Non-JavaScript catcha

3 réponses [Dernière contribution]
arielenter

I am a member!

I am a translator!

Hors ligne
A rejoint: 08/25/2010

Hello guys:

I'm making a web site for a nonprofit organization. I'm using PHP, mySQL and Apache, and I want to license it as free software with the GPL license and use only GPL compatible components.

I'll make the web site to be able to work with JavaScript and without it. All JavaScript will be libreJS compliance. JS will be use for some functionalities I want to implement for registered users but the nonJS site will work fine as well.

There is a section where visitors will be able to send emails to the admins, and I fear that a "not a robot" type of thing will be needed to prevent some one from creating a script that would send emails as many as they'll desire spamming the admin's mail box. This is also true to register a user.

So my question is: Does anybody knows of a good nonJS catcha PHP GPL compatible program to use in a site?

I notice trisquel's website seems to use a math equation but I'm sure that it has it's tricks to prevent a script interpreter the question shown. The people belonging to this nonprofit organization I'm making the site for have very specific terms, so I thought maybe a could create a 20 possible questions that I could use to ask one randomly every time needed, but wouldn't be very easy to create a script that will check the question and answer them once all answers have been found?

Anyway I don't think anybody will target this organization but I just want to be safe. Creating my own fool prof catcha will probably would not be the best idea.

I'll be searching on github for any, and also some websites like fsf site to see what they use, but I wanted to ask here first.

Thank you for your help.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010
andyprough
Hors ligne
A rejoint: 02/12/2015

I believe this project may generally be in the same realm as what you are looking for, in terms of a simple PHP captcha for forms: https://github.com/mobicms/captcha

Although honestly, I refuse to use captchas. I think if you need one to limit form responses then you are best off deciding whether you really need the form.

arielenter

I am a member!

I am a translator!

Hors ligne
A rejoint: 08/25/2010

Thank you so much for such quick responses. You guys active users of the trisquel's forum are heroes to me. Thank you for been there for all of us free software enthusiasts.

I'm making the site without a request and awareness yet from this organization. I'll leave it very clear that I'm not "official" or say anything in this organization's behalf, so I'm sure it won't be harmful. I DO think this site can be very useful for members. I'm not expecting to be paid some day, but I'll be wiling to receive donations. I'm making this project mostly out of love hopping to be paid and recognised some day maybe.

I will be revealing my work and the organization I'm trying to help soon in this forum. I'm not just ready to do that yet.

The information that would be saved in the site won't be a sensitive one, and won't matter if is lost or stolen (nothing to be linked to anyone specifically), and I don't believe this site would be target due to the nature and size of the organization and the information stored there. I consider my self competent enough for this project, but I wouldn't dare to offer my work to a larger organization with sensitive info, in which case I would suggested them to pay someone (maybe) more competent than me if they needed.

@koszkonutek, The real reason to have this catcha, as you already mentioned, is that even if some one wants to attack it, at least they will have to put some effort to do so, and of course, having a machine making thousand or hundred of request it's a lot more than coordinated humans could do, and will leave some time for the admin to do something about it before it runs out of control. Also, not only spamming messages would be a problem, how about creating new users? I suppose a creation per day limit could work, or a approved by admin method could work as well, I just relisted that just now... I don't know, catcha seems to be my preferred choice still because it's so often used on many other sites.

@Magic Banana what a great idea. Thank you. Until now I have totally ignored the fsf directory, but you are right, it's a great place to start.

Thank all again for every thing. See you soon.