Closed sethjohnson1 closed 1 month ago
Honeypot option seems fine for starters; we can add captcha if there are problems.
If I'm remembering correctly, the curator cookie does two things:
So, the first one wouldn't be needed unless/until we implement a captcha, but the second one is still useful.
I did some simple add/edit tests and they were fine. I also removed the cookie/recaptcha part. So, we just need that honeypot thing.
We'll also need to get email working; that's probably best as a separate issue.
ha ha, I looked at that same SO post yesterday. There is some discussion in the comments (two years after the OP + update) suggesting that a text input is more effective than a checkbox, and ways to avoid autocomplete with intentionally invalid settings. But, how about we start with a checkbox and worry more if it actually becomes a problem?
I'm not sure how to actually set this up; some kind of extra form element plus a check in the controller I guess. If you have ideas, go for it, or I'll figure it out later when I have a chance.
Seems to be working, I guess time will tell if it tricks the Spammers. We could also save the entries and just flag as Spam - if you're worried about somehow blackholing valid entries,
Looks good to me! Instead of saving all the data, I added a very simple log message. I'll check every month or so for a while to see how often it's really happening. This will still trigger when debug mode is turned off, right?
seems good; closing!