New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(donation): prevent WP users from being created if donation fails #3035
Comments
After discussion with @ravinderk over the call, we have finalized 2 tasks for now. @kevinwhoffman Can you provide me the local site you're talking about it over developer call so that I can do research on that data and try to identify whether there is any other scenario to handle for preventing spam. |
@mehul0810 here's the export that you can import into local: https://givewp.slack.com/files/U064V9KDJ/FA94LKFB6/20180412_alphacare_41d61024534092be2914180412174723_archive.zip |
@mehul0810 The first step I would take is to dig into the process by which users are registered in the donation form and determine whether a user is created before the donation is processed. If that is the case, then we will want to re-order the user creation process so that it occurs only if the donation post has been created. Please investigate this on a fresh install of Give and report back. Then we can decide how to proceed with the backup site if necessary. |
@kevinwhoffman @ravinderk @DevinWalker Findings
Regarding Point (2): We need to validate donation and then create a user so the sequence of the hook being called will also change. Let me know your thoughts whether we do require the backward compatibility in this case? Also, I'll try to optimize the code to make sure that we bail out earlier if any of the required data is not passed. This will also help to prevent donation/donor/user spam. |
This seems to be the core of the problem and explains why some customers are seeing spam users but not spam donations. We should only register the user after the donation is validated.
@mehul0810 I'm not seeing the backwards compatibility concerns that would arise by only registering users upon valid donations. Can you elaborate? |
@kevinwhoffman I had a doubt regarding backward compatibility in this case. Hence, I've taken this point into consideration to ensure that backward compatibility is required or not based on individual thoughts. |
I see. I think it depends on whether the data passed in those hooks changes as a result of the sequence change. @ravinderk and @DevinWalker will have better insight. |
|
Slack Call SummaryParticipants: @mehul0810 @ravinderk |
Slack Call SummaryParticipants: @mehul0810 @ravinderk |
Slack Call SummaryParticipants: @mehul0810 @ravinderk |
We're approaching Let's return to this immediately after |
@DevinWalker @kevinwhoffman @ravinderk Final Suggestions for spam prevention implementation1. Client and Server side validation to allow only alphabets for first and last name Let me know your thoughts on proceeding for implementation of spam prevention and see whether users still get spam donation or not. After releasing this fix, if end users still get spam donations/donors/users then we will look forward to re-ordering the user creation process. Also, let me know with which option (a) or (b) to proceed with for point (2). |
@mehulgohil how you suggestion different then honeypot hidden field for ref: https://github.com/WordImpress/Give/blob/master/includes/forms/template.php#L147 |
@ravinderk that was my thought too - we already have a honeypot field, and it apparently doesn't work very well. |
Two thoughts from my own experience and seeing what some other form tools do to fight spam: For the honeypot input that is already built-in, don't use "honeypot" in its id, name or css class. Bot authors are smart enough to look for that sort of thing and skip the input field. @mehul0810's idea differs from the current implementation in this sense. His suggested approach makes the field more tempting to the bots' scripts. Consider building in optional support for noCaptcha or reCaptcha for users willing to go get an API key to enable them. |
I like options 1, 3, and 4. ✔️ Option 1 -- I think is easy and obvious and will be a minor benefit. ✔️ Option 3 -- I like this in general, and it could have a nice clean effect on our forms. basically, if NO gateway is set by default then none of those fields are visible until one is selected. That has a nice progressive effect. But it does require the donor to do an additional click (for those that would have previously just donated with the default gateway) ✔️ Option 4 -- This is also important and obvious. I think this and option 1 alone will make a big difference. ❌ Option 2 feels like it could raise more problems than it solves. I think that bots are smart enough to avoid inputs that are marked as "honeypot" (like Scott suggested) but also smart enough to avoid inputs that are hidden as well. ❌ I don't support offering noCaptcha or reCaptcha in our donation forms as an option at all for a wide variety of reasons, most importantly it's just a bad donor experience. |
I agree with @mathetos on all of the above. In addition, only registering users after a donation is successfully created ensures that other anti-spam tactics like Akismet and Stop Donor Spam will be more successful. Specifically, we know that in the past Stop Donor Spam has prevented spam donations but allowed spam users. So by making the donation a precondition for user registration, that situation should be improved. |
That's right, I also STRONGLY agree that the actions of how things are triggered matters a lot. In my mind it should be something like this:
|
@mehul0810 it sounds like we're in agreement in the above comments. I'm removing this from the blockers so we can proceed. |
Slack Call SummaryParticipants: @ravinderk @mehul0810 |
Slack Call SummaryParticipant: @ravinderk @mehul0810 |
I have implemented the below tasks to handle the donation spam for now.
In future, we will refactor the user creation work-flow based on the donation spam user reports after this issue as it will be a breaking change. |
@mehul0810 Just thinking through possible problems, how does your validation of first/last name handle non-latin characters (Chinese/Japanese, etc)? Or characters with accents? |
I just tested by adding a name in Chinese language and it showing me a validation error |
This needs to be fixed before we can release |
fix(donation): prevent WP users from being created if donation fails #3035
User Story
As a
Give Admin
, I am experiencing a lot of spam user registrations through my Give donation forms. I want to prevent that from happening.Current Behavior
I currently am using both the Akismet integration and also the functionality plugin Stop Donor Spam, but these spam users are still being created.
Expected Behavior
I expect all wordpress users generated through our Give forms to be actual donors, and for spam donors to be blocked.
Possible Solution
Check on the order of actions during donation. @kevinwhoffman and I have a hunch that the user generation action is happening BEFORE the donation has been validated. Ideally, user creation should only happen after the donation itself has been completely successful and passed all validation checks.
Steps to Reproduce
Related
Customer Reports
donor spam
https://secure.helpscout.net/search/?query=tag:donor%20spamTasks
The text was updated successfully, but these errors were encountered: