<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
There is already a text based captcha in opac/opac-memberentry pl.<br>
<br>
It asks something like the following (with a random string):<br>
<br>
Please type the following characters into the preceding box: ODXZX <br>
Note: The preceding box is case-sensitive. Ensure that the entered
characters are in all-caps.<br>
<br>
- What ist the experience with this captcha?<br>
- Possible improvement: <br>
- Do not call the fieldset / field 'captcha' or the like to make
it harder for robots to recognize it as captcha field.<br>
- Combine it with e negative captcha?<br>
<br>
Marc<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Am 03.02.2016 um 06:54 schrieb David
Cook:<br>
</div>
<blockquote
cite="mid:00d001d15e47$6abff8f0$403fead0$@prosentient.com.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose">I actually had a thought about that
as well. What about text-based captchas? That shouldn’t
discriminate against anyone.<o:p></o:p></a></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Something along the lines of “please enter
the third word from the first sentence in the paragraph above
into the following box”, and possibly have the numbers in that
instruction change randomly.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">That wouldn’t discriminate against someone
who couldn’t use an image-based captcha. I think the main
downside of that one is that it’s a bit verbose for users… but
it should be accessible. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Another thought would be to increase the
information stored in the database… and maybe allow librarians
to flag certain IP addresses as bots. It wouldn’t be perfect
but it could provide some relief.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Other ideas… if they send data that doesn’t
fit the field type, we might ask the user if they’re a robot.
I noticed that the year fields in `suggestions` weren’t being
filled correctly with the spam, so someone is probably sending
“G:SDHGAEGH” at a field which should be something like “2011”.
In other words, we might try adding some basic heuristics and
prompt the user if we suspect that they might not be human (I
dislike saying that as the email archive will make me seem
overly human-centric in the future when we’re sharing the
Earth with sentient AIs or aliens..).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Maybe even a confirmation screen after
clicking submit which might ask them to re-enter some
information or answer a question. Also not perfect but perhaps
better than nothing.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">David
Cook<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">Systems
Librarian<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">Prosentient
Systems<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU">72/330
Wattle St, Ultimo, NSW 2007<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm
0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="mso-fareast-language:EN-AU" lang="EN-US">From:</span></b><span
style="mso-fareast-language:EN-AU" lang="EN-US"> Chris
Cormack [<a class="moz-txt-link-freetext" href="mailto:chrisc@catalyst.net.nz">mailto:chrisc@catalyst.net.nz</a>] <br>
<b>Sent:</b> Wednesday, 3 February 2016 4:42 PM<br>
<b>To:</b> David Cook
<a class="moz-txt-link-rfc2396E" href="mailto:dcook@prosentient.com.au"><dcook@prosentient.com.au></a>; 'koha-devel'
<a class="moz-txt-link-rfc2396E" href="mailto:koha-devel@lists.koha-community.org"><koha-devel@lists.koha-community.org></a><br>
<b>Subject:</b> Re: [Koha-devel] Need to improve
anti-spam for opac-suggestions<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-AU">Positive
captchas are still discrimatory. The reasons for not using
them are as valid now as they were then.<br>
<br>
I guess the question is would you rather discriminate
against potential or current users or deal with the spam.
Long winded way of me saying we should find a better tool
than positive captchas or deal with the spam.<br>
<br>
My 2 cents<br>
<br>
Chris<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-AU">On 3
February 2016 4:09:53 pm AEDT, David Cook <<a
moz-do-not-send="true"
href="mailto:dcook@prosentient.com.au"><a class="moz-txt-link-abbreviated" href="mailto:dcook@prosentient.com.au">dcook@prosentient.com.au</a></a>>
wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<p> <o:p></o:p></p>
<p class="MsoNormal">It looks like we may need to improve
anti-spam for opac-suggestions.pl.<o:p></o:p></p>
<p> <o:p></o:p></p>
<p class="MsoNormal">A negative captcha was added with <a
moz-do-not-send="true"
href="https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144"><a class="moz-txt-link-freetext" href="https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144">https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144</a></a>,
but I’m noticing a distributed spam attack which appears
to either be wise to the “negcap” field or is
occasionally lucky to accidentally not put any data with
that parameter. <o:p></o:p></p>
<p> <o:p></o:p></p>
<p class="MsoNormal">Back in the day, we decided not to go
with a positive captcha for accessibility reasons. I
suppose we do have a positive captcha in the patron
self-registration (I think) so maybe we should add one
here. Or… think of something else clever. <o:p></o:p></p>
<p> <o:p></o:p></p>
<p class="MsoNormal">Ideas?<o:p></o:p></p>
<p> <o:p></o:p></p>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-AU">David Cook<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-AU">Systems Librarian<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-AU">Prosentient Systems<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-AU">72/330 Wattle St,
Ultimo, NSW 2007<o:p></o:p></span></p>
<p> <o:p></o:p></p>
<pre style="text-align:center"><hr size="2" width="100%" align="center"></pre><pre>
Koha-devel mailing list
<a moz-do-not-send="true" href="mailto:Koha-devel@lists.koha-community.org">Koha-devel@lists.koha-community.org</a>
<a moz-do-not-send="true" href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a>
website : <a moz-do-not-send="true" href="http://www.koha-community.org">http://www.koha-community.org</a>/
git : <a moz-do-not-send="true" href="http://git.koha-community.org">http://git.koha-community.org</a>/
bugs : <a moz-do-not-send="true" href="http://bugs.koha-community.org/">http://bugs.koha-community.org/</a><o:p></o:p></pre></blockquote></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-AU">
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.<o:p></o:p></span></p></div></div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
Koha-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Koha-devel@lists.koha-community.org">Koha-devel@lists.koha-community.org</a>
<a class="moz-txt-link-freetext" href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a>
website : <a class="moz-txt-link-freetext" href="http://www.koha-community.org/">http://www.koha-community.org/</a>
git : <a class="moz-txt-link-freetext" href="http://git.koha-community.org/">http://git.koha-community.org/</a>
bugs : <a class="moz-txt-link-freetext" href="http://bugs.koha-community.org/">http://bugs.koha-community.org/</a></pre>
</blockquote>
</body></html>