Opened 6 years ago

Closed 6 years ago

#10717 closed defect (wontfix)

Anti-abuse for webchat support system

Reported by: phoul Owned by: Sherief
Priority: Medium Milestone:
Component: User Experience/Tor Support Version:
Severity: Keywords: SponsorO
Cc: mttp, mrphs, lunar, Sherief, phoul Actual Points:
Parent ID: #10755 Points:
Reviewer: Sponsor:

Description (last modified by Sherief)

As part of the Boisterous Otter project, one of the requirements is to provide webchat support to users.

The current plan is to use "Prodromus", which is a webchat system that uses an anonymous XMPP server as its back-end. This has all been implemented on Moschatum.

We are now at the stage where we must consider solutions for abuse of this system, as Prodromus does not provide any mechanism to prevent people from spamming the support staff.

Child Tickets

Change History (12)

comment:1 Changed 6 years ago by Sherief

===Proposed Solution(s)===

1) A Captcha:
A Captcha while the user enters his user name can stop spammers/abusers.

2) Random questions:

Random multiple choice questions.

For example:
3 x 3 = ...
a) 13. b) 15. c) 9. d) 6.

Who is the current president of the United States?
a) Chuck Norris. b) Bill Clinton. c) Vladimir Putin. d) Barack Obama.

===Expected result===
The index page should offer an MCQ or a captcha and a name field.

Note: all above are subject to change.

Last edited 6 years ago by Sherief (previous) (diff)

comment:2 Changed 6 years ago by Sherief

Cc: mttp mrphs lunar Sherief added

comment:3 Changed 6 years ago by phoul

Cc: admin@… added
Owner: changed from phoul to Sherief
Status: newassigned

comment:4 Changed 6 years ago by Sherief

Parent ID: #10754

comment:5 Changed 6 years ago by Sherief

Parent ID: #10754#10755

comment:6 Changed 6 years ago by Sherief

Description: modified (diff)

comment:7 Changed 6 years ago by Sherief

I am currently wrapping Prodromus in a Django project (Python web framework) and I would like
you to choose which solution should I implement for anti-spam/abuse:

1) Random questions:

I will keep a file on the server (questions.json) that will contain all the questions and their answers,
it will not be accessible to the public and only Colin can update the questions.

I will also make a "Try another" question button.

2) A Captcha:

There are several Python libraries that already exist that can be used.

Pleas vote 1 or 2 and write a couple of lines why.

Version 0, edited 6 years ago by Sherief (next)

comment:8 Changed 6 years ago by lunar

CAPTCHA. That's far less work for us (no need to come up with questions, no need to translate them). Most of the code is already written.

comment:9 Changed 6 years ago by mttp

Using a captcha seems simpler. It seems like there are fewer ways for the implementation to fail.

comment:10 Changed 6 years ago by lunar

Keywords: SponsorO added

comment:11 Changed 6 years ago by phoul

Cc: phoul added; admin@… removed

comment:12 Changed 6 years ago by Sherief

Resolution: wontfix
Status: assignedclosed

We decided to go with an invitation based system so this won't be need.

Note: See TracTickets for help on using tickets.