Spring RTS Engine

I'm not sure which of you had the great idea of adding that giant piece of fail, but tbh I don't really care. I just spent 15 tries to log into this forum regardless of the fact that my password was right every single time, I couldn't log in because of this fucking idiotic captcha that no one can read much less understand.

GET F****** RID OF IT!

Forboding Angel confirmed for bot.

While I agree that the captchas are often inscrutable, the fact that we're seeing them at all means that bots are aggressively targeting this forum and trying to hack our accounts. In that case, I'd say we need *more* anti-bot security, not less.

Forboding Angel wrote:I'm not sure which of you had the great idea of adding that giant piece of fail, but tbh I don't really care. I just spent 15 tries to log into this forum regardless of the fact that my password was right every single time, I couldn't log in because of this fucking idiotic captcha that no one can read much less understand.

GET FUCKING RID OF IT!

• This does not belong in the development forum
• This forum has had that feature for a very long time, possibly since the update to phpbb3 - it wasn't just added recently to piss you off
• Do you expect a post with that tone to actually be cogent?
• You've posted in a thread identical to this, why create a new one?
• Having to type in a captcha is way better than having your account hijacked - which is literally the alternative

These are all reasons why a reasonable person would not have written that post. I think the role of said reasonable person is one you should adopt.

And a reasonable Captcha doesn't require 15 tries before finally giving you something intelligible that you can actually answer.

And what IS new is the fact that I had to reformat my laptop so no more cookies to keep me company. Every single time I get logged out of my forum account, it's a battle to get logged back in. None of you will remember this, but way back when my account was first created, I couldn't get it to go through to the point that in the lobby I had to ask someone else to create the account and then give me the password for it.

This isn't exactly my first issue with this forum. Makes me wonder how many legit people have said fuckit due to the issues with creating accounts and logging in.

Glasses are dirt cheap these days, go buy a pair.

How can you expect anything to work on the internet when you have such deficient eyes is beyond me.

Erm - I don't think that comment is quite appropriate Zwzsg...
When I had to enter capcha because my account had been attempted to be brute forced, I had considerable difficulties till I got it right as well (god forbid I'd have to do that on every login...). And no, I don't need glasses...
But still think the capcha needs to stay - at least in some form (I can't guage how good bots are at cracking them...).

why not just get it to remember your login? I seldom ever login unless I accidentally on the logout button.

smoth wrote:why not just get it to remember your login? I seldom ever login unless I accidentally on the logout button.

I get logged out now and then for weird reasons.

It doesn't give you a captcha unless you're giving it wrong passwords, does it? I just tested and didn't get one.

Edit: Grabbed a captcha and converted to grayscale, still no issues reading it, and colorblindness is the only usability issue I can think of that applies to an RTS. I guess your brain's weird.

lurker wrote:It doesn't give you a captcha unless you're giving it wrong passwords, does it? I just tested and didn't get one.

I have consistently been given the captcha (too many log in attempts) the first time I enter a password (which I'm sure was correct)... this has happened a lot recently because I installed a new OS, logged in from my wife's computer and my mom's computer, switched to Chrome and then back to Firefox and was using Ubuntu is "disk mode" for a couple days while I was working up the nerve to install it.

kittens !

lol@move from "Development" to "General".
shouldnt this be in "Site content"?
w/e forum is a mess anyway.

Anyone remember that captch rapidshare had ~2 years ago, with the kittens? There were some letters and you only had to enter the letters with (the outlines of) kittens on them. That was superstupid because some kittens were in fact horses or dogs and i could never tell from the small pixelcrap...
Never wrongly entered the captcha on this forum though...

SinbadEV wrote:

lurker wrote:It doesn't give you a captcha unless you're giving it wrong passwords, does it? I just tested and didn't get one.

I have consistently been given the captcha (too many log in attempts) the first time I enter a password (which I'm sure was correct)... this has happened a lot recently.

Exact same story here on my laptop.

knorke wrote:Anyone remember that captch rapidshare had ~2 years ago, with the kittens? There were some letters and you only had to enter the letters with (the outlines of) kittens on them. That was superstupid because some kittens were in fact horses or dogs and i could never tell from the small pixelcrap...

im pretty sure it wasnt 2 years ago, i remember trying to pass this nightmare last year on rapid.

and i mean different kittens. cute one ! and easy to recognize.

Forboding Angel wrote:

SinbadEV wrote:

lurker wrote:It doesn't give you a captcha unless you're giving it wrong passwords, does it? I just tested and didn't get one.

I have consistently been given the captcha (too many log in attempts) the first time I enter a password (which I'm sure was correct)... this has happened a lot recently.

Exact same story here on my laptop.

This is exactly what should happen if someone had been trying to hack your account. Once triggered (a few wrong passwords from a hacker/bot) it then has to respond to any login attempt (right or wrong) with a captcha. It can't give the captcha before the login as it doesn't knwo the username and it can't accept a valid password as then the captcha can be completely ignored and brute force methods still work. Its a block that has to be unlocked with a captcha, not just a password.

Loosening security (easier captchas that are perhaps solvable by a computer) is clearly a shitty solution to a problem caused by active hackers trying to hack accounts.

Perhaps some form of hardened security would solve the problem for you (IP filtering?). Maybe there is a phpbb plugin that could be enabled on an optional account-by-account basis... If waiting for the hacker to get bored and stop trying is too much trouble then try reseaching solutions.

momfreeek wrote:This is exactly what should happen if someone had been trying to hack your account. Once triggered (a few wrong passwords from a hacker/bot) it then has to respond to any login attempt (right or wrong) with a captcha.

Are you implying that bots HAVE been trying to hack my account on a regular enough basis for the captcha to show up correctly every time I've had to log in over the past few months? I would like someone with access to the server logs to investigate this possibility because it is worrisome.

I'm not the first to make that implication. Ask neddie.?

Assuming its not a bug, perhaps this would alleviate the troubles:
http://www.phpbb.com/customise/db/mod/s ... user_name/

SinbadEV wrote:

momfreeek wrote:This is exactly what should happen if someone had been trying to hack your account. Once triggered (a few wrong passwords from a hacker/bot) it then has to respond to any login attempt (right or wrong) with a captcha.

Are you implying that bots HAVE been trying to hack my account on a regular enough basis for the captcha to show up correctly every time I've had to log in over the past few months? I would like someone with access to the server logs to investigate this possibility because it is worrisome.

That is not an implication. It IS happening on many messageboards.

Yup. Everybody make sure your password is dictionary-attack-unfriendly. Avoid dictionary words, keep it longish, include numbers and (if you're really hardcore) a mix of lower and upper case.

If your password is on a "common password" list, you're screwed. "qwerty" or "123456" is just asking for it.