Build me an "Anti-spam questions" extension (£200 PP)

Wellwisher

The proposal:
Build me an "Anti-spam questions" extension, make it available for free for everyone.

What I am looking for:

Admins should be able to set 'multiple' custom Anti-Spam bots questions & Captcha for new users signing-up (admins can pick which option to enable/disable - i.e enable only Anti-spam bot questions and not captcha).
Your extension must work alongside social login extension FriendsOfFlarum OAuth
Add the option for "captcha & security questions" to be required for members first post (admins can pick which option to enable/disable (i.e only enable captcha to be required for first post). Admin can set how many times verification is required for new members posting i.e 1 or 10 until verification is now longer required by new user.

Payment
I will pay the net amount of £200 into developers paypal account.

FYI - I've always settled my Flarum bounties in the past.
I am like a Lannister who always pays his debts. 🙂

Umutcan

This behavior should be really appreciated. This feature proved to offer a more reliable environment than Capthca in XenForo software. I think a talented developer can definitely handle it.

BartVB

This feature is also on my wish list.

Shall we split the bounty, @Wellwisher ?
An additional requirement though; the extension needs to be open source.

Wellwisher

BartVB happy to split mate

Wellwisher

BartVB or if you contribute a £100 and I am still open to pay £200
Together we can raise £300 bounty, which is more than reasonable?

Trc4

It would be interesting if it was possible for different languages. We have an international community and not everyone speaks every language. Throw that around as an incentive, of course it doesn't have to be.

garygreen

Implementing spam-bot prevention mechanisms is complex, most bots can get around capatchas and questions these days.

I would try to go with something like Turnstile which is available to everyone, even non-Cloudflare users.

Haven't tested it, but this extension adds it: https://github.com/blomstra/flarum-ext-turnstile

That would be far simpler and offer stronger protection than implementing custom captcha/questions imo.

Wellwisher

garygreen captchas on there own yes, the bots can get around them but security questions, no. I would have to disagree. You need to rotate security questions.

On my SMF forum I would change the security questions once every 2x months and I had no problems. It was the combination of security questions and captchas that worked for me.

So much so I unbanned China and Russia.

Just to give you an example of the security questions I would set:

"Name the author of the article named xyz published on the url xyz"

Now if u combine that with 6 odd rotating security questions or pair 2x security questions... bots aren't gonna get past that .

I don't agree with shadow banning bot accounts. I simple don't want fake accounts on my forum period.

AlfMueller

99% of all spambots can be tricked with 3 lines of code.

Simply insert fields in the form field that humans can't see (e.g. category2 or surname. If these then contain a value, it is spam because the human does not see them. (hidden fields).

That would be a simple approach.

Wellwisher

Willing to commission this for £500

Established Devs only (i.e have built their own extensions and are active on flarum.org)

luceos

I've opened the ability to place a bounty; seems this never happened before although the request seems pretty straightforward. Imo this feature could even be added to the recently created fof/anti-spam @IanM might have an interest with a reward of 500 pounds, plus whatever @BartVB might add.

IanM

luceos absolutely, I'd be happy to pick this up and add to fof/anti-spam 🙂

Wellwisher

luceos can you please confirm flarum's paypal so i can just pay it. 🙂

IanM

FYI, I've started working on this implementation. I'll post again when a PR is ready for this 🙂

luceos

Wellwisher maybe @IanM would like to receive it directly. I'd have no issue accepting it through PayPal and paying it out through bank transfer though.

Flarums PayPal is finance@flarum.org.

Wellwisher

luceos No worries @IanM let me know what your paypal is and I will get it paid directly.

IanM

Wellwisher that's very kind of you - it's ian@flarum.org

IanM

For anyone wishing to follow along on the development of this, the draft PR is FriendsOfFlarum/anti-spam6

IanM

Here's the first milestone update:

Progress on this is going well. Already implemented are:

general bootstrapping (creation of the model, validators, etc) for the ChallengeQuestions
create, list, update & delete controllers, with associated commands and tests
refactoring of the admin extension page to allow for an addition tab page
frontend implementation for listing, creating, updating and deletion of ChallengeOptions.

Some screenshots:

List, manage and create challenge questions from the admin interface:

Create new question:

Edit existing question:

Next up will be settings to allow for selecting if challenge questions should be asked upon registration, and the associated backend & frontend logic to present them and check the responses.

Feedback on the implementation so far is very welcome, of course!

I'll be back with a further update as soon as I can...

Wellwisher

IanM looks stunning and seems like it's easy to use, me likely very muchy! 😃

Been waiting for this for so long. 😍
As soon as you're done, I will test it and if it meets all my criteria (which it seems like it does), I'll have you paid - like I have others on here. 🙂 <3