-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We have spam #875
Comments
If an action sending the feedback allowed only mouse clicks we could use jQuery to listen mouse click events? "originalEvent.detail" is true if the button is clicked by the mouse. Bots cannot click the mouse button.
In addition, also keyboard actions can be listened (eg. if a key is pressed): Listening the mouse clicks and the pressed keyboard keys together enable an accessible implementation - maybe. |
My suggestion for some criteria for an acceptable solution:
I believe the accessibility criterion rules out many of the above proposed changes, for example the recent one related to mouse actions (because it should still be possible to use the feedback form without a mouse). |
I agree with you @osma. I think, all the three points you mentioned are valid. In addition to a properly functioning feedback form the points can be considered as minimum requirements. |
TO-DO
|
As we know, spambots are sending spam by making use of feedback form in Skosmos. Recently amount of spam has increased. We are very glad to hear good tips and suggestions to solve this issue 🙂
How to strengthen spam filtering
Proposal 1:
In globalconfig adjust honeypot time
Proposal 2:
In most cases spambots read directly some URLs, I belive. People are more used to click or tab and “surf” on website and they do it mainly via frontpages.
Human user:
Goes to Finto.fi/fi (sv, en) frontpage
a. System: Sets up a cookie FBvisited=yes
b. System: Expiration = 3600 sec
By clicking the Feedback-link on the frontpage, the user is automatically redirected to the refresh page, which sets up a new cookie FeedVisited=yes and then redirects user to the real feedback page (by refresh action in some seconds).
On the real Feedback-page the form is not submitted before a function X has checked the values in the cookies. If both values are yes, the form can be submitted.
Result: Feedback is not sent if there is no visiting on the frontpage and Feedback-link is not tabbed or clicked in certain order. Spambot likely do not follow the order -> Front page -> Feedback refresh-page. To submit the form, the user have to visit firstly on Front page and then Feedback refresh-page.
Proposal 3:
Sets up a cookie visited=yes if user has been visiting on some concept page but the cookie is not set up on feedback page, the feedback page is excluded.
On the feedback-page the form is not submitted before a function X has checked the value in the cookie. If value is yes, the form can be submitted.
Result: Feedback is not sent if the visiting starts on the feedback page. We can assume that bots direct actions directly in some URL (page like http://finto.fi/fi/feedback).
TO-DO
The text was updated successfully, but these errors were encountered: