Here is a question Boonex, what is keeping bots from hitting the new Pay to Join form and and submitting it? The result is that one can get thousands of pending payments because of course the bots don't complete the PayPal checkout. I am looking at the code now; if the answer is nothing, then this needs to be addressed.
Pay to Join and bots hitting the form
 Geeks, making the world a better place |
GoogleBot could submit join form only in very rare cases: https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html Rules → http://www.boonex.com/terms |
GoogleBot could submit join form only in very rare cases: https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html Who in the world said anything about GoogleBot? There are thousands of bots crawling the net looking for websites to exploit; looking for forms to submit spam or inject malicious code..
A member here has already reported that he is getting hundreds of signups resulting in pending orders using the new Pay to Join. His report was ignored so I decided to post this bug report because looking at the code I don't think there is any anti-bot protection from a bot submitting the form. Since this form is not part of the builders, we can not easily try our own anti-bot measures like we do in the regular join form, in fact, I don't even see the CAPTCHA added to this form; at the very least, it should be added; select membership, type in CAPTCHA code, and then hit submit. Geeks, making the world a better place |
Hi GG. I'm not familiar with this at all, but I remember reading another thread where a "simple" question like "is an apple a fruit or vegetable" was asked and bots couldn't answer that type of question. You can search the forums here to find that thread. Could you maybe add something like this to your form?
GoogleBot could submit join form only in very rare cases: https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html Who in the world said anything about GoogleBot? There are thousands of bots crawling the net looking for websites to exploit; looking for forms to submit spam or inject malicious code..
A member here has already reported that he is getting hundreds of signups resulting in pending orders using the new Pay to Join. His report was ignored so I decided to post this bug report because looking at the code I don't think there is any anti-bot protection from a bot submitting the form. Since this form is not part of the builders, we can not easily try our own anti-bot measures like we do in the regular join form, in fact, I don't even see the CAPTCHA added to this form; at the very least, it should be added; select membership, type in CAPTCHA code, and then hit submit.
|
Could you maybe add something like this to your form?
The answer is that this should be included by Boonex in the next patch. The Pay to Join form is generated dynamically so would require Dolphin users to edit code. The CAPTCHA should be added to the Pay to Join script; probably just an oversight on the part of Boonex when adding the new feature. Geeks, making the world a better place |
Payment form shouldn't contain captcha it will greatly reduce conversions. Captcha is really difficult to solve in some cases. It's better to clear some pending payments sometimes than to miss some real payments. Rules → http://www.boonex.com/terms |
Payment form shouldn't contain captcha it will greatly reduce conversions. Captcha is really difficult to solve in some cases. It's better to clear some pending payments sometimes than to miss some real payments. No Alex, it is a problem and Boonex needs to figure out the best way to help prevent bots form hitting this Pay to Join form. It is poorly implemented. Alex, how would you like to spend time deleting thousands of pending payments per day? Geeks, making the world a better place |
We can make this feature optional: https://github.com/boonex/dolphin.pro/issues/244 No Alex, it is a problem and Boonex needs to figure out the best way to help prevent bots form hitting this Pay to Join form. It is poorly implemented. Alex, how would you like to spend time deleting thousands of pending payments per day?
Rules → http://www.boonex.com/terms |
In another thread it has been suggested to have an input field with some text that has to be deleted before you can continue. Bots should have a hard time with this it is claimed.
|
Hello Capcha which can be disabled from admin panel was added in 'Pay to Join' form. |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.