openlibrary icon indicating copy to clipboard operation
openlibrary copied to clipboard
verified publisher icon internetarchive

"Report a Problem" form should require recaptcha for unauthenticated users

Open seabelis opened this issue 5 years ago • 18 comments

A large volume of spam is submitted through this form. Requiring recaptcha from unauthenticated users could potentially reduce this without burdening patrons.

Describe the problem that you'd like solved

Reduce spam.

Proposal & Constraints

Update so that unauthenticated users always see the recaptcha. Current solution only shows the recaptcha if they send two emails.

Relevant code: https://github.com/internetarchive/openlibrary/blob/9b3a80f1d82c3c2455b207370d7d7de9c40e86ed/openlibrary/plugins/openlibrary/support.py#L22-L27

https://github.com/internetarchive/openlibrary/blob/9b3a80f1d82c3c2455b207370d7d7de9c40e86ed/openlibrary/plugins/openlibrary/support.py#L42-L44

Additional context

Related to https://github.com/internetarchive/openlibrary/pull/3621

Stakeholders

@cdrini @mekarpeles @JeffKaplan

seabelis avatar Sep 23 '20 16:09 seabelis

(See also #2066)

cdrini avatar Sep 28 '20 20:09 cdrini

we just need to add this piece of code to the HTML page I simply copy-pasted this from the signup

<div class="formElement">
        <div class="label smaller lighter">If you have security settings or privacy blockers installed, please disable them to see the reCAPTCHA.</div>
        <div class="g-recaptcha" data-sitekey="6LeM2kcUAAAAAOT3o2Mmllf0NN_8LgWZC6oFCXSA"><div style="width: 304px; height: 78px;"><div><iframe src="https://www.google.com/recaptcha/api2/anchor?ar=1&amp;k=6LeM2kcUAAAAAOT3o2Mmllf0NN_8LgWZC6oFCXSA&amp;co=aHR0cHM6Ly9vcGVubGlicmFyeS5vcmc6NDQz&amp;hl=en&amp;v=T9w1ROdplctW2nVKvNJYXH8o&amp;size=normal&amp;cb=u1d8hfyhs1mh" width="304" height="78" role="presentation" name="a-2l8junlzaka0" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea></div><iframe style="display: none;"></iframe></div>
        <div class="input">
        </div>
    </div>

Suggestion: We can create an element for ReCaptcha and can include in log in sign up and here @cdrini can you please give me suggestion I want to work on this issue

ArunTeltia avatar Oct 17 '20 00:10 ArunTeltia

@ArunTeltia let's give it a shot and we can test it on dev.openlibrary.org and staging.openlibary.org! :)

mekarpeles avatar Nov 07 '20 02:11 mekarpeles

The contact form (https://openlibrary.org/contact?path=/) already asks for the submitter to provide an email address. Why not just autoreply at that address to verify it is a valid one? That would be way less intrusive than telling the user they must drop all their defenses.

LeadSongDog avatar Nov 26 '20 22:11 LeadSongDog

@seabelis Did #3621 help with the spam? Are we getting enough that you think we should recaptcha all unregistered users?

cdrini avatar Jul 06 '21 19:07 cdrini

It seems like there is now a recaptcha widget on this page, so considering closed! Please reopen if there is still high spam, @seabelis .

cdrini avatar Nov 20 '23 16:11 cdrini

There is quite a bit of spam coming through.

seabelis avatar Nov 20 '23 16:11 seabelis

@seabelis is the spam coming from logged in users or unauthenticated users?

cdrini avatar Nov 20 '23 18:11 cdrini

@cdrini unauthenticated users

seabelis avatar Nov 20 '23 18:11 seabelis

Hmm that's odd :/ Let me try filling out the form without hitting the recaptcha, maybe we have a bug

cdrini avatar Nov 20 '23 18:11 cdrini

I just tried sending an email without filling out the recaptcha ; did you get an email from "Drini Test"?

cdrini avatar Nov 20 '23 19:11 cdrini

@cdrini, please develop a practice of notifying your teammates when you assign them to an issue.

jimchamp avatar Dec 22 '23 19:12 jimchamp

Hello, I want to contribute to this problem, I am new to this project and still trying to understand the problem. To meet the problem statement requirements and reduce spam by requiring reCAPTCHA for unauthenticated users on every submission, we need to adjust the code and we can do it by Always Showing reCAPTCHA for Unauthenticated Users and Retaining the Existing Logic for Authenticated Users.

astrasourav avatar Jul 02 '24 10:07 astrasourav

@seabelis terribly sorry to bother, can you confirm whether this is still an issue?

mekarpeles avatar Jul 12 '24 03:07 mekarpeles

Marked https://github.com/internetarchive/openlibrary/labels/Can%20it%20be%20closed%3F because it seems the recaptcha is present when the patron is unauthenticated.

jimchamp avatar Jul 12 '24 21:07 jimchamp

I just inadvertently bypassed the reCaptcha while unauthenticated, which seems like a separate issue altogether.

jimchamp avatar Jul 12 '24 21:07 jimchamp

It's unclear to me how this issue should be handled. The reCaptcha is present when patrons are not logged in, so it seems like this should be closed. Marked as https://github.com/internetarchive/openlibrary/labels/State%3A%20Blocked for now.

jimchamp avatar Jul 29 '24 17:07 jimchamp

Yes, this is still an issue. We receive a high volume of spam through the contact form.

seabelis avatar Oct 17 '24 17:10 seabelis

The contact form no longer exists, so this should no longer be an issue.

jimchamp avatar May 14 '25 17:05 jimchamp