[Koha-devel] Need to improve anti-spam for opac-suggestions

Marc Véron veron at veron.ch
Wed Feb 3 09:13:22 CET 2016 

There is already a text based captcha in opac/opac-memberentry pl.

It asks something like the following (with a random string):

Please type the following characters into the preceding box: ODXZX
Note: The preceding box is case-sensitive. Ensure that the entered 
characters are in all-caps.

- What ist the experience with this captcha?
- Possible improvement:
   - Do not call the fieldset / field 'captcha' or the like to make it 
harder for robots to recognize it as captcha field.
   - Combine it with e negative captcha?

Marc



Am 03.02.2016 um 06:54 schrieb David Cook:
>
> I actually had a thought about that as well. What about text-based 
> captchas? That shouldn’t discriminate against anyone.
>
> Something along the lines of “please enter the third word from the 
> first sentence in the paragraph above into the following box”, and 
> possibly have the numbers in that instruction change randomly.
>
> That wouldn’t discriminate against someone who couldn’t use an 
> image-based captcha. I think the main downside of that one is that 
> it’s a bit verbose for users… but it should be accessible.
>
> Another thought would be to increase the information stored in the 
> database… and maybe allow librarians to flag certain IP addresses as 
> bots. It wouldn’t be perfect but it could provide some relief.
>
> Other ideas… if they send data that doesn’t fit the field type, we 
> might ask the user if they’re a robot. I noticed that the year fields 
> in `suggestions` weren’t being filled correctly with the spam, so 
> someone is probably sending “G:SDHGAEGH” at a field which should be 
> something like “2011”. In other words, we might try adding some basic 
> heuristics and prompt the user if we suspect that they might not be 
> human (I dislike saying that as the email archive will make me seem 
> overly human-centric in the future when we’re sharing the Earth with 
> sentient AIs or aliens..).
>
> Maybe even a confirmation screen after clicking submit which might ask 
> them to re-enter some information or answer a question. Also not 
> perfect but perhaps better than nothing.
>
> David Cook
>
> Systems Librarian
>
> Prosentient Systems
>
> 72/330 Wattle St, Ultimo, NSW 2007
>
> *From:*Chris Cormack [mailto:chrisc at catalyst.net.nz]
> *Sent:* Wednesday, 3 February 2016 4:42 PM
> *To:* David Cook <dcook at prosentient.com.au>; 'koha-devel' 
> <koha-devel at lists.koha-community.org>
> *Subject:* Re: [Koha-devel] Need to improve anti-spam for opac-suggestions
>
> Positive captchas are still discrimatory. The reasons for not using 
> them are as valid now as they were then.
>
> I guess the question is would you rather discriminate against 
> potential or current users or deal with the spam. Long winded way of 
> me saying we should find a better tool than positive captchas or deal 
> with the spam.
>
> My 2 cents
>
> Chris
>
> On 3 February 2016 4:09:53 pm AEDT, David Cook 
> <dcook at prosentient.com.au <mailto:dcook at prosentient.com.au>> wrote:
>
>     Hi all,
>
>     It looks like we may need to improve anti-spam for
>     opac-suggestions.pl.
>
>     A negative captcha was added with
>     https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144,
>     but I’m noticing a distributed spam attack which appears to either
>     be wise to the “negcap” field or is occasionally lucky to
>     accidentally not put any data with that parameter.
>
>     Back in the day, we decided not to go with a positive captcha for
>     accessibility reasons. I suppose we do have a positive captcha in
>     the patron self-registration (I think) so maybe we should add one
>     here. Or… think of something else clever.
>
>     Ideas?
>
>     David Cook
>
>     Systems Librarian
>
>     Prosentient Systems
>
>     72/330 Wattle St, Ultimo, NSW 2007
>
>     ------------------------------------------------------------------------
>
>     Koha-devel mailing list
>     Koha-devel at lists.koha-community.org
>     <mailto:Koha-devel at lists.koha-community.org>
>     http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>     website :http://www.koha-community.org/
>     git :http://git.koha-community.org/
>     bugs :http://bugs.koha-community.org/
>
> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160203/e33bf68f/attachment.html>

More information about the Koha-devel mailing list