,but is there a possiblity to add a captcha for serendipity_admin.php for admin logins to prevent attacks?
I once noticed an issue focusing on admin login security on github and it says a new version might include this.(Though changing the admin login entrance page in the blog settings might help)
Re: custom CAPTCHAs?
If your spam is in english really give the Bayes plugin a chance. For english spam it does work well. And it should learn then that english is related to spam, while chinese comments are not - in your blog.
I'm not aware of a captcha protection for the admin login provided by serendipity. You can use your webserver to add an additional layer of security for the backend, for example to add an additional password with Apache's .htaccess.
I'm not aware of a captcha protection for the admin login provided by serendipity. You can use your webserver to add an additional layer of security for the backend, for example to add an additional password with Apache's .htaccess.