• 0 Vote(s) - 0 Average
  • 5
  • 4
  • 3
  • 2
  • 1
Thread Modes

RE: evSA Public Page - Prevent BOT Attacks (i.e. Captcha)
#1
We have our main service apps page public allowing for the creation of two (2) types of tickets w/out authenticating.
 
I would like to make sure that these open conduits for submitting tickets are only used by real people and not BOTs or other undesirable entities.
 
Is there some functionality/setting/configuration/method that would prevent such abuse of a public method of ticket submission.  I could see implementing some type of Captcha like process.

Similiar to what is setup when creating a new thread on this discussion board.
 
Any thoughts/ideas/suggestions/examples would be greatly appreciated.
 
-Jason

Jason Victor
Fairfield University
Jason Victor, proud to be a member of EV CONNECT FORUM since Jul 2017.

#2
(06-01-2018, 11:58 AM)Jason Victor Wrote: We have our main service apps page public allowing for the creation of two (2) types of tickets w/out authenticating.
 
I would like to make sure that these open conduits for submitting tickets are only used by real people and not BOTs or other undesirable entities.
 
Is there some functionality/setting/configuration/method that would prevent such abuse of a public method of ticket submission.  I could see implementing some type of Captcha like process.

Similiar to what is setup when creating a new thread on this discussion board.
 
Any thoughts/ideas/suggestions/examples would be greatly appreciated.
 
-Jason

Jason Victor
Fairfield University

Hello,
There 're not Captcha question but you can create a "text captcha question" and test answer in the workflow :
  • Compute the natural log of eighty-one?
  • How do you write, in numbers, one thousand nine hundred eighty three?"
  • If i say "Cat" you're answer ? black, ladder or garden
P.ABBE
ABBE Philippe, proud to be a member of EV CONNECT FORUM since Nov 2015.

#3
To expand on Philippe's reply:

Present a photo of a word or character string where it's challenging but not impossible to read the letters. Or ask a question like "who is the president of the United States" (you'll have to maintain this every four years or when the current president is impeached Wink. Or a simple math problem. In your BR you can condition for the correct answer. If correct, process the BR. If not ignore it. Robot spam is minimized.

The above examples are static challenges to the submitter...they don't change. This is normally good enough.

Another method would be to use something that's unique to to the user. Since they are not an employee you cannot use a login or employee id, but if they have some other personal or affiliate identifier you could validate on that. For example if you allow tickets from the company "John's Bar and Grill" you could prompt for company name. The downside is it would have to be a close or exact match, depending on how you write the logic. No match, no ticket.

Hope this helps!

Jack
Jack Reeder
FMX Solutions Inc.
Jack.Reeder@fmxsolutions.com






Users browsing this thread: 1 Guest(s)