Jump to content

Cubecart V5 Captcha


Recommended Posts

I often find myself repeatedly clicking the reload button until something vaguely legible appears. It's certainly not ideal and it wouldn't surprise me if this adversely affects your client's conversion rates. Unfortunately, CC5 doesn't have an alternative to reCaptcha. I would love to see CubeCart utilise the Akismet service (http://akismet.com/) to filter out spam reviews and comments. I view captchas as being far too restrictive and also a fairly weak form of protection.

Perhaps try submitting a feature request through the bug tracker.

Link to comment
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • 2 months later...
Guest mrdave

are there any alternatives to this, I did exactly the same.. recaptcha is too much like hard work for my customers, but without there is a lot of spame.., any way to make the recaptcha easier to read?

Link to comment
Share on other sites

  • 2 weeks later...

I've made some recent research on CAPTCHA discussions and systems. The general consensus is that the best CAPTCHA is no CAPTCHA.

There have been several scholarly research studies about human vs artificial intelligence and approaches on how to create dialog that stays in the human domain. Each study attempted to accomplish the overall goal of asking a question that only the 'leap-of-faith' capability of the human mind could answer. Needless to say, the capabilities of the human mind are wide-ranging (think of "Yo' Mama" jokes). And then there are those with disabilities that should be accounted for but such technologically-oriented solutions cannot.

Each study I read about concluded that the approach being considered was too complex, too time-consuming, culturally out-of-bounds, technologically elaborate, and dis-accommodating. (To me, several of these approaches were interesting on their presentation.)

Google's reCaptcha Project is actually what's called a Distributed Computing system in which as many computers as possible assist in the processing of billions of situations to arrive at a unified answer. (The first public DC project was SETI at Home in which the Search for Extra-Terrestrial Intelligence Project sent millions of snippets of deep-space radio signals to millions of computers to scan and report back if any snippet had 'intelligence' in the noise hash.) Google's project is the scanned text of books in which the image was not clear enough for Optical Character Recognition (OCR). The theory is, if Google's OCR couldn't recognize the words, then neither would a spammer's automated attempts. Unfortunately, Google further distorts the words to make computer recognition even harder - even past the point of a human being able to recognize the words. Once the words are identified correctly, the response is fed to the task that is OCR'ing the book for its eventual digital publishing.

Cubecart solves automated submissions somewhat by adding a hidden form field that contains a token. This token must match what Cubecart sent with the form HTML, else the form is rejected. An automated system would just acquire a blank form, fill it in obviously getting the token wrong, submit it 50 times a second, and fail miserably each time. This does not stop a script from requesting the form, auto-filling it in, sending it back, and all within 500 milliseconds. There are a couple of jQuery solutions that will fail a form submission if it comes back within a given number of seconds. (jQuery is what drives most of CubeCart's form validations and special effects.) It seems, however, that there are popular 'automated form filler' browser add-ons that remove the tediousness of filling in forms, which thus collides against this type of solution.

One solution involved adding a hidden form field that a human using a browser would not see. But an automated script would, and fill it in, and the form submission would fail.

Link to comment
Share on other sites

One solution involved adding a hidden form field that a human using a browser would not see. But an automated script would, and fill it in, and the form submission would fail.

If this is a practical way around using Captcha, I'd like to try it! Can you explain how to construct such a field in such a way that each of us can uniquely implement it?

Link to comment
Share on other sites

Guest mrdave

i agree the captcha is too hard and an alternative, simpler one would be beneficial, we dont want spam but we do want customers...

in v4 there were 2 alternatives.. Personally I would look to keep it on the contact forms and reviews etc but I do not think it is needed in the checkout, unless a spammer wants to pay.... Is there anyway to remove it just from the checkout?? This would ensure we get to keep the sales and avoid the areas where spam comes from..

Link to comment
Share on other sites

  • 5 weeks later...

if the captcha content was numeric .... ie numerals only from 0 - 9 then it would be much easier for customers to make out.

as it is, particularly if the customer has poor english skills, the current captcha is a barrier.

every time i turn it off i get spam customer registrations, mainly from europe i think.

I agree, the captcha currently employed needs to be much more customer friendly.

Link to comment
Share on other sites

Thanks for the tip, batterydoctor! http://www.phpcaptcha.org/ looks impressive!!

The first step is to find out if your system is capable of using SecureImage.

http://www.phpcaptcha.org/downloads/securimage_test.php

I copied the code into Notepad with wordwrap turned off, saved it, and uploaded it to the root of my domain. Then called the test file from the browser, and yes, I can use it IF I can figure out how!! There seems to be a good bit of documentation, so keeping my fingers crossed.

Since this discussion is going to get past the CC core, I've closed this thread here. But you can continue the discussion on the 3rd party forum.

http://www.cubecartforums.org/index.php?showtopic=16972&hl=captcha

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...