We have been suffering a rash of automated/spam data turning up in our database in recent months, and while so far it has been easy enough to find and sweep away, we'd like to prevent it from appearing at all.
We've considered various Captchas, but our Accessibility manager points out their flaws.
Has anyone been able to add a spambot honeypot field, or the like, to their TNEW site? I see nothing in a search of the site, but wonder if despite that someone has gotten something like this to work.
Thanks.
Chris--We have had a similar issue the past few weeks. We've added a honeypot, blocked non-US traffic from the offending path and tightened things up in both our WAF and bot mitigation, but it is still trickling in. The honeypot was not particularly effective, but blocking non-US traffic to the paths seemed to help. Can you provide a little more detail on the kind of spam you are getting? Is it site registrations? Email sign ups? Something else?
Patrick FitzGerald said:We've added a honeypot
Were you able to add this to a TNEW site?
Patrick FitzGerald said:blocked non-US traffic
Are we able to do that on TNEW, and/or I wonder if TNEW is doing some blocking of that sort already. Hmm...
Patrick FitzGerald said:Can you provide a little more detail on the kind of spam you are getting? Is it site registrations?
Definitely site registrations, with e-mails that, if googled, appear to be widely used for spam.
Thanks for your reply.
Hi Chris,
We are not a TNEW site, so I don't have good solutions for you on this. I would open up a ticket with TNEW and check on both honeypot and WAF options. I'm considering using an email validator service that can flag spam on registration. We have one that validates the email, but something like this (https://cleantalk.org/api) might be a better solution.
What are the accessibility issues with the TNEW Captcha that have been flagged?
Thanks,
Gawain
Gawain Lavers said:What are the accessibility issues with the TNEW Captcha that have been flagged?
Not specific to TNEW; this article left me wondering if there is really any solution at the moment:
https://www.w3.org/TR/turingtest/#version-2-are-you-a-robot
Hi Chris,Really interesting question! Yes - Captcha's have historically not been accessibility-friendly, though Google's reCAPTCHA v2 is considered one of the most accessible options, though, as the article points out, v2 does have its imperfections (specifically around using keyboard navigation and potential disabling of audio mode). We are, interestingly, also looking at additional options such as honeypots to help strike a balance between thwarting bad bots while reducing impact on real users. We aren't at a point right now to completely abandon reCAPTCHA, but as we continue to improve TNEW's accessibility, we will definitely consider its impact on those efforts. If you have any more information or feedback from customers regarding reCAPTCHA, we would really appreciate you sending along.