[Koha-devel] Need to improve anti-spam for opac-suggestions
Marc Véron
veron at veron.ch
Wed Feb 3 09:13:22 CET 2016
There is already a text based captcha in opac/opac-memberentry pl.
It asks something like the following (with a random string):
Please type the following characters into the preceding box: ODXZX
Note: The preceding box is case-sensitive. Ensure that the entered
characters are in all-caps.
- What ist the experience with this captcha?
- Possible improvement:
- Do not call the fieldset / field 'captcha' or the like to make it
harder for robots to recognize it as captcha field.
- Combine it with e negative captcha?
Marc
Am 03.02.2016 um 06:54 schrieb David Cook:
>
> I actually had a thought about that as well. What about text-based
> captchas? That shouldn’t discriminate against anyone.
>
> Something along the lines of “please enter the third word from the
> first sentence in the paragraph above into the following box”, and
> possibly have the numbers in that instruction change randomly.
>
> That wouldn’t discriminate against someone who couldn’t use an
> image-based captcha. I think the main downside of that one is that
> it’s a bit verbose for users… but it should be accessible.
>
> Another thought would be to increase the information stored in the
> database… and maybe allow librarians to flag certain IP addresses as
> bots. It wouldn’t be perfect but it could provide some relief.
>
> Other ideas… if they send data that doesn’t fit the field type, we
> might ask the user if they’re a robot. I noticed that the year fields
> in `suggestions` weren’t being filled correctly with the spam, so
> someone is probably sending “G:SDHGAEGH” at a field which should be
> something like “2011”. In other words, we might try adding some basic
> heuristics and prompt the user if we suspect that they might not be
> human (I dislike saying that as the email archive will make me seem
> overly human-centric in the future when we’re sharing the Earth with
> sentient AIs or aliens..).
>
> Maybe even a confirmation screen after clicking submit which might ask
> them to re-enter some information or answer a question. Also not
> perfect but perhaps better than nothing.
>
> David Cook
>
> Systems Librarian
>
> Prosentient Systems
>
> 72/330 Wattle St, Ultimo, NSW 2007
>
> *From:*Chris Cormack [mailto:chrisc at catalyst.net.nz]
> *Sent:* Wednesday, 3 February 2016 4:42 PM
> *To:* David Cook <dcook at prosentient.com.au>; 'koha-devel'
> <koha-devel at lists.koha-community.org>
> *Subject:* Re: [Koha-devel] Need to improve anti-spam for opac-suggestions
>
> Positive captchas are still discrimatory. The reasons for not using
> them are as valid now as they were then.
>
> I guess the question is would you rather discriminate against
> potential or current users or deal with the spam. Long winded way of
> me saying we should find a better tool than positive captchas or deal
> with the spam.
>
> My 2 cents
>
> Chris
>
> On 3 February 2016 4:09:53 pm AEDT, David Cook
> <dcook at prosentient.com.au <mailto:dcook at prosentient.com.au>> wrote:
>
> Hi all,
>
> It looks like we may need to improve anti-spam for
> opac-suggestions.pl.
>
> A negative captcha was added with
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144,
> but I’m noticing a distributed spam attack which appears to either
> be wise to the “negcap” field or is occasionally lucky to
> accidentally not put any data with that parameter.
>
> Back in the day, we decided not to go with a positive captcha for
> accessibility reasons. I suppose we do have a positive captcha in
> the patron self-registration (I think) so maybe we should add one
> here. Or… think of something else clever.
>
> Ideas?
>
> David Cook
>
> Systems Librarian
>
> Prosentient Systems
>
> 72/330 Wattle St, Ultimo, NSW 2007
>
> ------------------------------------------------------------------------
>
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website :http://www.koha-community.org/
> git :http://git.koha-community.org/
> bugs :http://bugs.koha-community.org/
>
> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160203/e33bf68f/attachment.html>
More information about the Koha-devel
mailing list