Pay to Join and bots hitting the form

Here is a question Boonex, what is keeping bots from hitting the new Pay to Join form and and submitting it?  The result is that one can get thousands of pending payments because of course the bots don't complete the PayPal checkout.  I am looking at the code now; if the answer is nothing, then this needs to be addressed.

Geeks, making the world a better place
Quote · 8 Jan 2016

GoogleBot could submit join form only in very rare cases:

https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html

Rules → http://www.boonex.com/terms
Quote · 11 Jan 2016

 

GoogleBot could submit join form only in very rare cases:

https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html

Who in the world said anything about GoogleBot?  There are thousands of bots crawling the net looking for websites to exploit; looking for forms to submit spam or inject malicious code..

 

A member here has already reported that he is getting hundreds of signups resulting in pending orders using the new Pay to Join.  His report was ignored so I decided to post this bug report because looking at the code I don't think there is any anti-bot protection from a bot submitting the form.  Since this form is not part of the builders, we can not easily try our own anti-bot measures like we do in the regular join form, in fact, I don't even see the CAPTCHA added to this form; at the very least, it should be added; select membership, type in CAPTCHA code, and then hit submit.

Geeks, making the world a better place
Quote · 11 Jan 2016

Hi GG. I'm not familiar with this at all, but I remember reading another thread where a "simple" question like "is an apple a fruit or vegetable" was asked and bots couldn't answer that type of question.

You can search the forums here to find that thread.

Could you maybe add something like this to your form?

 

 

GoogleBot could submit join form only in very rare cases:

https://googlewebmastercentral.blogspot.com.au/2008/04/crawling-through-html-forms.html

Who in the world said anything about GoogleBot?  There are thousands of bots crawling the net looking for websites to exploit; looking for forms to submit spam or inject malicious code..

 

A member here has already reported that he is getting hundreds of signups resulting in pending orders using the new Pay to Join.  His report was ignored so I decided to post this bug report because looking at the code I don't think there is any anti-bot protection from a bot submitting the form.  Since this form is not part of the builders, we can not easily try our own anti-bot measures like we do in the regular join form, in fact, I don't even see the CAPTCHA added to this form; at the very least, it should be added; select membership, type in CAPTCHA code, and then hit submit.

 

Quote · 12 Jan 2016

 

Could you maybe add something like this to your form?

The answer is that this should be included by Boonex in the next patch.  The Pay to Join form is generated dynamically so would require Dolphin users to edit code.  The CAPTCHA should be added to the Pay to Join script; probably just an oversight on the part of Boonex when adding the new feature.

Geeks, making the world a better place
Quote · 12 Jan 2016

Payment form shouldn't contain captcha it will greatly reduce conversions. Captcha is really difficult to solve in some cases.

It's better to clear some pending payments sometimes than to miss some real payments.

Rules → http://www.boonex.com/terms
Quote · 16 Jan 2016

 

Payment form shouldn't contain captcha it will greatly reduce conversions. Captcha is really difficult to solve in some cases.

It's better to clear some pending payments sometimes than to miss some real payments.

No Alex, it is a problem and Boonex needs to figure out the best way to help prevent bots form hitting this Pay to Join form.  It is poorly implemented.  Alex, how would you like to spend time deleting thousands of pending payments per day?

Geeks, making the world a better place
Quote · 16 Jan 2016

We can make this feature optional: https://github.com/boonex/dolphin.pro/issues/244 

No Alex, it is a problem and Boonex needs to figure out the best way to help prevent bots form hitting this Pay to Join form.  It is poorly implemented.  Alex, how would you like to spend time deleting thousands of pending payments per day?

 

Rules → http://www.boonex.com/terms
Quote · 16 Jan 2016

In another thread it has been suggested to have an input field with some text that has to be deleted before you can continue. Bots should have a hard time with this it is claimed.

 

Quote · 18 Jan 2016

Hello

Capcha which can be disabled from admin panel was added in 'Pay to Join' form.

Quote · 20 Jan 2016
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.