[RFC] Contact Page

These requests for comments/change have lead to an implemented feature that has been successfully merged into the 3.1/Ascraeus branch. Everything listed in this forum will be available in phpBB 3.1.
Post Reply
User avatar
naim
Registered User
Posts: 50
Joined: Thu Oct 13, 2011 7:21 pm
Location: Isolation
Contact:

Re: [RFC] Contact Page

Post by naim » Sat Oct 15, 2011 5:19 pm

AmigoJack wrote:
naim wrote:What about protecting the e-mail address with an image (just an image, not a captcha.)
This would eliminate the possibility to copy the address to the clipboard. Or what would you type if you encounter a picture with an ambiguous font typing of Ill______O0@rnmwvvw.net (in another font type: Ill______O0@rnmwvvw.net)? Bots are mostly not intelligent - I guess they could be outsmarted by something like this already, which still stays selectable, so you can CTRL+C it:

Code: Select all

<span>admin</span><strong>&#x40;</strong><span>site.net</span>
1. All email address have a format, they need to be ASCII characters (i think) - if phpbb will use a system font, there is no way that it will not be displayed correctly.
2. In any way that a user can Copy a text to the clipboard, A robot will easily find the text, just like how a browser will resolve it. Even the "heritrix" crawler (archive.org) knows how to resolve links from JavaScript! - Robots are smart, even images are not the best protection but they are way better than plain-text.

User avatar
AmigoJack
Registered User
Posts: 103
Joined: Wed May 04, 2011 7:47 pm
Location: グリーン ヒル ゾーン
Contact:

Re: [RFC] Contact Page

Post by AmigoJack » Sat Oct 15, 2011 5:50 pm

callumacrae wrote:phpBB has a huge amount of users, they'll just recode their bots to decode it.
That's reasonable. No smart idea comes to my mind:
  • JS generation of a displayed address will handicap user's which don't or won't use JS.
  • Pictures out of addresses could be read via OCR.
  • Using entities for characters was never really a hindrance.
So a CAPTCHA or Q+A interaction should be an option at least. Detecting bots is no good approach either, because that would need maintenance work.
naim wrote:All email address have a format, they need to be ASCII characters (i think) - if phpbb will use a system font
The underscore is ASCII, and as you see: using a monotype (that's what I think you meant by "system font") does not separate multiple of them, so you can only guess how many are used. While you and I are able to decipher 1lI properly, most normal users would loose orientation with that. That's why I'm for a solution which still let's you drag your mouse cursor in your preferred browser over the address to make a selection. You can show me a bot which actively renders the site in a HTML presentation only to find out that the container written on line 5 is visually next to the container of line 364 and they make up an e-mail address.

User avatar
naim
Registered User
Posts: 50
Joined: Thu Oct 13, 2011 7:21 pm
Location: Isolation
Contact:

Re: [RFC] Contact Page

Post by naim » Sat Oct 15, 2011 6:01 pm

Marshalrusty wrote: Notes:
1) A CAPTCHA cannot be used on this page due to accessibility issues.
Who is going to start writing up Q & A?

By System Font i meant a font that all platforms have built in core, and anyway what system can't render and serve a small image?!
All we want is to verify that the user getting the admin's email is actually a human and not a robot - doing that without captcha is kinda hard... so displaying an image is the safest way to display an Admin's email address with protection from spam (well, spammers that don't have OCR...)

Or Just Let administrator choose to display plain-text or image (transparent background, select-able foreground).

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Contact Page

Post by callumacrae » Sat Oct 15, 2011 6:47 pm

Why does an email have to be written anywhere? Isn't that the point in the form?
Made by developers, for developers!
My blog

User avatar
naim
Registered User
Posts: 50
Joined: Thu Oct 13, 2011 7:21 pm
Location: Isolation
Contact:

Re: [RFC] Contact Page

Post by naim » Sat Oct 15, 2011 8:11 pm

Its a contact page for support, if there is any problem with a forum, (the forum is not usable...)

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] Contact Page

Post by naderman » Sun Oct 16, 2011 1:28 pm

The whole point of the contact page form is to no longer display the email address, but only offer a form instead. A CAPTCHA is not an option because this form is supposed to be used to contact administrators when a user needs help with solving a CAPTCHA. Having this form unprotected is no worse than the current situation where the email address is publically visible on the registration page.

User avatar
naim
Registered User
Posts: 50
Joined: Thu Oct 13, 2011 7:21 pm
Location: Isolation
Contact:

Re: [RFC] Contact Page

Post by naim » Sun Oct 16, 2011 2:44 pm

The whole point of the contact us page is to let anyone contact support in-case there is a problem with the site,
so if there would be a problem, wouldn't it effect the contact sheet to?!
And in phpBB there are no spam filters against spammers (at least no yet), so what if a spammer starts sending requests to the contact sheet?! Today most email addresses have spam filters...
The image is to protect against robots the don't have OCR.

User avatar
canonknipser
Registered User
Posts: 67
Joined: Mon Sep 19, 2011 4:42 am
Location: Germany

Re: [RFC] Contact Page

Post by canonknipser » Sun Oct 16, 2011 3:50 pm

naim wrote: so what if a spammer starts sending requests to the contact sheet?!
Maybe a method can be implemented to block sending a second request for a time (eg. 1 day - set in config-table) after sending a request, depending on the IP-Adress for guest or userid (for registered users).
Greetings
Frank
phpbb.de support team member - no support via PM or mail
English is not my native language
Extensions and scripts for phpBB

User avatar
naim
Registered User
Posts: 50
Joined: Thu Oct 13, 2011 7:21 pm
Location: Isolation
Contact:

Re: [RFC] Contact Page

Post by naim » Sun Oct 16, 2011 4:28 pm

IP addresses change very often, and what if someone is connected to a network (workplace/internet-cafe)?

User avatar
canonknipser
Registered User
Posts: 67
Joined: Mon Sep 19, 2011 4:42 am
Location: Germany

Re: [RFC] Contact Page

Post by canonknipser » Sun Oct 16, 2011 5:39 pm

naim wrote:IP addresses change very often, and what if someone is connected to a network (workplace/internet-cafe)?
OK, your talking about a human spammer, i thought about spam-bots who are very often using the same IP for a longer period. So also add a changing captcha they have to fill in, and a lot requiered fields with autofill option disabled - human spammers will give up after a few tries.

How many guests (or better: users not logged in) will you have from the same inet-cafe or company-proxy having the need to use the contact page on the same day?
Greetings
Frank
phpbb.de support team member - no support via PM or mail
English is not my native language
Extensions and scripts for phpBB

Post Reply