UBB.threads PHP Forum Software Community Forums General Suggestions and Feedback Image Verification at Login

Would it be possible to add image verification at login?

If that could be done, I would turn off image verification for new posts and replies and still retain some security against spambots.

I don't quite understand the question.
But if you have enabled captcha for your site. Then it should be pretty much secure. Once a registered user has access the cookie will take over. If a user is not registered then the captcha will take presidents. Depending on your group permissions.

So maybe you need to be more specific on what you are trying to do!

I have captcha enabled for all groups for registration and for new post creation and for replies.

The main reason I enable it is that my message board is listed with spammers who have automated programs that post spam. Having captcha turned on should help reduce that.

However, real users are complaining about having to verify each posting/topic.

But if captcha could be enabled only the login screen, that would hinder the automated spammers, and keep real users happy by not requiring verification on all posts.

Okay that should not happen for registered users.
So it looks like you over did it as far as security .
Goto:
Control Panel » Group Management » Forum Permissions
Edit the users group. Since they are verified users.
Look at :
Posts require CAPTCHA
place a 0 for each forum they are allowed in.

That will stop the prompt for users that are already logged in.
If you have some special groups you will need to edit them also.

What you want to do is set this setting to 1 for guest groups. So spammers are required to go through the hoops to post.

The permission area can get a little intimating till you get the hang of it.

I guess that I am not making myself clear.

I realize that I can turn captcha on/off on a forum/group basis.

But if I turn it off for registered users, the spammers (who are registered users) will still have access to post without verification through their automated programs.

Being able to enable verification on the login page for all users would allow me to turn it off for the forums for registered users.

Okay I think I am with you now.
I don't see a option for this.
What you want to do is force every user to login when they visit the site every time using captcha? To eliminate the spammers that were approved in a prior version.
The best case is to either ban them on a individual basis, Or add a group that is not allowed to post and move the bad users to it.

I don't believe that these is an option for using captcha on the message board login screen. That is why I submitted this topic here to suggest it for a future release.

Whether the spammers are from a prior version or not is of no concern. Spammers can easily get a registration from the old or new system since their registration process is manual and they can pass the image verification request at registration.

Moving them to another group or banning them is an after the fact action. I don't know they are spammers until they post the spam. By the time I detect their spam, their automated processes can posts many spam messages. Currently I do ban them after I see their postings (sometimes by domain address or ip address), but the damage is done and i have to deal with cleaning up the message board.

I would like image verification on the login screen to be an option to turn on

Okay you are correct. This is the right place to post a feature change. But I don't see it now with 7.5.3.
Others can chime in.

BTW, Forcing guests to use captcha in v 7.5.3 as well as email validation for registrations has eliminated all spamming on my site.

If I m reading this correctly....

They are getting around your security as it is now. Well then adding it to login too is not going to help as they can get through that too.

Ban their entire net block through .htaccess and that will stop them from using that net block. You can ban their entire country that way if you like.

They are getting around my security now because there is no security other than login security. Once they are registered, the automated spam posting programs can post at will because once they log in (which is automated once they get a login and password), they can post anything just like any other registered user.

The automated spam programs won't be able to login if there is an image verification step.

I do have multiple IP ranges (and email domains) blocked with the message board ban feature. But I have a lot that I can't ban because I have valid users in the same IP range. Also, if the spam starts coming in from a new IP range, I don't know they are spammers until after they spam.

Just clarification... He has the captcha turned on for all groups for posting; instead of having that option enabled he'd instead want to have the captcha enabled on the login screen so that valid users don't get prompted every time they want to post; instead they'd get prompted whenever they want to login.

Currently, this isn't an option; but I do see more and more forums having this option available and personally like it as an alternative to enabling it for all groups for posting.

Excellent - you got it! Thanks.