Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.@AlexisWilke Let me invite you to our dream-team of non-CAPTCHA (ie invisible to end-user) spam fighters:
- iva2k (BOTCHA founder and maintainer)
- Dustin Currie (un.captcha.lous founder and former maintainer (un.captcha.lous merged with BOTCHA), BOTCHA maintainer)
- deeporange1 (JS Validate Forms founder and former maintainer (JS Validate Forms merged with BOTCHA), BOTCHA maintainer)
- Staratel (BOTCHA maintainer)
Don't you think that together we could do more than each alone? We miss you, AlexisWilke.
Here you are some points why you should join us:
- Highly configurable spam protection framework: Each way of spam protection is a Recipe, which has its own logic of form submission handling. Recipes are bundled into Recipebooks, which are applied to the forms. The list of available recipes: http://drupal.org/project/botcha#recipes-included. UI lets you to turn on or off recipe applying per each form. It helps to avoid critical situation when one or more recipes doesn't work as you like: you should just turn them off and post an issue to Drupal.org - and your site would not be affected by any discomfort.
- Selenium-tests for all major browsers (Firefox, Google Chrome, Opera, Internet Explorer plus possibility to extend): It means that JavaScripts-recipes work as expected - always, guaranteed. If you see something strange - you could just launch all Selenium-tests to see what's wrong and post an issue to Drupal.org. Brief Howto-instruction (both installation and usage of Selenium) is inside the Selenium-tests file.
- Fully test-covered: Tests covered almost every line of the code. Plus tests' structure has been unified - and now it is really simpler to maintain it.
- OOP-style: BOTCHA is moved to OOP-architecture. It means that all "entities" that take part in BOTCHA functionality are turned into classes. That gives more flexibility to extend and freedom to modify.
- Like MVC-application: The module's internal structure looks like real MVC-application. It gives a chance to separate logic of the application and the layer of interoperability with Drupal platform - that means that the BOTCHA is going to become more version-independent. I hope in the future we would see a Drupal-version-independent BOTCHA module. It eases maintainership of the module.
- Module as an Application: Each hook implementation is a method of Botcha class, which extends abstract Application class. Turning a module into a class gives a lot of opportunities, such as applying "Decorators" (see http://en.wikipedia.org/wiki/Decorator_pattern) to a module as a whole. For now we have Logger decorator implemented (Logs every method call into a file - for development purposes, turned off by default), Cacher is planned. See Moopapi project page for more details: http://drupal.org/project/moopapi.
Also let me respond to pros and cons from discussion in #840838: Hidden CAPTCHA v. Spamicide:
-
I guess that the main difference is that my module requires CAPTCHA and thus prevents you from having a hidden CAPTCHA + another CAPTCHA. (at least in the current version you cannot include more than one CAPTCHA.)
It is possible to use BOTCHA alone without CAPTCHA, BOTCHA does not interfere with CAPTCHA.
-
The one benefit that I do not see in the other one is that CAPTCHA can count the number of times it misses.
BOTCHA has its own statistics of successful and failed submissions. It is shown on Status report and on BOTCHA General settings. It could be reset at any moment by pressing a special button.
-
And it sounds like spamicide auto-inject itself in all forms. Kind of a waste for all the Admin forms.
BOTCHA presence is configurable via UI per form. A special option of UI "Allow BOTCHAs and BOTCHA administration links on administrative pages" handles BOTCHA appearance on admin pages (disabled by default).
-
What I still would need to do is create a different CSS name on request and change the actual name of the input field (so robots cannot just learn those two things and not fill the field.)
All field names are randomly generated in BOTCHA - so it provides maximum protection.
Please try BOTCHA yourself - and tell us what do you think about our offer.
Comments
Comment #1
AlexisWilke CreditAttribution: AlexisWilke commentedThanks for the offer but I'm not working with D7 at all. I'm instead working on a new system written in C++ and using Cassandra. http://snapwebsites.org/ Although it's not ready yet, it's getting there. I have something that's close to a first Core version.
Comment #2
iva2k CreditAttribution: iva2k commentedHi @Alexis,
This sounds exciting! Do you have spam protection in works for that platform?
What are your plans for maintaining the Hidden CAPTCHA module for Drupal? Do you have paying customers for the module? How do you plan to provide support to the current users? I think you will be interested to lower the maintenance costs, and we could help.
One possible way is 1. to merge functionality into Botcha (we will work on that), 2. beat the crap out of it testing (we have full test coverage), 3. move existing users to Botcha (we need your blessing and you can set the plan) and 4. ...
"4" could be expanding Botcha to the new platform that you are developing. This is the big idea behind our team that Botcha deserves to be in all web platforms. We need someone interested to help us figure it out. C++ sounds like a stretch for porting recipes written in PHP objects, but in actuality Botcha needs a more high-level definition language at some point. In fact, recipes are very compact and the know-how is in the connector layer, which is of course very platform-dependent. I'm interested in collaborating on it, since I worked in C++ for a good number of commercial projects.
Regards,
--
Ilya
Comment #3
AlexisWilke CreditAttribution: AlexisWilke commentedThe spam feature is written here:
http://snapwebsites.org/implementation/feature-requirements/spam-feature
Note that the site is my helper, I write my ideas and then I implement them. At this point I'm trying to limit myself to features marked as [core] (the list at the top of that page). The spam feature is not a part of it.
My idea is to add as many possible tests on the front and backend to determine whether the user is a robot and if so prevent it from posting anything (not even give it the option to do so.)
As for maintenance, enhancements, etc. in Drupal, I have no plans in continuing. I make sure to work on any security issue found, but that's it. Once my new system works sufficiently, I'll convert my existing Drupal customers to it. Much easier!
So, it certainly would be a good idea to implement options/features that you offer in BOTCHA, but it is not going to happen soon. Another module of interest is the spam module which includes a certain number of things that are useful to combat spam in some automated way.
Thank you.
Alexis
Comment #4
PatchRanger CreditAttribution: PatchRanger commentedWhat about HipHop (http://github.com/facebook/hiphop-php/wiki), have you tried it? This approach looks good, doesn't it?
Fresh news: BOTCHA got full Selenium-tests coverage for all recipes, both for D7 and D6: see #1894478: The latest Selenium-tests launches & reports for details.
Let me reminder that we could ease your maintainership burden by joining forces: we all have plenty of various Drupal and non-Drupal projects & points of view on monetization of BOTCHA project - however it implies us to work together, because it is the most effective way to achieve our goals.
Comment #5
AlexisWilke CreditAttribution: AlexisWilke commentedThe primary reason for not using PHP is the weak typing defined in that sort of language. That's a problem in BASIC, Perl, Lisp, ... and many other languages. C++ has drawbacks that Ada fixes, so I would prefer to use Ada, really. But the fact is that not too many programmers know Ada so C++ is a better choice in that sense. Also, many libraries are readily available for C++ code but have no ready made interfaces in Ada.
For sure, 99% of the PHP bugs I run into are because of the lack of strong typing and unassigned variables that get used with the ill effect of not working as expected but the language also does not automatically report those ill usages. (note that we have a template called controlled_vars which solves the potential problem of uninitialized variables in C++ extremely well.)
So... even if that sort of a thing looks attractive to a company like Facebook, it does not to us.
This being said, it wouldn't prevent us from implementing BOTCHA's in Snap! C++, at some point.
Comment #6
awasson CreditAttribution: awasson commentedHi Guys,
Has there been any movement on the Botcha/Hidden Captcha front?
Comment #7
Liam MorlandBOTCHA has not been updated since 2013 so this idea is not moving forward.
Hidden CAPTCHA will receive maintenance fixes for D7. For D8, I suggest Honeypot.