yournamehere Posted May 22, 2009 Share Posted May 22, 2009 Hi,http://www.sitepoint.com/blogs/2009/05/14/captcha-alternatives/Found this article and checked a few things out as an alternative to CAPTCHA.... what are the odds someone could integrate a few of the key features into PRESTASHOP so we might prevent a few of these spam bot orders?I thought the hidden fields thing and the timing the data entry looked promising...Shouldn't be too hard, but I'm not familiar enough with SMARTY to do it all...What do you think?Cheers,Sam Link to comment Share on other sites More sharing options...
VIXUS Posted May 22, 2009 Share Posted May 22, 2009 These two would be great if presta team can implement it.1. Use a honeypot fieldSpambots normally attempt to complete every form field so they pass basic validation. A honeypot field is one that is hidden from the user (CSS display set to none), so any value passed back is likely to come from a bot. The field should be labelled “Please leave this blank” or similar to account for those with CSS disabled or using custom stylesheets.2. Show a verification page or fail the first posting attemptBots have a tough time reacting to a server response. If you are in any doubt about the validity of a post, show a intermediary page asking the user to confirm their data and press submit again.It's quite simple to implement and its almost unnoticed from customer point of view. Link to comment Share on other sites More sharing options...
yournamehere Posted May 22, 2009 Author Share Posted May 22, 2009 Yes... THose two i notcied...I alos thought this one:8. Time the user responseAccounting for human behaviour is one of the best ways to spot the bots. Users will take a little time to complete forms whereas bots are almost instantaneous. I use the following method in many forms and it has been effective: 1. The current server time is recorded when the form page is generated. 2. The time value is encoded into a string. The actual encoding algorithm is up to you, but it must be one that is not obvious and allow decoding back to the original value. I would also recommend using unique user data, such as the IP address, as an encryption key. 3. The encoded time is put in a hidden form value. 4. When the form is posted back, the field is checked and decoded back to a time. This can now be compared with the current server time to ensure the response time falls within a specific window, e.g. between 20 seconds and 20 minutes.There are several benefits to this process: it does not rely on client-side technology, the time value must be in the returned data and, even if your form is spoofed, it limits the number of bogus submissions that can be sent.CheersS Link to comment Share on other sites More sharing options...
Hoodgrown Posted May 22, 2009 Share Posted May 22, 2009 I haven't received any bot form submissions yet but I am receiving a lot of bot traffic through my Live Chat app. Link to comment Share on other sites More sharing options...
tatamata Posted May 23, 2009 Share Posted May 23, 2009 These three things implemented into presta would be awesome.Presta would defenetly be ahead if its competition in this segment. 1 Link to comment Share on other sites More sharing options...
Recommended Posts