search

internetarchive / openlibrary

One webpage for every book ever published!
https://openlibrary.org
GNU Affero General Public License v3.0
5.26k stars 1.4k forks source link

"Report a Problem" form should require recaptcha for unauthenticated users #3826

Open seabelis opened 4 years ago

seabelis commented 4 years ago

A large volume of spam is submitted through this form. Requiring recaptcha from unauthenticated users could potentially reduce this without burdening patrons.

Describe the problem that you'd like solved

Reduce spam.

Proposal & Constraints

Update so that unauthenticated users always see the recaptcha. Current solution only shows the recaptcha if they send two emails.

Relevant code: https://github.com/internetarchive/openlibrary/blob/9b3a80f1d82c3c2455b207370d7d7de9c40e86ed/openlibrary/plugins/openlibrary/support.py#L22-L27

https://github.com/internetarchive/openlibrary/blob/9b3a80f1d82c3c2455b207370d7d7de9c40e86ed/openlibrary/plugins/openlibrary/support.py#L42-L44

Additional context

Related to https://github.com/internetarchive/openlibrary/pull/3621

Stakeholders

@cdrini @mekarpeles @JeffKaplan

cdrini commented 4 years ago

(See also #2066)

ArunTeltia commented 4 years ago

we just need to add this piece of code to the HTML page I simply copy-pasted this from the signup

<div class="formElement">
        <div class="label smaller lighter">If you have security settings or privacy blockers installed, please disable them to see the reCAPTCHA.</div>
        <div class="g-recaptcha" data-sitekey="6LeM2kcUAAAAAOT3o2Mmllf0NN_8LgWZC6oFCXSA"><div style="width: 304px; height: 78px;"><div><iframe src="https://www.google.com/recaptcha/api2/anchor?ar=1&amp;k=6LeM2kcUAAAAAOT3o2Mmllf0NN_8LgWZC6oFCXSA&amp;co=aHR0cHM6Ly9vcGVubGlicmFyeS5vcmc6NDQz&amp;hl=en&amp;v=T9w1ROdplctW2nVKvNJYXH8o&amp;size=normal&amp;cb=u1d8hfyhs1mh" width="304" height="78" role="presentation" name="a-2l8junlzaka0" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea></div><iframe style="display: none;"></iframe></div>
        <div class="input">
        </div>
    </div>

Suggestion: We can create an element for ReCaptcha and can include in log in sign up and here @cdrini can you please give me suggestion I want to work on this issue

mekarpeles commented 4 years ago

@ArunTeltia let's give it a shot and we can test it on dev.openlibrary.org and staging.openlibary.org! :)

LeadSongDog commented 4 years ago

The contact form (https://openlibrary.org/contact?path=/) already asks for the submitter to provide an email address. Why not just autoreply at that address to verify it is a valid one? That would be way less intrusive than telling the user they must drop all their defenses.

cdrini commented 3 years ago

@seabelis Did #3621 help with the spam? Are we getting enough that you think we should recaptcha all unregistered users?

cdrini commented 1 year ago

It seems like there is now a recaptcha widget on this page, so considering closed! Please reopen if there is still high spam, @seabelis .

seabelis commented 1 year ago

There is quite a bit of spam coming through.

cdrini commented 1 year ago

@seabelis is the spam coming from logged in users or unauthenticated users?

seabelis commented 1 year ago

@cdrini unauthenticated users

cdrini commented 1 year ago

Hmm that's odd :/ Let me try filling out the form without hitting the recaptcha, maybe we have a bug

cdrini commented 1 year ago

I just tried sending an email without filling out the recaptcha ; did you get an email from "Drini Test"?

jimchamp commented 11 months ago

@cdrini, please develop a practice of notifying your teammates when you assign them to an issue.

astrasourav commented 5 months ago

Hello, I want to contribute to this problem, I am new to this project and still trying to understand the problem. To meet the problem statement requirements and reduce spam by requiring reCAPTCHA for unauthenticated users on every submission, we need to adjust the code and we can do it by Always Showing reCAPTCHA for Unauthenticated Users and Retaining the Existing Logic for Authenticated Users.

mekarpeles commented 4 months ago

@seabelis terribly sorry to bother, can you confirm whether this is still an issue?

jimchamp commented 4 months ago

Marked https://github.com/internetarchive/openlibrary/labels/Can%20it%20be%20closed%3F because it seems the recaptcha is present when the patron is unauthenticated.

jimchamp commented 4 months ago

I just inadvertently bypassed the reCaptcha while unauthenticated, which seems like a separate issue altogether.

jimchamp commented 4 months ago

It's unclear to me how this issue should be handled. The reCaptcha is present when patrons are not logged in, so it seems like this should be closed. Marked as https://github.com/internetarchive/openlibrary/labels/State%3A%20Blocked for now.

seabelis commented 1 month ago

Yes, this is still an issue. We receive a high volume of spam through the contact form.