Re: [Koha-devel] Need to improve anti-spam for opac-suggestions

[Marc Véron]

There is already a text based captcha in opac/opac-memberentry pl.
It asks something like the following (with a random string):

Please type the following characters into the preceding box: ODXZX
Note: The preceding box is case-sensitive. Ensure that the entered 
characters are in all-caps.

- What ist the experience with this captcha?
- Possible improvement:
  - Do not call the fieldset / field 'captcha' or the like to make it 
harder for robots to recognize it as captcha field.
  - Combine it with e negative captcha?

Marc



Am 03.02.2016 um 06:54 schrieb David Cook:

I actually had a thought about that as well. What about text-based 
captchas? That shouldn’t discriminate against anyone.

Something along the lines of “please enter the third word from the 
first sentence in the paragraph above into the following box”, and 
possibly have the numbers in that instruction change randomly.

That wouldn’t discriminate against someone who couldn’t use an 
image-based captcha. I think the main downside of that one is that 
it’s a bit verbose for users… but it should be accessible.

Another thought would be to increase the information stored in the 
database… and maybe allow librarians to flag certain IP addresses as 
bots. It wouldn’t be perfect but it could provide some relief.

Other ideas… if they send data that doesn’t fit the field type, we 
might ask the user if they’re a robot. I noticed that the year fields 
in `suggestions` weren’t being filled correctly with the spam, so 
someone is probably sending “G:SDHGAEGH” at a field which should be 
something like “2011”. In other words, we might try adding some basic 
heuristics and prompt the user if we suspect that they might not be 
human (I dislike saying that as the email archive will make me seem 
overly human-centric in the future when we’re sharing the Earth with 
sentient AIs or aliens..).

Maybe even a confirmation screen after clicking submit which might ask 
them to re-enter some information or answer a question. Also not 
perfect but perhaps better than nothing.

David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St, Ultimo, NSW 2007

*From:*Chris Cormack [mailto:chr...@catalyst.net.nz]
*Sent:* Wednesday, 3 February 2016 4:42 PM
*To:* David Cook <dc...@prosentient.com.au>; 'koha-devel' 
<koha-devel@lists.koha-community.org>
*Subject:* Re: [Koha-devel] Need to improve anti-spam for opac-suggestions

Positive captchas are still discrimatory. The reasons for not using 
them are as valid now as they were then.

I guess the question is would you rather discriminate against 
potential or current users or deal with the spam. Long winded way of 
me saying we should find a better tool than positive captchas or deal 
with the spam.

My 2 cents

Chris

On 3 February 2016 4:09:53 pm AEDT, David Cook 
<dc...@prosentient.com.au <mailto:dc...@prosentient.com.au>> wrote:

    Hi all,

    It looks like we may need to improve anti-spam for
    opac-suggestions.pl.

    A negative captcha was added with
    https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3144,
    but I’m noticing a distributed spam attack which appears to either
    be wise to the “negcap” field or is occasionally lucky to
    accidentally not put any data with that parameter.

    Back in the day, we decided not to go with a positive captcha for
    accessibility reasons. I suppose we do have a positive captcha in
    the patron self-registration (I think) so maybe we should add one
    here. Or… think of something else clever.

    Ideas?

    David Cook

    Systems Librarian

    Prosentient Systems

    72/330 Wattle St, Ultimo, NSW 2007

    ------------------------------------------------------------------------

    Koha-devel mailing list
    Koha-devel@lists.koha-community.org
    <mailto:Koha-devel@lists.koha-community.org>
    http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
    website :http://www.koha-community.org/
    git :http://git.koha-community.org/
    bugs :http://bugs.koha-community.org/

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/