On Sat, Dec 14, 2019 at 9:25 AM Tom Forbes <t...@tomforb.es> wrote: > IMO this is outside of the scope of this mailing list. There is no simple > answer to this problem, nor a general solution. There is however a wealth > of information on this topic that you can find with a few Google searches. >
I agree > If there is something we can do to Django to make it easier to integrate > 3rd party bot detection services then that’s something we could discuss, > but it’s not sensible to include any attempts detection inside Django > itself. > > One of the better ways of zero-friction verification is Google’s recapture > service - they have a hidden zero-interaction version that uses google’s > historical data on that users browsing habits to detect if they are a bot. > Or you can install a spam filter easily with: https://django-ai.readthedocs.io/en/latest/apps/spam_filtering.html https://django-ai.readthedocs.io/en/latest/apps/examples.html#spam-filtering-with-svm-example-3 > > Tom > > On 14 Dec 2019, at 13:29, אורי <u...@speedy.net> wrote: > > > Hi, > > I'm looking for a solution which will be zero time wasting for human > users, not even clicking on the recaptcha's button, but on the other hand > will prevent bots from submitting the form. I'm not sure how this can be > implemented technically. But right now the "no bots" field I added prevents > all the bots from submitting the forms on our websites. The only > disadvantage of it is that it wastes about ~30 seconds of human users who > have to type this number for the form to be submitted successfully. > > We also have a registration form but luckily it was not abused (yet) by > bots. All the other forms on our website (except registration, login and > contact) can only be submitted by logged in users anyway. And if the user > is logged in - he is not a bot. > > I have another website which uses MediaWiki and there it was flooded by > bots who also signed up for the website and created accounts and then > pages. I guess these bots are MediaWiki-specific bots. > > אורי > u...@speedy.net > > > On Sat, Dec 14, 2019 at 1:41 PM Adam Johnson <m...@adamj.eu> wrote: > >> Preventing bot submissions is a bit of an arms race. Django could add >> some protection but if many Django sites use it then bot scripts might be >> adapted to workaround it. >> >> I've had success using django-recaptcha in the past: >> https://github.com/praekelt/django-recaptcha . django-honeypot looks >> good too. >> >> I think adding such protection would be a major project - research plus >> implementation. I think it could make a good Google Summer of Code project >> and will suggest it to the other DSF members. >> >> On Fri, 13 Dec 2019 at 04:02, אורי <u...@speedy.net> wrote: >> >>> Thank you. How do I use django-honeypot and how does it work? How does >>> it affect our human users and how does it affect the bots? I didn't >>> understand from their website. >>> >>> I added a new feature request >>> https://code.djangoproject.com/ticket/31085 >>> אורי >>> u...@speedy.net >>> >>> >>> On Fri, Dec 13, 2019 at 5:50 AM Kye Russell <m...@kye.id.au> wrote: >>> >>>> This is more of a support question, but: >>>> https://github.com/jamesturk/django-honeypot will thwart the majority >>>> of (naive) automation attempts. >>>> >>>> >>>> On 13 December 2019 at 10:42:54 am, אורי (u...@speedy.net) wrote: >>>> >>>> Django developers, >>>> >>>> After releasing Speedy Net to production I received lots of spam to our >>>> contact forms [https://en.speedy.net/contact/ & >>>> https://en.speedymatch.com/contact/]. I found out that all of these >>>> spam messages were produced by bots. I had to add a new "no bots" field to >>>> this form, where I just ask users to type a specific number and validate it >>>> in the form. Since I added this field I didn't receive any more spam from >>>> the contact forms. I know Django is using CSRF cookie directives, but isn't >>>> it possible to prevent bots from submitting forms? I would like to remove >>>> the "no bots" field from this form as it is wasting time of our users who >>>> want to contact us. But I don't want to receive messages from bots. Is >>>> there another way to prevent bots from submitting forms? >>>> >>>> אורי >>>> u...@speedy.net >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django developers (Contributions to Django itself)" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-developers+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django developers (Contributions to Django itself)" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-developers+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django developers (Contributions to Django itself)" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-developers+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Adam >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzqGw-EQ9ApyWiFUsgKx-nqPvoGYZwbAOBvZu8pyTXg%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzqGw-EQ9ApyWiFUsgKx-nqPvoGYZwbAOBvZu8pyTXg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CABD5YeHc_%3DbS_9Bh-L3m0-KS8K75Ws%2BVMuTLx-v3SiWwoP9jvw%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CABD5YeHc_%3DbS_9Bh-L3m0-KS8K75Ws%2BVMuTLx-v3SiWwoP9jvw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/59F81237-AADB-47A9-9BB5-BB93817B1C52%40tomforb.es > <https://groups.google.com/d/msgid/django-developers/59F81237-AADB-47A9-9BB5-BB93817B1C52%40tomforb.es?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CA%2BFDnhKGfBJ8VhO%3DEzjY3YsDyrEkqj-NJ8Wp0VWmUe5g6KnGrQ%40mail.gmail.com.
