Anti-abuse for webchat support system

As part of the Boisterous Otter project, one of the requirements is to provide webchat support to users.

The current plan is to use "Prodromus", which is a webchat system that uses an anonymous XMPP server as its back-end. This has all been implemented on Moschatum.

We are now at the stage where we must consider solutions for abuse of this system, as Prodromus does not provide any mechanism to prevent people from spamming the support staff.

added SponsorO component::user experience/tor support owner::Sherief parent::10755 priority::medium resolution::wontfix status::closed type::defect labels

===Proposed Solution(s)===

Anti-abuse:

1. A Captcha: A Captcha while the user enters his user name can stop spammers/abusers.

2. Random questions:

Random multiple choice questions.

For example: 3 x 3 = ... a) 13. b) 15. c) 9. d) 6.

Who is the current president of the United States? a) Chuck Norris. b) Bill Clinton. c) Vladimir Putin. d) Barack Obama.

===Expected result=== The index page should offer an MCQ or a captcha and a name field.

Note: all above are subject to change.

Trac:
Cc: N/A to mttp, mrphs, lunar, Sherief

Trac:
Cc: mttp, mrphs, lunar, Sherief to mttp, mrphs, lunar, Sherief, admin@insecure-complexity.com
Status: new to assigned
Owner: phoul to Sherief

Trac:
Parent: N/A to #10754 (closed)

Trac:
Parent: #10754 (closed) to #10755 (moved)

Trac:
Description: As part of the Buoyant Otter project, one of the requirements is to provide webchat support to users.

The current plan is to use "Prodromus", which is a webchat system that uses an anonymous XMPP server as its back-end. This has all been implemented on Moschatum.

We are now at the stage where we must consider solutions for abuse of this system, as Prodromus does not provide any mechanism to prevent people from spamming the support staff.

to

As part of the Boisterous Otter project, one of the requirements is to provide webchat support to users.

The current plan is to use "Prodromus", which is a webchat system that uses an anonymous XMPP server as its back-end. This has all been implemented on Moschatum.

We are now at the stage where we must consider solutions for abuse of this system, as Prodromus does not provide any mechanism to prevent people from spamming the support staff.

I am currently wrapping Prodromus in a Django project (Python web framework) and I would like you to choose which solution should I implement for anti-spam/abuse:

1. Random questions:

I will keep a file on the server (questions.json) that will contain all the questions and their answers, it will not be accessible to the public and only Colin can update the questions.

I will also make a "Try another" question button.

2. A Captcha:

There are several Python libraries that already exist that can be used.

Pleas vote 1 or 2 and write a couple of lines why.

CAPTCHA. That's far less work for us (no need to come up with questions, no need to translate them). Most of the code is already written.

Using a captcha seems simpler. It seems like there are fewer ways for the implementation to fail.

Trac:
Keywords: N/A deleted, SponsorO added

Trac:
Cc: mttp, mrphs, lunar, Sherief, admin@insecure-complexity.com to mttp, mrphs, lunar, Sherief, phoul

We decided to go with an invitation based system so this won't be need.

Trac:
Resolution: N/A to wontfix
Status: assigned to closed

closed