[FEATURE] Honeypot and/or recaptcha on Registration page

[mad2492]

Is your feature request related to a problem? Please describe. Our marketing team heavily promotes our events on various ad-platforms and it appears that exposes the Summit Events forms to bots. Our registrations are becoming plagued by fake registrations (particularly from GoogleAds, based on utm params) I don't expect the marketing team will stop their recruitment efforts, so I have to come up with a work-around.

Describe the solution you'd like Most public forms have some form of bot-mitigations. Most common is recaptcha, and maybe also a hidden honeypot field. I was not able to implement recaptcha as-is, because some actions have to be handled prior to clicking the Submit/Next button. (validate recaptcha as part of the Submit action)

I think it would be beneficial to anyone using this app to have some kind of captcha on the forms. We have to stand up against the bot-submissions. Or, at least maybe add a small section on the event page for Honeypot Config. Like, this below could be some fields to populate in a new event:

Section: Bot Mitigation [ ] Enable Honeypot field [____] Enter Honeypot Label Action when Honeypot field is filled: Picklist -> Cancel Registration, Delete Registration, Flag as "Possible Bot"

Then the page, when its rendered properly hides that field without my hacky-jquery solution.

Describe alternatives you've considered What I have done for the time being is I am using one of the "Additional Questions 1-5" as my honeypot field. And then on the Template page, I am doing some jquery logic to find the "honeypot label" div and hide it. When I get registrations that have a value in this specific field, and the field has that specific "honeypot label" i am Cancelling the registration immediately, via flow (and sending myself an email so I can gain insight as to the frequency of these submissions)

Of course, if our event needs to use all 1-5 Additional Questions, I have to probably use one of the other fields (like maybe Pronouns, and change its label to w/e my Honeypot label is)

Main issue is that my alternative solution is kind of impossible to explain to my users, so I have to make sure all events have this honeypot field somewhere.

We are getting about 30 spam / bot submissions a day.

Are you willing and interested in being engaged during the development and testing process? yes - as much as I have the time/means to do so.

@tcdahlberg While you are exploring this, I was wondering if part of this solution could include capturing IPs during submission? The IPs are another way we can determine Bot submissions as well. Maybe it can be something that you have to Opt into, per Salesforce Org, like in the Summit Events Custom Settings there's a checkbox to control this.

And then a new field on SEA Registrations to store IP.

[tcdahlberg]

Included in beta release 0.34.0.1

[mad2492]

[celebrate] Marina Brillas reacted to your message:

---

From: Thaddaeus Dahlberg @.> Sent: Wednesday, September 11, 2024 1:38:21 PM To: SFDO-Community/Summit-Events-App @.> Cc: Marina Brillas @.>; Author @.> Subject: Re: [SFDO-Community/Summit-Events-App] [FEATURE] Honeypot and/or recaptcha on Registration page (Issue #527)

Note: This message originated from outside the FIU Faculty/Staff email system.

Included in beta release 0.34.0.1

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/SFDO-Community/Summit-Events-App/issues/527*issuecomment-2343702771__;Iw!!FjuHKAHQs5udqho!MF-utRPSZ8EaZfjC6grxgN0PaFjCe1tKRRmdoAd5931DICdsHvODEPVqrjdQOMmWhFdE4D8G0saqNlYdOPhg_2I$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AFTXTWVDA4FNPV2VDAGKA7TZWBBU3AVCNFSM6AAAAABNVMXOZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBTG4YDENZXGE__;!!FjuHKAHQs5udqho!MF-utRPSZ8EaZfjC6grxgN0PaFjCe1tKRRmdoAd5931DICdsHvODEPVqrjdQOMmWhFdE4D8G0saqNlYdo6-_-os$. You are receiving this because you authored the thread.Message ID: @.***>

[tcdahlberg]

Included in production release 0.34.0.1