What's the Best Way to Stop Bots from using a Convio Registration Form?

Options
Mark Ricks
Mark Ricks
Ninth Anniversary Photogenic First Comment
in Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
ADA's Support Community is seeing a spike in fake accounts being created. On 10/14/2016 from 0110 to 0824 of the 59 of the 60 postings were bot postings. CAPTCHA is enabled on this form: http://community.diabetes.org/join. Has Convio given an up-to-date solution for this? A search in the Blackbaud Forums only shows discussions, tips & tricks that are several years old. Any help would be greatly appreciated.
Tagged:

Comments

  • Brian Mucha
    Brian Mucha
    Ancient Membership 2500 Comments 250 Likes Name Dropper
    I wonder if we can impliment reCAPTCHA, rather than using Luminate's ancient version.


    https://www.google.com/recaptcha/intro/index.html

     
  • Hilda Hernandez
    Hilda Hernandez
    Ancient Membership Photogenic First Comment

    Mark Ricks:
    ADA's Support Community is seeing a spike in fake accounts being created. On 10/14/2016 from 0110 to 0824 of the 59 of the 60 postings were bot postings. CAPTCHA is enabled on this form: http://community.diabetes.org/join. Has Convio given an up-to-date solution for this? A search in the Blackbaud Forums only shows discussions, tips & tricks that are several years old. Any help would be greatly appreciated.

     

    We have also seen a spike in these fake accounts.  I'm wondering what other organizations are doing to protect themselves and to clean up the data.


    Hilda

  • Daniel Hartanto
    Daniel Hartanto
    Ancient Membership 100 Comments 25 Likes Name Dropper
    That Google Recaptcha is an interesting idea, and could probably be a step forward in making it harder for most bots to outsmart (since that's not any of form element interactivities (checkbox vs clickable div) . I am saying this because if I recall correctly those Luminate Online forms usually would have a hidden checkbox that supposed not to get checked if I recall under the ID "denySubmit" or something that basically would prevent the form to get submitted if it's happened to be clicked by the bots -- but seems like the bot managed to outsmart that nowadays.


    I've gotten to play around with it bit further now (yes you can do defer rendering for a dynamically generated form as the case with some of these LO forms have jQuery prepend the rendering onload) and kind of wondering how much we are going to miss from not having the "server-side" verifying end  (given that we need the secret key that should be well kept thus a js solution is probably not a good idea), let say for a development environment that's handicapped from having access to server side technologies to even begin with ; maybe still half way more secure vs if we don't have it at all -- thoughts?


    regards,

    Daniel


    Add On Edit

    With Javascript only on that Google ReCaptcha -- we basically are going to check whether the response is blank or not upon form submit as validation to let the form be submitted or not



     

    Brian Mucha:

    I wonder if we can impliment reCAPTCHA, rather than using Luminate's ancient version.


    https://www.google.com/recaptcha/intro/index.html

     

     

  • Brian Mucha
    Brian Mucha
    Ancient Membership 2500 Comments 250 Likes Name Dropper
    Ugh, the 'Verifying the User's Response' step. Now it's coming back to me from when I looked at this back with v1.


    Sure would be nice if BB would adopt reCaptcha rather than their own solution. Google will keep updating their widget over time.

    Daniel Hartanto:

    That Google Recaptcha is an interesting idea, and could probably be a step forward in making it harder for most bots to outsmart (since that's not any of form element interactivities (checkbox vs clickable div) . I am saying this because if I recall correctly those Luminate Online forms usually would have a hidden checkbox that supposed not to get checked if I recall under the ID "denySubmit" or something that basically would prevent the form to get submitted if it's happened to be clicked by the bots -- but seems like the bot managed to outsmart that nowadays.


    I've gotten to play around with it bit further now (yes you can do defer rendering for a dynamically generated form as the case with some of these LO forms have jQuery prepend the rendering onload) and kind of wondering how much we are going to miss from not having the "server-side" verifying end  (given that we need the secret key that should be well kept thus a js solution is probably not a good idea), let say for a development environment that's handicapped from having access to server side technologies to even begin with ; maybe still half way more secure vs if we don't have it at all -- thoughts?


    regards,

    Daniel


    Add On Edit

    With Javascript only on that Google ReCaptcha -- we basically are going to check whether the response is blank or not upon form submit as validation to let the form be submitted or not



     

    Brian Mucha:

    I wonder if we can impliment reCAPTCHA, rather than using Luminate's ancient version.


    https://www.google.com/recaptcha/intro/index.html

     

     

     

     

Categories