Using SFX feedback form
17 views
Skip to first unread message
Ronan McHugh
Feb 24, 2014, 8:09:54 AM2/24/14
to umlaut-...@googlegroups.com
Hi all,
We’ve run into a problem with our Umlaut install which I hope you might be able to help with. We created a feedback button on our resolve page which pops up a modal email form. Unfortunately, this form has now been picked up by spammers and our contact librarians are getting in the order of 50 emails a day for a variety of shady products and back-alley offers. We need some kind of feedback form, but we also need to prevent spamming.
We noticed that JHU and NYU are using the SFX default feedback form. What is the volume of spam like through this form? How do we set it up?
Cheers,
Ronan
Jonathan Rochkind
Feb 26, 2014, 9:53:48 AM2/26/14
to Ronan McHugh, umlaut-...@googlegroups.com
We have had spam problems with the SFX raw form too -- and it's a really
ugly form -- I wouldn't neccesarily recommend it. But it's pretty easy
to use (on the resolve menu page; it's not really easily accessible
anywhere else) if you want it. It pretty much just takes the comments
entered and sends them via email to a specified address -- so existing
email spam-handling technologies you have in place might then handle
spam, with all the pro's and con's of that approach.
But we can look up and explain how to do that if you want to, it's not
hard.
I guess otherwise, general anti-spam practices apply, with no magic
bullets. You could use a captcha (which has accessibility problems). You
could pay for the WordPress-affiliated Akismet anti-spam API (which will
require some development, and isn't foolproof).
You could use the really basic "answer htis simple question: what color
is the sky" type approach.
Some of our library tech peers have had success with simple techniques
along the lines of:
http://www.landauer.at/preventing-spam-in-form-submissions-without-using-a-captcha/
I'd ask on the code4lib listserv for other ideas you could implement
with custom programming.
Jonathan
> --
> You received this message because you are subscribed to the Google
> Groups "Umlaut" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to umlaut-softwa...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
ugly form -- I wouldn't neccesarily recommend it. But it's pretty easy
to use (on the resolve menu page; it's not really easily accessible
anywhere else) if you want it. It pretty much just takes the comments
entered and sends them via email to a specified address -- so existing
email spam-handling technologies you have in place might then handle
spam, with all the pro's and con's of that approach.
But we can look up and explain how to do that if you want to, it's not
hard.
I guess otherwise, general anti-spam practices apply, with no magic
bullets. You could use a captcha (which has accessibility problems). You
could pay for the WordPress-affiliated Akismet anti-spam API (which will
require some development, and isn't foolproof).
You could use the really basic "answer htis simple question: what color
is the sky" type approach.
Some of our library tech peers have had success with simple techniques
along the lines of:
http://www.landauer.at/preventing-spam-in-form-submissions-without-using-a-captcha/
I'd ask on the code4lib listserv for other ideas you could implement
with custom programming.
Jonathan
> You received this message because you are subscribed to the Google
> Groups "Umlaut" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to umlaut-softwa...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Ronan McHugh
Feb 26, 2014, 9:56:43 AM2/26/14
to Jonathan Rochkind, umlaut-...@googlegroups.com
Thanks for the reply Jonathan. I'm just after adding honeypot captcha to our feedback form. It sounds ok, but by no means impregnable: I'll see what the spam volume is like after a week and decide whether there needs to be something more advanced in place.
https://github.com/curtis/honeypot-captcha
Cheers,
Ronan
-----Oprindelig meddelelse-----
Fra: Jonathan Rochkind [mailto:roch...@jhu.edu]
Sendt: 26. februar 2014 15:54
Til: Ronan McHugh; umlaut-...@googlegroups.com
Emne: Re: Using SFX feedback form
https://github.com/curtis/honeypot-captcha
Cheers,
Ronan
-----Oprindelig meddelelse-----
Fra: Jonathan Rochkind [mailto:roch...@jhu.edu]
Sendt: 26. februar 2014 15:54
Til: Ronan McHugh; umlaut-...@googlegroups.com
Emne: Re: Using SFX feedback form
Jonathan Rochkind
Feb 26, 2014, 10:14:50 AM2/26/14
to Ronan McHugh, umlaut-...@googlegroups.com
That sounds like a great idea, feel free to let us know how it worked!
PHILLIPS M.E.
Feb 26, 2014, 12:47:12 PM2/26/14
to Ronan McHugh, umlaut-...@googlegroups.com
Hi Ronan,
Is your feedback form code available anywhere: that's exactly what we would like to implement in our Umlaut which is almost ready to go into production. We don't have SFX so the SFX feedback form was not an option.
I see the form uses a hidden id field with a value such as "http://e-tidsskrifter.kb.dk/go/49813?umlaut.locale=en" which is the same as your Short Link. Is the short link always generated? I think Jonathan had switched to only generating these on request because of the burden of retaining them in the database.
I like your bX integration.
(I'm working on getting formal approval to release our work on Umlaut back to the community, too, I promise!)
Regards,
Matthew
--
Matthew Phillips
Head of Digital and Bibliographic Services,
Durham University Library, Stockton Road, Durham, DH1 3LY
+44 (0)191 334 2941
Is your feedback form code available anywhere: that's exactly what we would like to implement in our Umlaut which is almost ready to go into production. We don't have SFX so the SFX feedback form was not an option.
I see the form uses a hidden id field with a value such as "http://e-tidsskrifter.kb.dk/go/49813?umlaut.locale=en" which is the same as your Short Link. Is the short link always generated? I think Jonathan had switched to only generating these on request because of the burden of retaining them in the database.
I like your bX integration.
(I'm working on getting formal approval to release our work on Umlaut back to the community, too, I promise!)
Regards,
Matthew
--
Matthew Phillips
Head of Digital and Bibliographic Services,
Durham University Library, Stockton Road, Durham, DH1 3LY
+44 (0)191 334 2941
Ronan McHugh
Feb 27, 2014, 3:35:54 AM2/27/14
to PHILLIPS M.E., umlaut-...@googlegroups.com
Hi Matthew,
The code for e-tidsskrifter.kb.dk is all up on our GitHub page: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter.
In terms of the feedback form what you need is the controller: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/controllers/feedback_controller.rb
The mailer: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/mailers/feedback_mailer.rb
The route: match 'feedback', to: 'feedback#send_message', via: :post
The view https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/views/feedback/_show.html.erb
Which in turn is called from: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/views/resolve/_help.html.erb
This view is configured in umlaut configurable: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/controllers/umlaut_configurable.rb#L325
I've also got a javascript handler here: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/assets/javascripts/umlaut/feedback_handler.js
According to my comments, I'm using it to prevent the page from changing on form submit and instead displaying a success message. This is all undoubtedly an unlovely hack, but I was under a bit of time pressure so ended up taking some shortcuts.
The modal behavior is all dependent on Bootstrap. We're using Bootstrap 3, so if you're sticking to Umlaut's Bootstrap 2, you may need to make some changes. Bootstrap is very well documented so you can easily find the info for this. You will also need the bootstrap modal js, if you don't have the whole lot.
The honeypot functionality depends on gem 'honeypot-captcha'´
God, that's a lot of stuff for a simple function. I'm sure you can figure out how to make things more streamlined. I had originally tried to use Umlaut's default mailer functionality but couldn't really get it to work the way I wanted it (can't remember what the problem was exactly). In terms of the short link, yeah I guess it's always being generated, since the field is hidden in each and every resolve page. It would probably be better to do things on demand if you can work that in somehow.
Good luck with the bureaucratic process, I'm looking forward to seeing your instance.
Cheers,
Ronan
-----Oprindelig meddelelse-----
Fra: umlaut-...@googlegroups.com [mailto:umlaut-...@googlegroups.com] På vegne af PHILLIPS M.E.
Sendt: 26. februar 2014 18:47
Til: Ronan McHugh; 'umlaut-...@googlegroups.com'
Emne: RE: Using SFX feedback form
The code for e-tidsskrifter.kb.dk is all up on our GitHub page: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter.
In terms of the feedback form what you need is the controller: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/controllers/feedback_controller.rb
The mailer: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/mailers/feedback_mailer.rb
The route: match 'feedback', to: 'feedback#send_message', via: :post
The view https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/views/feedback/_show.html.erb
Which in turn is called from: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/views/resolve/_help.html.erb
This view is configured in umlaut configurable: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/controllers/umlaut_configurable.rb#L325
I've also got a javascript handler here: https://github.com/Det-Kongelige-Bibliotek/e-tidsskrifter/blob/master/app/assets/javascripts/umlaut/feedback_handler.js
According to my comments, I'm using it to prevent the page from changing on form submit and instead displaying a success message. This is all undoubtedly an unlovely hack, but I was under a bit of time pressure so ended up taking some shortcuts.
The modal behavior is all dependent on Bootstrap. We're using Bootstrap 3, so if you're sticking to Umlaut's Bootstrap 2, you may need to make some changes. Bootstrap is very well documented so you can easily find the info for this. You will also need the bootstrap modal js, if you don't have the whole lot.
The honeypot functionality depends on gem 'honeypot-captcha'´
God, that's a lot of stuff for a simple function. I'm sure you can figure out how to make things more streamlined. I had originally tried to use Umlaut's default mailer functionality but couldn't really get it to work the way I wanted it (can't remember what the problem was exactly). In terms of the short link, yeah I guess it's always being generated, since the field is hidden in each and every resolve page. It would probably be better to do things on demand if you can work that in somehow.
Good luck with the bureaucratic process, I'm looking forward to seeing your instance.
Cheers,
Ronan
-----Oprindelig meddelelse-----
Fra: umlaut-...@googlegroups.com [mailto:umlaut-...@googlegroups.com] På vegne af PHILLIPS M.E.
Sendt: 26. februar 2014 18:47
Til: Ronan McHugh; 'umlaut-...@googlegroups.com'
Emne: RE: Using SFX feedback form
Reply all
Reply to author
Forward
0 new messages