Hi, I'm looking for a solution which will be zero time wasting for human users, not even clicking on the recaptcha's button, but on the other hand will prevent bots from submitting the form. I'm not sure how this can be implemented technically. But right now the "no bots" field I added prevents all the bots from submitting the forms on our websites. The only disadvantage of it is that it wastes about ~30 seconds of human users who have to type this number for the form to be submitted successfully.
We also have a registration form but luckily it was not abused (yet) by bots. All the other forms on our website (except registration, login and contact) can only be submitted by logged in users anyway. And if the user is logged in - he is not a bot. I have another website which uses MediaWiki and there it was flooded by bots who also signed up for the website and created accounts and then pages. I guess these bots are MediaWiki-specific bots. אורי u...@speedy.net On Sat, Dec 14, 2019 at 1:41 PM Adam Johnson <m...@adamj.eu> wrote: > Preventing bot submissions is a bit of an arms race. Django could add some > protection but if many Django sites use it then bot scripts might be > adapted to workaround it. > > I've had success using django-recaptcha in the past: > https://github.com/praekelt/django-recaptcha . django-honeypot looks good > too. > > I think adding such protection would be a major project - research plus > implementation. I think it could make a good Google Summer of Code project > and will suggest it to the other DSF members. > > On Fri, 13 Dec 2019 at 04:02, אורי <u...@speedy.net> wrote: > >> Thank you. How do I use django-honeypot and how does it work? How does it >> affect our human users and how does it affect the bots? I didn't understand >> from their website. >> >> I added a new feature request https://code.djangoproject.com/ticket/31085 >> אורי >> u...@speedy.net >> >> >> On Fri, Dec 13, 2019 at 5:50 AM Kye Russell <m...@kye.id.au> wrote: >> >>> This is more of a support question, but: >>> https://github.com/jamesturk/django-honeypot will thwart the majority >>> of (naive) automation attempts. >>> >>> >>> On 13 December 2019 at 10:42:54 am, אורי (u...@speedy.net) wrote: >>> >>> Django developers, >>> >>> After releasing Speedy Net to production I received lots of spam to our >>> contact forms [https://en.speedy.net/contact/ & >>> https://en.speedymatch.com/contact/]. I found out that all of these >>> spam messages were produced by bots. I had to add a new "no bots" field to >>> this form, where I just ask users to type a specific number and validate it >>> in the form. Since I added this field I didn't receive any more spam from >>> the contact forms. I know Django is using CSRF cookie directives, but isn't >>> it possible to prevent bots from submitting forms? I would like to remove >>> the "no bots" field from this form as it is wasting time of our users who >>> want to contact us. But I don't want to receive messages from bots. Is >>> there another way to prevent bots from submitting forms? >>> >>> אורי >>> u...@speedy.net >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django developers (Contributions to Django itself)" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-developers+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django developers (Contributions to Django itself)" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-developers+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Adam > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzqGw-EQ9ApyWiFUsgKx-nqPvoGYZwbAOBvZu8pyTXg%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzqGw-EQ9ApyWiFUsgKx-nqPvoGYZwbAOBvZu8pyTXg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CABD5YeHc_%3DbS_9Bh-L3m0-KS8K75Ws%2BVMuTLx-v3SiWwoP9jvw%40mail.gmail.com.
