[Koha-devel] Need to improve anti-spam for opac-suggestions
David Cook
dcook at prosentient.com.au
Wed Feb 3 06:54:59 CET 2016
I actually had a thought about that as well. What about text-based captchas? That shouldn’t discriminate against anyone.
Something along the lines of “please enter the third word from the first sentence in the paragraph above into the following box”, and possibly have the numbers in that instruction change randomly.
That wouldn’t discriminate against someone who couldn’t use an image-based captcha. I think the main downside of that one is that it’s a bit verbose for users… but it should be accessible.
Another thought would be to increase the information stored in the database… and maybe allow librarians to flag certain IP addresses as bots. It wouldn’t be perfect but it could provide some relief.
Other ideas… if they send data that doesn’t fit the field type, we might ask the user if they’re a robot. I noticed that the year fields in `suggestions` weren’t being filled correctly with the spam, so someone is probably sending “G:SDHGAEGH” at a field which should be something like “2011”. In other words, we might try adding some basic heuristics and prompt the user if we suspect that they might not be human (I dislike saying that as the email archive will make me seem overly human-centric in the future when we’re sharing the Earth with sentient AIs or aliens..).
Maybe even a confirmation screen after clicking submit which might ask them to re-enter some information or answer a question. Also not perfect but perhaps better than nothing.
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St, Ultimo, NSW 2007
From: Chris Cormack [mailto:chrisc at catalyst.net.nz]
Sent: Wednesday, 3 February 2016 4:42 PM
To: David Cook <dcook at prosentient.com.au>; 'koha-devel' <koha-devel at lists.koha-community.org>
Subject: Re: [Koha-devel] Need to improve anti-spam for opac-suggestions
Positive captchas are still discrimatory. The reasons for not using them are as valid now as they were then.
I guess the question is would you rather discriminate against potential or current users or deal with the spam. Long winded way of me saying we should find a better tool than positive captchas or deal with the spam.
My 2 cents
Chris
On 3 February 2016 4:09:53 pm AEDT, David Cook <dcook at prosentient.com.au <mailto:dcook at prosentient.com.au> > wrote:
Hi all,
It looks like we may need to improve anti-spam for opac-suggestions.pl.
A negative captcha was added with https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144, but I’m noticing a distributed spam attack which appears to either be wise to the “negcap” field or is occasionally lucky to accidentally not put any data with that parameter.
Back in the day, we decided not to go with a positive captcha for accessibility reasons. I suppose we do have a positive captcha in the patron self-registration (I think) so maybe we should add one here. Or… think of something else clever.
Ideas?
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St, Ultimo, NSW 2007
_____
Koha-devel mailing list
Koha-devel at lists.koha-community.org <mailto:Koha-devel at lists.koha-community.org>
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160203/5e8bb14e/attachment-0001.html>
More information about the Koha-devel
mailing list