@aral as a small web person, do you have any thoughts on captcha alternatives? We keep getting hit with bots testing stolen cards by signing up to memberships. Looking at Cloudflare turnstile but wondered if you had any thoughts?
Conversation
Notices
-
Embed this notice
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 01:16:26 JST Paul -
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 01:16:25 JST Aral Balkan @paulcox Have you considered trying a honeypot field (an invisible form field which, if it gets filled in, you know it’s a bot).
I’d avoid Cloudflare if possible. Too much is centralised there already. It’s a huge privacy concern and single point of failure.)
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 01:43:26 JST Aral Balkan @paulcox Do let me know how it goes. I’ve never felt the need myself. Likely because I’ve only ever used Stripe when I needed to implement payments and they’re pretty good about handling that stuff without fuss.
-
Embed this notice
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 01:43:27 JST Paul @aral I had a look at that, but didn't seem likely enough to stop them, as easy to figure out with a quick look and work around it... but I could try that first and see. Have you had success with it previously?
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 22:29:02 JST Aral Balkan @paulcox Oh wow, that sucks. Have you activated Stripes anti-fraud measures across your whole site (not just the payment page). Personally, I’m hesitant to do that as I don’t want a third party collecting data on the whole site but that might be one possible mitigation (?)
Best of luck, regardless. Sounds like a nightmare.
-
Embed this notice
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 22:29:03 JST Paul @aral yeah, we use Stripe as well, but yesterday we had over 1000 attempts to create memberships with different cards and 100 went through. We must be on someone's list somewhere.
-
Embed this notice