/meta/ - Board Meta

[Make a Post]
[X]






Captcha ideas sakamoto ## Nanochan Administrator No.5953 [D][S][L][A][C] >>5954 >>5959
So the captcha has finally been defeated. It took way longer than expected, honestly, and I got careless. Sorry about that.
Two of the solutions I had in mind are
1. The tvol system. By giving almost every legitimate user the power to moderate, it'd be much easier to deal with any incoming spam wave due to the higher mod availability and capacity.
2. range deletions. This was supposed to come together with or right after tvols.
3. captcha improvements. The captcha implementation has been pretty shit for a while now and is basically a placebo, it's a mystery it wasn't cracked any sooner. The issue is I have no idea how to make an effective captcha, tried cracking nanochan's captcha myself but got bored of it. If anyone has a better captcha implementation (their own or someone else's) feel free to post your code, idea or a link to it in this thread, refer to the captcha.create function for how the current captcha works. If nothing else, I'll drastically tweak some values for the captcha and make the function closed source.
For now, I'll work on making ranged deletions a thing (just for /recent), and maybe get tvols working, finally

Nanonymous No.5954 [D]
>>5953
Three*

Nanonymous No.5956 [D][U][F] >>5957 >>5959
File: 19b1726039590be91c30036c137efd217b31a053ff737f3ceda13e5b9afd29d3.jpg (dl) (410.67 KiB)
From the other thread. It randomizes the location of the letters more so sometimes they overlap a little. It also draws vertical lines through each letter.

function captcha.assemble(cc, outfile) -- cc is table of 6 characters, a-z
local xx, yy, rr, ss, bx, by = {},{},{},{},{},{},{};
misc.generateseed();

for i = 1, 6 do
if i == 1 then
xx[i] = ((48 * i - 168) + math.random(-12, 24));
elseif i == 6 then
xx[i] = ((48 * i - 168) + math.random(-24, 12));
else
xx[i] = ((48 * i - 168) + math.random(-24, 24));
end
yy[i] = math.random(-10, 10);
rr[i] = math.random(-30, 30);
ss[i] = math.random(-40, 40);
bx[i] = (150 + 1.1 * xx[i]);
by[i] = (40 + 2 * yy[i]);
end

os.execute(string.format(
"/nix/store/7s7sw7a07l3d24n7y62qzk4zpfzaj7v9-graphicsmagick-1.3.32/bin/gm convert -size 290x70 xc:white -bordercolor black -border 5 " ..
"-fill black -stroke black -strokewidth 1 -pointsize 40 " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-draw \"translate %d,%d rotate %d skewX %d gravity center text 0,0 '%s'\" " ..
"-fill none -strokewidth 3 " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d' " ..
"-draw 'bezier %f,%d %f,%d %f,%d %f,%d' " ..
"-draw 'polyline %f,%d %f,%d %f,%d' -quality 0 -strip -colorspace GRAY JPEG:%s",
xx[1], yy[1], rr[1], ss[1], cc[1],
xx[2], yy[2], rr[2], ss[2], cc[2],
xx[3], yy[3], rr[3], ss[3], cc[3],
xx[4], yy[4], rr[4], ss[4], cc[4],
xx[5], yy[5], rr[5], ss[5], cc[5],
xx[6], yy[6], rr[6], ss[6], cc[6],
bx[1] + 5, by[1] - 15, bx[1] + 5, by[1] + 15,
bx[2] + 5, by[2] - 15, bx[2] + 5, by[2] + 15,
bx[3] + 5, by[3] - 15, bx[3] + 5, by[3] + 15,
bx[4] + 5, by[4] - 15, bx[4] + 5, by[4] + 15,
bx[5] + 5, by[5] - 15, bx[5] + 5, by[5] + 15,
bx[6] + 5, by[6] - 15, bx[6] + 5, by[6] + 15,
bx[1], by[1], bx[2], by[2], bx[3], by[3], bx[4], by[4],
bx[4], by[4], bx[5], by[5], bx[6], by[6],
outfile
));
end

Nanonymous No.5957 [D]
>>5956
I'll be using this for now then. Some letters are barely visible though, so it's still not ideal.

Nanonymous No.5958 [D]
Although not a captcha we could add hidden form entries that contain random letters like other imageboard engine. This just adds another step in making a spam bot where you have to take out an input and send it with the request.
For a captcha what if we used different colored letters / numbers that overlapped and you had to give the order from front to back. It might be easier to do this with numbered shapes as it makes the math easier for making sure they are overlapping.
Another idea for a captcha would show a mangled screenshot from nichijou and you would have to specify the episode and timestamp.
Another idea is to create a dataset of a bunch of photos and then the captcha shows a lot of different rotations of the image and the person has to check a box of the image which is the correct orientation.

Nanonymous No.5959 [D] >>5962
>>5953
>tweak some values for the captcha and make the function closed source.
My opinion is that you should not make it closed source, reasons:
1. It's security through obscurity
2. It's a slippery slope: start with captcha then eventually make all of nanochan closed source
3. Gives Asukafag ammo to spread FUD about nanochan being untrustworthy (he did it for mere typos already)

>>5956
The new captcha is difficult. Making the captcha even harder probably plays into Asukafag's hands: chan denial. If I'm right about his malicious intentions, then he'll be here forever to shit up nanochan and deny a home to /pol/ most of all. What he doesn't want is peace, comfyness and high pph.
>inb4 comfy = dead slow

Nanonymous No.5960 [D] >>5961 >>5962
>The new captcha is difficult
Maybe we could have an easy captcha and if pph increases make the captcha harder. We would need to maintain different caches of captchas than just a single one of 30.

Nanonymous No.5961 [D] >>5963 >>5975
>>5960
The captchas are cached? I thought they were generated each time, I don't remember ever getting the same one twice.
>Maybe we could have an easy captcha and if pph increases make the captcha harder.
Sounds like a good idea to me as a nonprofessional, except I'd change the wording from
>if pph increases [the how]
to
<if nanochan is botspammed [the why]
because the captcha system shouldn't punish posters for naturally increasing pph.

Nanonymous No.5962 [D]
>>5959
>closed source
Perhaps deriving the random ranges for the captcha from a private hash might be enough to mess with any efforts of offline captcha image generation. The thing with captchas is that they are fundamentally insecure; if the captcha is image-based it will be cracked, it's just a matter of time.
>>5960
This is doable, I just have to wipe the cache with a single rm tmp_captchas/* command and set a flag in the database to use the new captcha function.

Nanonymous No.5963 [D] >>5975
>>5961
>The captchas are cached?
A nanon in the global meta described the current captcha system nicely
>There are 50 valid captcha responses. Your goal is to guess one of those 50 captchas. To help you with that we show one of the 50 captcha images when you request captcha.jpg.

Nanonymous No.5975 [D]
>>5961
Yeah, I meant a sudden spike in pph.
>>5963
It looks like now the cache is 75 long.

Nanonymous No.5977 [D] >>5980
How can we even respond when you have made this website unusable? It took me 10 minutes of trying like a madman to make a single post.

Of course the captcha is incorrect

umarufag ## Global Volunteer No.5980 [D] >>5983 >>5984
>>5977
sakamoto, would it be a good idea to disable captcha while we're logged in then have it re-enabled (automatically) when nobody is logged in?

An obvious problem with this idea is that a troublemaker could tell when we're offline.

Nanonymous No.5983 [D]
>>5980
>disable captcha while we're logged in
Good idea. Right now toggling captchas takes a huge amount of time since every thread and board needs to be regenerated with the captcha field removed, but that could be solved by just not checking the captcha input upon post creating and having captcha.jpg show nothing (possible since it'd be a global override)
>could tell when we're offline
There could just be a checkbox (default checked) at the login page for "invisible" logins. Still, it'd be non-trivial to implement so I probably won't be getting around to this any time soon.

Nanonymous No.5984 [D] >>5985
>>5980
Put me in charge of the moderation coach!

Nanonymous No.5985 [D]
>>5984
Who are you?
>inb4 sagufaka

Nanonymous No.5986 [D] >>5996
sakamoto, dunno if you lurk other boards anyway there is this idea for a gif captcha >>>/g/8865

Nanonymous No.5993 [D][U][F] >>5994 >>5995
File: 450cb1ad32306130ab33467d860871a1b0ec1aaa4e8d3381abffa5f227722b43.jpg (dl) (88.86 KiB)
Here my captcha implementation. Written in c, with no external dependencies. Let me know how you want the code sent.

Nanonymous No.5994 [D]
>>5993
looks cool
you can upload a file with a .txt extension(i am not admin)

sakamoto ## Nanochan Administrator No.5995 [D] >>5996 >>6137
>>5993
Easiest way would be pgp encrypted, here's a temporary public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXbzgRxYJKwYBBAHaRw8BAQdAuILVwRuW1857RVQo9f6HMgsN+vtTQ/srQqbj
sFcHhIq0BW5hbm9uiJYEExYIAD4WIQQBS0pFDecOdvHsSd9fmx4foh5StAUCXbzg
RwIbAwUJA8PXeQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBfmx4foh5StABM
AP9JsRXeVP7DaxcZBejhIenO0s54J2eAxf6on5DaDVLZSgD+JoVWR+mJa3fa8OXv
g/5gEgICdsA6F3+k1sZtFmHgmwW4OARdvOBHEgorBgEEAZdVAQUBAQdA0deM1imx
4uMN8xPpKnhQoRUKdUG+ZWiJkAzLwH7D8QQDAQgHiH4EGBYIACYWIQQBS0pFDecO
dvHsSd9fmx4foh5StAUCXbzgRwIbDAUJA8PXeQAKCRBfmx4foh5StD23AP41ujOa
lEUbMCKlpnS3+XytHnn1wIP3d0KqKKxWoFaGuQEAoL5FKKu/NHR6Om8DK5K1cVrZ
+K+HDalSLnQR3azhUA0=
=nZTy
-----END PGP PUBLIC KEY BLOCK-----

Nanonymous No.5996 [D]
>>5995
You could of course upload it as a .txt file too, but that's up to you
>>5986
I've been following that thread, seems too gimmicky though, a you could just stitch the frames back together yourself or process them individually

Nanonymous No.6137 [D][U][F] >>6420
File: 1207e79dda7d93e1e1a140e971cc7e82d4a0b54f4f5adbb7e4509d8add18ed43.txt (dl) (147.07 KiB)
>>5995
not used to pgp, tell me if this works

Nanonymous No.6420 [D] >>6440
>>6137
It works, but the program segfaults when the working directory is not the same as where the code is, probably due to the font file not prepending the script location to the filename for the function that loads the font.

Nanonymous No.6440 [D][U][F] >>6460
File: 75f7c668217af4bacf9d178b5fe878dd84642040813e39e69b27037594ffd7f8.txt (dl) (147.04 KiB)
>>6420
That would indeed be the reason. Here's a version where everything's linked into one file, should be usable from any directory.

Nanonymous No.6460 [D]
>>6440
That works. Thanks for the help